Jump to content

Recommended Posts

Dear  MrCharlie, Experts,

June 11th, 2015 Thursday 9:42pm EST

Dear Expert

I’ve read how you’ve been able to help other people with the same Problem that my Computer has.

I would like to hire you to fix my ERROR that Pop-up every time I start my Microsoft OUTLOOK Program. ( I click OK and the Error doesn’t not Pop-up again till the next time.

It Reads:

 OUTLOOK EXE – Bad Image

(ERROR message than Reads)

The application or DLL C\WINDOWS\System\ MSVIDEO DLL is not a valid Windows image. Please check this against you installation diskette.

 

The same message Pops-Up when I go to make a SYSTEM RESTORE point /or if I try to do a System Restore.  (In Fact it even SHUT DOWN my System Restore from working at all, 2 months ago, till I was able to delete last week the FILE it put in the SYSTEM RESTORE Folder.)

It Reads on top on the blue strip:

Rstruiexe – Bad Image

Than the same message as above ERROR.

 

This ERROR also now is effecting viewing my SYSTEM INFORMATION which sometimes Now won’t open

ERROR Says: helpctr.exe – Bad Image

Than it goes on to say the same as above.

 

I’ve Scanned my Computer, including Root Scan with my Subscribed MALWAREBYTES, Also my free SUPER ANTI-SPYWARE, and also my free AVAST Anti-Virus.

 

I’m running XP Professional, Service Pack 3,

750MB RDRAM

Pentium IIII

Here’s my Contact information and looking forward to talking with you.

Thank you So kindly, LUDWIGS

FAITH HOPE And LOVE,

“IN GOD WE TRUST"            <><.

                            Thomas D ~

                         Thomas D Ludwig

                            252-633-6363

                     tdludwig@suddenlink.net

                  New Bern North Carolina USA

               

 

 

Link to post
Share on other sites

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.





warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.







FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.



  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Dear  Argus

Thank you so much for your help... I've Run the Scans which you've requested and here are the Results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 12-06-2015 00:00:52
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\wab.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)
Filter: text/html - {3d391e7a-8060-461e-9a38-656c5b6b23a0} - C:\WINDOWS\system\MSVIDEO.DLL [2001-08-23] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101
FF Homepage: hxxp://www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @hulu.com/Hulu Desktop -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]
FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]
FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]
CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)
S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-11] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)
R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)
R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]
S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]
S4 hpt3xx; No ImagePath
S3 rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U4 Scsiscan; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 23:59 - 2015-06-12 00:01 - 00000000 ____D C:\FRST
2015-06-11 23:43 - 2015-06-12 00:00 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO
2015-06-07 19:47 - 2015-06-11 03:02 - 00000402 _____ C:\WINDOWS\Tasks\REGSERVO.job
2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk
2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO
2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN
2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h
2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg
2015-06-06 23:13 - 2015-06-06 23:26 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch
2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~
2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes
2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk
2015-06-02 21:48 - 2015-06-02 22:06 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix.txt
2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal.txt
2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #2
2015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data
2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 2
2015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis
2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS
2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da5
2015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner
2015-05-30 23:44 - 2015-06-11 23:24 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL
2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS
2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO
2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis
2015-05-29 23:35 - 2015-05-29 23:36 - 00000000 ____D C:\Program Files\IBP 12
2015-05-29 23:35 - 2015-05-29 23:35 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk
2015-05-29 23:35 - 2015-05-29 23:35 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 12
2015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Program Files\AddWeb8
2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk
2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk
2015-05-27 17:24 - 2015-05-29 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA
2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE  AddWeb 8.0 Deluxe Website Promoter
2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder
2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER
2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}
2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}
2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 00:03 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp
2015-06-11 23:58 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype
2015-06-11 23:55 - 2014-08-13 13:55 - 00000440 _____ C:\WINDOWS\Tasks\At1.job
2015-06-11 23:49 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-11 23:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-11 23:31 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-11 23:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-11 17:55 - 2010-01-10 14:33 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-11 17:54 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-11 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 13:35 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job
2015-06-11 13:00 - 2013-11-11 15:17 - 00000338 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job
2015-06-11 11:12 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-11 11:12 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-11 11:11 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-11 11:11 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job
2015-06-11 11:11 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-11 11:11 - 2013-10-23 10:03 - 00000296 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job
2015-06-11 11:11 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera
2015-06-11 11:11 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-11 11:11 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-11 11:11 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-11 11:10 - 2010-01-10 16:53 - 01508437 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-11 11:09 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-11 11:09 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-11 04:34 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini
2015-06-10 10:06 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-09 21:00 - 2010-01-10 14:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-06-07 20:29 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig
2015-06-07 14:33 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE
2015-06-07 14:33 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration
2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT
2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help
2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins
2015-06-07 14:26 - 2010-07-15 11:14 - 00951738 _____ C:\WINDOWS\setupapi.log
2015-06-07 14:26 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log
2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log
2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log
2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log
2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log
2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log
2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log
2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security
2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox
2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox
2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk
2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox
2015-06-03 00:04 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe
2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI
2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini
2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log
2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk
2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log
2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log
2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log
2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC
2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini
2015-05-29 22:42 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories
2015-05-28 17:12 - 2010-01-10 08:46 - 00000212 __RSH C:\boot.ini
2015-05-28 17:12 - 2001-08-23 08:00 - 00000227 ____N C:\WINDOWS\system.ini
2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite140
2015-05-27 18:55 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP  iBusinessPromoter
2015-05-25 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}
2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk
2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk
2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties
2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass

==================== Files in the root of some directories =======

2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp
2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results
2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML
2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache
2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache
2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache
2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\mun2B6.exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\AdobeFlash_setup [1].exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfatk9m.dll
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\DWPUpgradeInstaller.exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih(1).exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\{AECAB70D-0AF6-477E-822D-B69F35918BB8}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Thomas D Ludwig at 2015-06-12 00:05:39
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-329068152-436374069-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-329068152-436374069-1060284298-1005 - Limited - Enabled)
Guest (S-1-5-21-329068152-436374069-1060284298-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-329068152-436374069-1060284298-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-329068152-436374069-1060284298-1002 - Limited - Disabled)
TDL_OFFICE (S-1-5-21-329068152-436374069-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\TDL_OFFICE
Thomas D Ludwig (S-1-5-21-329068152-436374069-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Thomas D Ludwig

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Com Modem Manager (HKLM\...\3Com Modem Manager) (Version:  - )
ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
AddWeb 8 (HKLM\...\AddWeb 8) (Version: 8.6.3.5 - Cyberspace HQ)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe ActiveShare 1.1 (HKLM\...\Adobe ActiveShare) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 9.4.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
ClearThink (HKLM\...\ClearThink) (Version: 2014.08.13.141025 - ClearThink) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copier 2.0 (HKLM\...\Copier 2.0) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CSE HTML Validator Lite v14.05 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.5.0.0 - AI Internet Solutions LLC)
DFM2HTML (HKLM\...\DFM2HTML) (Version:  - )
DFM2HTML v6.1 (HKLM\...\DFM2HTML v6.1) (Version:  - )
Dropbox (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )
EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )
EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )
EZSuite For EZCam III (HKLM\...\{313aa16e-8c61-410c-a225-917462421659}) (Version: 1.0 - )
EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )
FaxTools eXPert (HKLM\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
FoxTab FLV Player (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\FoxTab FLV Player) (Version:  - ) <==== ATTENTION
FVD Suite 3.0.2 (HKLM\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version:  - flashvideodownloader.org)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)
Hulu Desktop (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
IBP 12.2.1 (HKLM\...\IBP12_is1) (Version: 12.2.1 - Axandra GmbH)
iLinc Client (HKLM\...\uninstall.exe) (Version:  - )
Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
InterVideo WinDVD (HKLM\...\InterVideo WinDVD) (Version:  - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
join.me (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
LinksysDiag (HKLM\...\{9A9412F1-6587-46F4-9689-01E2E38CE5E0}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2000 (HKLM\...\{00100409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )
Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)
Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft PowerPoint 2000 SR-1 (HKLM\...\{00130409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiraScan V3.40 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\MiraScanV3.40) (Version:  - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version:  - )
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Outlook Recovery Toolbox 1.7 (HKLM\...\Outlook Recovery Toolbox_is1) (Version:  - Recovery Toolbox)
Paint Shop Pro 4.12 Shareware (HKLM\...\Paint Shop Pro 4.12 Shareware) (Version:  - )
PhoneTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version:  - )
Presto! ImageFolio LE (HKLM\...\if40leUninstall) (Version:  - )
Presto! PageManager (HKLM\...\PageManager) (Version:  - )
Presto! PageType (HKLM\...\PageType) (Version:  - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
REGSERVO (HKLM\...\REGSERVO_is1) (Version: 2.0.0.7 - TuneUp System Software Pvt Ltd.)
Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version:  - )
ScanButton 2.1 (HKLM\...\ScanButton 2.1) (Version:  - )
SEO PowerSuite (HKLM\...\seopowersuite) (Version:  - )
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)
USB PC Camera (HKLM\...\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Easy Professional (HKLM\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.0 - Avanquest)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WYSIWYG Web Builder 4.3.5  (HKLM\...\WYSIWYG_Web_Builder_2.6) (Version:  - )
Zoom (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{06b5b051-1d05-443d-822f-39ab0d05f018}\InprocServer32 -> C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{0C19B8F4-C6F9-4AB6-B18E-60BA1399C8C0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnypass.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{11216D39-C5CB-41B6-AD5A-E17220E5E524}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{19DB7584-8E4E-11D3-B605-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\fpgoals.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{1C96F515-044F-4B0A-B167-6139D7CDB801}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{33C1974B-2A42-43A6-A376-2B7744C014AE}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mctalk.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{3d391e7a-8060-461e-9a38-656c5b6b23a0}\InprocServer32 -> C:\WINDOWS\system\MSVIDEO.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D0-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D1-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7275AFDF-EF1B-4A2C-B776-3CEE7AE3224E}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{852397B0-DEA0-11D0-8A69-00A0C90C2A42}\InprocServer32 -> C:\Program Files\Microsoft Money\System\aw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622B8-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BA-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BC-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BD-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BF-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %USERPROFILE%\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll No File
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{89603FE2-F04A-4674-A3DD-A8A601014159}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C4865195-8247-47D7-BA9E-BEC1CA480BE5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C525E207-7AEE-11D0-92B4-00C04FD9027E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtsync.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F41311C2-EDBB-4141-810D-2DD7B2C9F46D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\report.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8653-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8654-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyinet.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8655-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtconn.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8657-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8659-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnylog.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofcimp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyonl.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pfplan.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8660-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8661-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8662-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8663-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8664-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8665-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8666-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8668-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8669-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\q2mny.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnycore.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msfdpb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8680-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8681-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8682-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\onlsetup.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8683-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\npc.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF868F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qif.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F647775F-88A4-448A-9A23-ABA428A7E07E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

31-05-2015 23:53:11 System Checkpoint
31-05-2015 23:55:54 After deleting Keys with HiJack This 5-31-2015 Sunday 11:55pm EST ~
01-06-2015 01:42:40 Installed Windows Internet Explorer 8.
04-06-2015 20:37:32 System Checkpoint
07-06-2015 06:36:37 System Checkpoint
07-06-2015 12:44:04 SUNDAY 6-7-2015 12:43pm EST ~
07-06-2015 14:33:16 Restore Operation
07-06-2015 20:18:43 After I installed REGSERVO (DownLoard) 6-7-2015 8:18pm {TDL}.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 08:00 - 2001-08-23 08:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ARO 2013.job => C:\Program Files\ARO 2013\ARO.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\THOMAS~1\APPLIC~1\WSE_Astromenda\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-11 15:34 - 2015-06-11 15:34 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061102\algo.dll
2011-09-04 18:21 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-01-10 03:30 - 2015-01-10 03:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2001-08-23 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2001-08-23 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk => C:\WINDOWS\pss\3Com Modem Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk => C:\WINDOWS\pss\ScanButton 2.1.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk => C:\WINDOWS\pss\SnapDetect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\WINDOWS\pss\MyPC Backup.lnkStartup
MSCONFIG\startupreg: Advanced System Optimizer =>
MSCONFIG\startupreg: Advanced-System Protector_startup =>
MSCONFIG\startupreg: AROReminder =>
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
MSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader =>
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DriverUpdate =>
MSCONFIG\startupreg: IBP => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: LinksysDiag => C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hw
MSCONFIG\startupreg: Malwarebytes' Anti-Malware =>
MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"
MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exe
MSCONFIG\startupreg: NSWosCheck =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSCONFIG\startupreg: StartNowToolbarHelper =>
MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader =>
MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor =>

 

Link to post
Share on other sites

Dear  Argus

Thank you so much for your help... I've Run the Scans which you've requested and here are the Results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015

Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 12-06-2015 00:00:52

Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool

Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE

(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe

(Microsoft Corporation) C:\Program Files\Outlook Express\wab.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)

HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled

ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=

SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716

BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)

BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)

BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)

BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)

BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)

Filter: text/html - {3d391e7a-8060-461e-9a38-656c5b6b23a0} - C:\WINDOWS\system\MSVIDEO.DLL [2001-08-23] (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101

FF Homepage: hxxp://www.foxnews.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)

FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @hulu.com/Hulu Desktop -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)

FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)

FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]

FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]

FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]

FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]

Chrome:

=======

CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]

CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]

CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]

CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]

CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]

CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]

CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]

CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]

CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]

CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]

CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)

S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)

R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)

S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()

S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)

R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)

S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]

S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()

R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)

R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-11] (Malwarebytes Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]

R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )

S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)

R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)

R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)

R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]

S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]

S4 hpt3xx; No ImagePath

S3 rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U4 Scsiscan; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 23:59 - 2015-06-12 00:01 - 00000000 ____D C:\FRST

2015-06-11 23:43 - 2015-06-12 00:00 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool

2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO

2015-06-07 19:47 - 2015-06-11 03:02 - 00000402 _____ C:\WINDOWS\Tasks\REGSERVO.job

2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk

2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO

2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO

2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone

2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN

2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h

2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg

2015-06-06 23:13 - 2015-06-06 23:26 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch

2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~

2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes

2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk

2015-06-02 21:48 - 2015-06-02 22:06 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix.txt

2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal.txt

2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #2

2015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data

2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 2

2015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis

2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS

2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da5

2015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner

2015-05-30 23:44 - 2015-06-11 23:24 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job

2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL

2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS

2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO

2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis

2015-05-29 23:35 - 2015-05-29 23:36 - 00000000 ____D C:\Program Files\IBP 12

2015-05-29 23:35 - 2015-05-29 23:35 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk

2015-05-29 23:35 - 2015-05-29 23:35 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 12

2015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Program Files\AddWeb8

2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk

2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk

2015-05-27 17:24 - 2015-05-29 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA

2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE  AddWeb 8.0 Deluxe Website Promoter

2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder

2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER

2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}

2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}

2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 00:03 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp

2015-06-11 23:58 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype

2015-06-11 23:55 - 2014-08-13 13:55 - 00000440 _____ C:\WINDOWS\Tasks\At1.job

2015-06-11 23:49 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2015-06-11 23:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-11 23:31 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-11 23:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-06-11 17:55 - 2010-01-10 14:33 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt

2015-06-11 17:54 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl

2015-06-11 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-11 13:35 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job

2015-06-11 13:00 - 2013-11-11 15:17 - 00000338 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job

2015-06-11 11:12 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-11 11:12 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-06-11 11:11 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-11 11:11 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job

2015-06-11 11:11 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2015-06-11 11:11 - 2013-10-23 10:03 - 00000296 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job

2015-06-11 11:11 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera

2015-06-11 11:11 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-11 11:11 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-11 11:11 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log

2015-06-11 11:10 - 2010-01-10 16:53 - 01508437 _____ C:\WINDOWS\WindowsUpdate.log

2015-06-11 11:09 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-06-11 11:09 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log

2015-06-11 04:34 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini

2015-06-10 10:06 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-09 21:00 - 2010-01-10 14:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp

2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2015-06-07 20:29 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig

2015-06-07 14:33 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE

2015-06-07 14:33 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator

2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService

2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService

2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games

2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration

2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT

2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv

2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help

2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins

2015-06-07 14:26 - 2010-07-15 11:14 - 00951738 _____ C:\WINDOWS\setupapi.log

2015-06-07 14:26 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp

2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log

2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log

2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log

2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log

2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log

2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log

2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log

2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security

2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox

2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox

2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk

2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox

2015-06-03 00:04 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe

2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI

2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini

2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew

2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log

2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk

2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log

2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log

2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log

2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore

2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC

2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini

2015-05-29 22:42 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories

2015-05-28 17:12 - 2010-01-10 08:46 - 00000212 __RSH C:\boot.ini

2015-05-28 17:12 - 2001-08-23 08:00 - 00000227 ____N C:\WINDOWS\system.ini

2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite140

2015-05-27 18:55 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP  iBusinessPromoter

2015-05-25 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}

2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk

2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk

2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini

2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties

2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass

==================== Files in the root of some directories =======

2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp

2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results

2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML

2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache

2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache

2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache

2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

Some files in TEMP:

====================

C:\Documents and Settings\Administrator\Local Settings\Temp\mun2B6.exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\AdobeFlash_setup [1].exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfatk9m.dll

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\DWPUpgradeInstaller.exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih(1).exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih.exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\jre-8u45-windows-au.exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\SkypeSetup.exe

C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\{AECAB70D-0AF6-477E-822D-B69F35918BB8}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015

Ran by Thomas D Ludwig at 2015-06-12 00:05:39

Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-329068152-436374069-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-329068152-436374069-1060284298-1005 - Limited - Enabled)

Guest (S-1-5-21-329068152-436374069-1060284298-501 - Limited - Enabled)

HelpAssistant (S-1-5-21-329068152-436374069-1060284298-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-329068152-436374069-1060284298-1002 - Limited - Disabled)

TDL_OFFICE (S-1-5-21-329068152-436374069-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\TDL_OFFICE

Thomas D Ludwig (S-1-5-21-329068152-436374069-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Thomas D Ludwig

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Com Modem Manager (HKLM\...\3Com Modem Manager) (Version:  - )

ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version:  - )

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden

AddWeb 8 (HKLM\...\AddWeb 8) (Version: 8.6.3.5 - Cyberspace HQ)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)

Adobe ActiveShare 1.1 (HKLM\...\Adobe ActiveShare) (Version:  - )

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Reader 9.4.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)

Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Akamai NetSession Interface (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Akamai) (Version:  - Akamai Technologies, Inc)

Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)

Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)

Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)

ClearThink (HKLM\...\ClearThink) (Version: 2014.08.13.141025 - ClearThink) <==== ATTENTION

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Copier 2.0 (HKLM\...\Copier 2.0) (Version:  - )

Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)

CSE HTML Validator Lite v14.05 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.5.0.0 - AI Internet Solutions LLC)

DFM2HTML (HKLM\...\DFM2HTML) (Version:  - )

DFM2HTML v6.1 (HKLM\...\DFM2HTML v6.1) (Version:  - )

Dropbox (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)

EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )

EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )

EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )

EZSuite For EZCam III (HKLM\...\{313aa16e-8c61-410c-a225-917462421659}) (Version: 1.0 - )

EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )

FaxTools eXPert (HKLM\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)

FoxTab FLV Player (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\FoxTab FLV Player) (Version:  - ) <==== ATTENTION

FVD Suite 3.0.2 (HKLM\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version:  - flashvideodownloader.org)

Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden

GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)

Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)

Hulu Desktop (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)

IBP 12.2.1 (HKLM\...\IBP12_is1) (Version: 12.2.1 - Axandra GmbH)

iLinc Client (HKLM\...\uninstall.exe) (Version:  - )

Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)

InterVideo WinDVD (HKLM\...\InterVideo WinDVD) (Version:  - )

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

join.me (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)

LinksysDiag (HKLM\...\{9A9412F1-6587-46F4-9689-01E2E38CE5E0}) (Version:  - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Access 2000 (HKLM\...\{00100409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )

Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)

Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft PowerPoint 2000 SR-1 (HKLM\...\{00130409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MiraScan V3.40 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\MiraScanV3.40) (Version:  - )

Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

OLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version:  - )

Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)

Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)

Outlook Recovery Toolbox 1.7 (HKLM\...\Outlook Recovery Toolbox_is1) (Version:  - Recovery Toolbox)

Paint Shop Pro 4.12 Shareware (HKLM\...\Paint Shop Pro 4.12 Shareware) (Version:  - )

PhoneTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version:  - )

Presto! ImageFolio LE (HKLM\...\if40leUninstall) (Version:  - )

Presto! PageManager (HKLM\...\PageManager) (Version:  - )

Presto! PageType (HKLM\...\PageType) (Version:  - )

QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

REGSERVO (HKLM\...\REGSERVO_is1) (Version: 2.0.0.7 - TuneUp System Software Pvt Ltd.)

Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version:  - )

ScanButton 2.1 (HKLM\...\ScanButton 2.1) (Version:  - )

SEO PowerSuite (HKLM\...\seopowersuite) (Version:  - )

Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Tuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)

USB PC Camera (HKLM\...\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}) (Version:  - )

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Web Easy Professional (HKLM\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.0 - Avanquest)

WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden

Window Washer (HKLM\...\Window Washer) (Version:  - )

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

WYSIWYG Web Builder 4.3.5  (HKLM\...\WYSIWYG_Web_Builder_2.6) (Version:  - )

Zoom (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{06b5b051-1d05-443d-822f-39ab0d05f018}\InprocServer32 -> C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll No File

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{0C19B8F4-C6F9-4AB6-B18E-60BA1399C8C0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnypass.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{11216D39-C5CB-41B6-AD5A-E17220E5E524}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{19DB7584-8E4E-11D3-B605-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\fpgoals.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{1C96F515-044F-4B0A-B167-6139D7CDB801}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{33C1974B-2A42-43A6-A376-2B7744C014AE}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mctalk.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{3d391e7a-8060-461e-9a38-656c5b6b23a0}\InprocServer32 -> C:\WINDOWS\system\MSVIDEO.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D0-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D1-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7275AFDF-EF1B-4A2C-B776-3CEE7AE3224E}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{852397B0-DEA0-11D0-8A69-00A0C90C2A42}\InprocServer32 -> C:\Program Files\Microsoft Money\System\aw.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622B8-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BA-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BC-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BD-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BF-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %USERPROFILE%\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll No File

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{89603FE2-F04A-4674-A3DD-A8A601014159}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C4865195-8247-47D7-BA9E-BEC1CA480BE5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C525E207-7AEE-11D0-92B4-00C04FD9027E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtsync.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F41311C2-EDBB-4141-810D-2DD7B2C9F46D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\report.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8653-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8654-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyinet.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8655-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtconn.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8657-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8659-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnylog.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofcimp.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyonl.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pfplan.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8660-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8661-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8662-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8663-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8664-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8665-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8666-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8668-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8669-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\q2mny.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnycore.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msfdpb.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofx.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8680-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8681-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8682-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\onlsetup.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8683-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\npc.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF868F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qif.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F647775F-88A4-448A-9A23-ABA428A7E07E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

31-05-2015 23:53:11 System Checkpoint

31-05-2015 23:55:54 After deleting Keys with HiJack This 5-31-2015 Sunday 11:55pm EST ~

01-06-2015 01:42:40 Installed Windows Internet Explorer 8.

04-06-2015 20:37:32 System Checkpoint

07-06-2015 06:36:37 System Checkpoint

07-06-2015 12:44:04 SUNDAY 6-7-2015 12:43pm EST ~

07-06-2015 14:33:16 Restore Operation

07-06-2015 20:18:43 After I installed REGSERVO (DownLoard) 6-7-2015 8:18pm {TDL}.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 08:00 - 2001-08-23 08:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\ARO 2013.job => C:\Program Files\ARO 2013\ARO.exe

Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\THOMAS~1\APPLIC~1\WSE_Astromenda\UpdateProc\UpdateTask.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupdate.exe

Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupload.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exe

Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job => C:\Program Files\Opera\launcher.exe

Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-11 15:34 - 2015-06-11 15:34 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061102\algo.dll

2011-09-04 18:21 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2015-01-10 03:30 - 2015-01-10 03:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2001-08-23 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll

2001-08-23 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf:com.dropbox.attributes

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt:com.dropbox.attributes

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformation

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformation

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformation

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi:com.dropbox.attributes

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributes

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk => C:\WINDOWS\pss\3Com Modem Manager.lnkCommon Startup

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk => C:\WINDOWS\pss\ScanButton 2.1.lnkCommon Startup

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk => C:\WINDOWS\pss\SnapDetect.lnkCommon Startup

MSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup

MSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\WINDOWS\pss\MyPC Backup.lnkStartup

MSCONFIG\startupreg: Advanced System Optimizer =>

MSCONFIG\startupreg: Advanced-System Protector_startup =>

MSCONFIG\startupreg: AROReminder =>

MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

MSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h

MSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader =>

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: DriverUpdate =>

MSCONFIG\startupreg: IBP => "C:\Program Files\QuickTime\qttask.exe" -atboottime

MSCONFIG\startupreg: LinksysDiag => C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hw

MSCONFIG\startupreg: Malwarebytes' Anti-Malware =>

MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"

MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exe

MSCONFIG\startupreg: NSWosCheck =>

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

MSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

MSCONFIG\startupreg: StartNowToolbarHelper =>

MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader =>

MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor =>

 

==================== FirewallRules (Whitelisted) ===============

Argus,

There's more but I don't know how to add it as it said m POST is to long.

Thomas ~

Link to post
Share on other sites

FRST.gif FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 the same way:

  • Copy MSVIDEO DLL into the Search: field in FRST then click the Search Files button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.

 

 

 

 

 

OK, those files are OK, not to worry about them.

Download REGSEARCH from one of the links below:

 

 

http://download.bleepingcomputer.com/steelwerx/regsearch.zip

 

 

Download and extract the contents of the zip file.
Double-click the icon for RegSearch.exe to launch the program.
Enter a string to search for and click "OK".

11d3a0e3-9aa8-49cb-929c-1cd939610ad7 <-----enter this

After completion Notepad will be opened with all the found instances of the string.
The resulting file is saved in the same location as RegSearch.exe.

Link to post
Share on other sites

ARGUS these are other reports that you didn't receive yet:

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Akamai\netsession_win.exe] => :LocalSubNet:Disabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\7zS33.tmp\SymNRT.exe] => :LocalSubNet:Disabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office\1033\WFXMSRVR.EXE] => :LocalSubNet:Disabled:WFXMSRVR
StandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe] => :LocalSubNet:Disabled:Octoshape add-in for Adobe Flash Player
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Disabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\WebEasyUpdater.exe] => Enabled:WebEasy Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\WebEasy.exe] => Enabled:WebEasy Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\vcomFtp.exe] => Enabled:WebEasy FtpMax
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\Zoom.exe] => Disabled:Zoom
StandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest\Web Easy Professional 10\WebEasy.exe] => Enabled:Web Easy Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => :LocalSubNet:Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => :LocalSubNet:Disabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\Website Host\WebEasySite\WEHostPublishWizard.exe] => Disabled:WebEasy Host Publishing Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom iLine10 Network Adapter
Description: Broadcom iLine10 Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM42XX
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: 3Com
Service: EL90XBC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2015 06:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/09/2015 11:12:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/09/2015 04:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/08/2015 11:04:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/08/2015 01:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/07/2015 06:45:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/07/2015 06:37:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (06/12/2015 00:55:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 11:55:01 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 10:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 09:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 08:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 07:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 06:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 05:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 04:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2015 03:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403


Microsoft Office:
=========================
Error: (06/10/2015 06:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE9.0.0.2416hungapp0.0.0.000000000

Error: (06/09/2015 11:12:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1

Error: (06/09/2015 04:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1

Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000

Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000

Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000

Error: (06/08/2015 11:04:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000

Error: (06/08/2015 01:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1

Error: (06/07/2015 06:45:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000

Error: (06/07/2015 06:37:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 1400MHz
Percentage of memory in use: 80%
Total physical RAM: 767.07 MB
Available physical RAM: 148.04 MB
Total Pagefile: 1877.77 MB
Available Pagefile: 836.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126 GB) (Free:81.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA STORAGE) (Fixed) (Total:70.02 GB) (Free:69.93 GB) NTFS
Drive e: (MOVIES) (Fixed) (Total:29.29 GB) (Free:29.23 GB) NTFS
Drive f: (PICTURES) (Fixed) (Total:7.57 GB) (Free:7.52 GB) NTFS
Drive z: () (Network) (Total:126 GB) (Free:81.59 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.9 GB) - (Type=OF Extended)

==================== End of log ============================

 

==========================================================================

ARGUS here's the first one MSVIDEO DLL

Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Thomas D Ludwig at 2015-06-12 01:51:32
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
Boot Mode: Normal

================== Search Files: "MSVIDEO DLL" =============

====== End of Search ======

REGSEARCH

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/12/2015 2:00:24 AM for strings:
;  '11d3a0e3-9aa8-49cb-929c-1cd939610ad7'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data  
; HKEY_LOCAL_MACHINE  HKEY_USERS  


; End Of The Log...

Argus after this I'm going to have to go to Sleep.  Talk to you tomorrow and Thank you So kindly.

Thomas D ~

Link to post
Share on other sites

Okay,

 

 

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

Link to post
Share on other sites

June 13th, 2015 Saturday 11:26am EST ~

Dear Argus here are the ComboFix LOGS.

 

ComboFix 15-06-09.01 - Thomas D Ludwig 06/13/2015   9:56.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.420 [GMT -4:00]
Running from: c:\documents and settings\Thomas D Ludwig\Desktop\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\Thomas D Ludwig\g2mdlhlpx.exe
c:\documents and settings\Thomas D Ludwig\WINDOWS
C:\END
c:\program files\NewPlayer
c:\program files\NewPlayer\LANGUAGES\Arabic.ini
c:\program files\NewPlayer\LANGUAGES\Bulgarian.ini
c:\program files\NewPlayer\LANGUAGES\Catalan.ini
c:\program files\NewPlayer\LANGUAGES\ChineseS.ini
c:\program files\NewPlayer\LANGUAGES\ChineseT.ini
c:\program files\NewPlayer\LANGUAGES\Czech.ini
c:\program files\NewPlayer\LANGUAGES\Danish.ini
c:\program files\NewPlayer\LANGUAGES\Dutch.ini
c:\program files\NewPlayer\LANGUAGES\Estonian.ini
c:\program files\NewPlayer\LANGUAGES\Finnish.ini
c:\program files\NewPlayer\LANGUAGES\French.ini
c:\program files\NewPlayer\LANGUAGES\Greek.ini
c:\program files\NewPlayer\LANGUAGES\HaitianCreole.ini
c:\program files\NewPlayer\LANGUAGES\Hebrew.ini
c:\program files\NewPlayer\LANGUAGES\Hindi.ini
c:\program files\NewPlayer\LANGUAGES\Hungarian.ini
c:\program files\NewPlayer\LANGUAGES\Italian.ini
c:\program files\NewPlayer\LANGUAGES\Japanese.ini
c:\program files\NewPlayer\LANGUAGES\Korean.ini
c:\program files\NewPlayer\LANGUAGES\Latvian.ini
c:\program files\NewPlayer\LANGUAGES\Lithuanian.ini
c:\program files\NewPlayer\LANGUAGES\Norwegian.ini
c:\program files\NewPlayer\LANGUAGES\Polish.ini
c:\program files\NewPlayer\LANGUAGES\Portuguese.ini
c:\program files\NewPlayer\LANGUAGES\Romanian.ini
c:\program files\NewPlayer\LANGUAGES\Russian.ini
c:\program files\NewPlayer\LANGUAGES\Slovak.ini
c:\program files\NewPlayer\LANGUAGES\Spanish.ini
c:\program files\NewPlayer\LANGUAGES\Swedish.ini
c:\program files\NewPlayer\LANGUAGES\Thai.ini
c:\program files\NewPlayer\LANGUAGES\Turkish.ini
c:\program files\NewPlayer\LANGUAGES\Ukrainian.ini
c:\program files\NewPlayer\LANGUAGES\Vietnamese.ini
c:\program files\NewPlayer\NewPlayerUpdaterService.InstallState
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\~GLC0000.TMP
c:\windows\EventSystem.log
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\system32\AdobePDF.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\regobj.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\tbc23.tmp
c:\windows\system32\tbc24.tmp
c:\windows\system32\tbc35.tmp
c:\windows\system32\tbc6C.tmp
c:\windows\system32\tbc6D.tmp
c:\windows\system32\tbc6E.tmp
c:\windows\system32\tbc93.tmp
c:\windows\system32\tbc95.tmp
c:\windows\system32\tbcB6.tmp
c:\windows\system32\tbcC4.tmp
c:\windows\system32\twain.dll
c:\windows\wininit.ini
c:\windows\wmsysprx.prx
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-13 to 2015-06-13  )))))))))))))))))))))))))))))))
.
.
2015-06-13 14:20 . 2015-06-13 14:20    63115    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2015-06-13 14:20 . 2015-06-13 14:20    4599    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2015-06-13 14:20 . 2015-06-13 14:20    8646    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2015-06-13 14:20 . 2015-06-13 14:20    6429    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2015-06-13 14:20 . 2015-06-13 14:20    9310    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2015-06-13 14:20 . 2015-06-13 14:20    5927    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2015-06-13 14:20 . 2015-06-13 14:20    8613    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2015-06-13 14:20 . 2015-06-13 14:20    1651    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2015-06-13 14:20 . 2015-06-13 14:20    6910    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2015-06-13 14:20 . 2015-06-13 14:20    8288    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2015-06-13 14:20 . 2015-06-13 14:20    6208    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2015-06-13 14:20 . 2015-06-13 14:20    18541    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2015-06-13 14:19 . 2015-06-13 14:19    51852    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2015-06-13 14:19 . 2015-06-13 14:19    20719    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2015-06-13 14:19 . 2015-06-13 14:19    23327    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2015-06-13 14:19 . 2015-06-13 14:19    7271    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2015-06-12 03:59 . 2015-06-12 05:40    --------    d-----w-    C:\FRST
2015-06-07 23:47 . 2015-06-11 07:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\REGSERVO
2015-06-07 23:47 . 2015-06-07 23:47    --------    d-----w-    c:\program files\REGSERVO
2015-06-07 18:33 . 2015-06-07 18:33    --------    d-----w-    c:\windows\system32\wbem\Repository
2015-06-07 18:29 . 2015-06-07 18:29    63115    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\USERTILE.JS
2015-06-07 18:29 . 2015-06-07 18:29    4599    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UIRESOURCE.JS
2015-06-07 18:29 . 2015-06-07 18:29    9310    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXTBOX.JS
2015-06-07 18:29 . 2015-06-07 18:29    8646    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TILEBOX.JS
2015-06-07 18:29 . 2015-06-07 18:29    6429    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UICORE.JS
2015-06-07 18:29 . 2015-06-07 18:29    5927    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXT.JS
2015-06-07 18:29 . 2015-06-07 18:29    8613    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\SAVEDUSER.JS
2015-06-07 18:29 . 2015-06-07 18:29    1651    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\QUERYSTRING.JS
2015-06-07 18:29 . 2015-06-07 18:29    6910    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\NEWUSERCOMM.JS
2015-06-07 18:29 . 2015-06-07 18:29    6208    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LINK.JS
2015-06-07 18:29 . 2015-06-07 18:29    18541    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LOCALIZATION.JS
2015-06-07 18:29 . 2015-06-07 18:29    8288    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\IMAGE.JS
2015-06-07 18:28 . 2015-06-07 18:28    51852    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\EXTERNALWRAPPER.JS
2015-06-07 18:28 . 2015-06-07 18:28    20719    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\DIVWRAPPER.JS
2015-06-07 18:28 . 2015-06-07 18:28    23327    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\COMBOBOX.JS
2015-06-07 18:28 . 2015-06-07 18:28    7271    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\CHECKBOX.JS
2015-06-07 18:28 . 2015-06-07 18:28    8782    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\BUTTON.JS
2015-06-01 13:26 . 2009-08-18 16:32    403840    ----a-w-    c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2015-05-30 03:35 . 2015-05-30 03:36    --------    d-----w-    c:\program files\IBP 12
2015-05-30 02:42 . 2015-05-30 02:43    --------    d-----w-    c:\program files\AddWeb8
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-13 08:21 . 2015-01-08 23:53    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 19:18 . 2015-03-16 04:52    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-09 19:18 . 2015-03-16 04:52    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-25 12:26 . 2015-04-25 12:16    114904    ----a-w-    c:\windows\system32\drivers\6AD26103.sys
2013-02-15 19:45 . 2013-02-15 19:45    0    ----a-w-    c:\program files\GUM6F.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-10 07:30    723976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-28 6714136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 5227112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-08-23 295512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\3Com Modem Manager.lnk
backup=c:\windows\pss\3Com Modem Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScanButton 2.1.lnk
backup=c:\windows\pss\ScanButton 2.1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk
backup=c:\windows\pss\SnapDetect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Optimizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced-System Protector_startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BringMeSports_1c Browser Plugin Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LinksysDiag]
c:\program files\Linksys\LinksysDiag\LinksysDiag [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartNowToolbarHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Browser Plugin Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Search Scope Monitor
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08    1259376    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
2012-10-25 07:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2000-07-19 14:00    176183    ----a-w-    c:\program files\Microsoft Money\System\Money Express.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp]
2000-07-19 14:00    24625    ----a-w-    c:\program files\Microsoft Money\System\Money Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 07:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2014-01-09 11:18    6434176    ----a-w-    c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Zoom\\bin\\Zoom.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 10\\WebEasy.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/10/2015 3:31 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/10/2015 3:31 AM 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1/10/2015 3:31 AM 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/10/2015 3:31 AM 423784]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [10/19/2011 10:57 AM 18432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1/10/2015 3:31 AM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1/10/2015 3:31 AM 73480]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/16/2010 9:00 PM 8568]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [10/23/2013 10:02 AM 792608]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
R2 VS3COM;3Com Serial Port Driver;c:\program files\3Com\ModemMgr\Program\Vs3Com.sys [1/15/2010 3:26 PM 12544]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/16/2010 1:14 PM 388936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/8/2015 7:52 PM 23256]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/14/2010 1:13 PM 163376]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/14/2010 1:16 PM 498592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/8/2015 7:52 PM 969016]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [1/10/2010 8:50 AM 54271]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/16/2010 9:00 PM 11351]
S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [10/23/2013 10:02 AM 1147424]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/7/2014 3:48 AM 12288]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [1/8/2015 7:53 PM 114904]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [1/16/2010 9:00 PM 15360]
S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [10/23/2013 10:02 AM 1160224]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [8/25/2014 12:31 PM 19232]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [1/8/2015 7:52 PM 1871160]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-09 22:51    986440    ----a-w-    c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16 19:18]
.
2015-06-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-10 07:30]
.
2015-06-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31 03:43]
.
2015-06-13 c:\windows\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31 03:43]
.
2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16]
.
2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16]
.
2015-06-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-14 01:59]
.
2015-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-14 01:59]
.
2015-06-13 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-10-23 03:55]
.
2015-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1410845932.job
- c:\program files\Opera\launcher.exe [2014-09-16 09:07]
.
2015-05-25 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 19:19]
.
2015-06-13 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19]
.
2015-06-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19]
.
2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-06-11 c:\windows\Tasks\REGSERVO.job
- c:\program files\REGSERVO\REGSERVO.exe [2015-06-07 18:35]
.
2015-06-11 c:\windows\Tasks\SpeedDiskSchedule.job
- c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2013-10-23 02:50]
.
2015-06-13 c:\windows\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
uInternet Settings,ProxyOverride = <-loopback>;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: cyberspacehq.com
TCP: Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\documents and settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-IBP - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-BringMeSports Search Scope Monitor - c:\progra~1\BRINGM~2\bar\1.bin\1csrchmn.exe
AddRemove-WYSIWYG_Web_Builder_2.6 - c:\windows\iun6002.exe
AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-06-13 10:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-06-13  10:31:08 - machine was rebooted
ComboFix-quarantined-files.txt  2015-06-13 14:31
.
Pre-Run: 87,096,643,584 bytes free
Post-Run: 87,856,988,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 6D2F9DC4280152BD6232D6265C0AF23B
8F558EB6672622401DA993E1E865C861
 

Thank you So kindly,

God Bless,

Thomas ~

 

.

Link to post
Share on other sites

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.  
3. Open notepad and copy/paste the text in the quotebox below into it:

File::c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnkc:\windows\pss\MyPC Backup.lnkStartupRegistry::[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]path=-backup=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

 

****************************************************************************************************************************************

 

 

 

 

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please include their content into your next reply.

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.  

3. Open notepad and copy/paste the text in the quotebox below into it:

 

File::c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnkc:\windows\pss\MyPC Backup.lnkStartupRegistry::[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]path=-backup=-
Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

 

****************************************************************************************************************************************

 

 

 

 

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

June 13th, 2015 Saturday 3:28pm EST ~

Dear ARGUS here's the 2 REPORTS completed.

 

ComboFix 15-06-09.01 - Thomas D Ludwig 06/13/2015  14:17:35.2.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.293 [GMT -4:00]

Running from: c:\documents and settings\Thomas D Ludwig\Desktop\ComboFix\ComboFix.exe

Command switches used :: c:\documents and settings\Thomas D Ludwig\Desktop\ComboFix\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

FILE ::

"c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnk"

"c:\windows\pss\MyPC Backup.lnkStartup"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\pss\MyPC Backup.lnkStartup

.

.

(((((((((((((((((((((((((   Files Created from 2015-05-13 to 2015-06-13  )))))))))))))))))))))))))))))))

.

.

2015-06-13 14:20 . 2015-06-13 14:20    63115    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2015-06-13 14:20 . 2015-06-13 14:20    4599    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2015-06-13 14:20 . 2015-06-13 14:20    8646    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2015-06-13 14:20 . 2015-06-13 14:20    6429    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2015-06-13 14:20 . 2015-06-13 14:20    9310    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2015-06-13 14:20 . 2015-06-13 14:20    5927    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2015-06-13 14:20 . 2015-06-13 14:20    8613    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2015-06-13 14:20 . 2015-06-13 14:20    1651    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2015-06-13 14:20 . 2015-06-13 14:20    6910    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2015-06-13 14:20 . 2015-06-13 14:20    8288    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2015-06-13 14:20 . 2015-06-13 14:20    6208    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2015-06-13 14:20 . 2015-06-13 14:20    18541    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2015-06-13 14:19 . 2015-06-13 14:19    51852    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2015-06-13 14:19 . 2015-06-13 14:19    20719    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2015-06-13 14:19 . 2015-06-13 14:19    23327    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2015-06-13 14:19 . 2015-06-13 14:19    7271    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2015-06-13 14:19 . 2015-06-13 14:19    8782    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2015-06-12 03:59 . 2015-06-12 05:40    --------    d-----w-    C:\FRST

2015-06-07 23:47 . 2015-06-11 07:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\REGSERVO

2015-06-07 23:47 . 2015-06-07 23:47    --------    d-----w-    c:\program files\REGSERVO

2015-06-07 18:33 . 2015-06-07 18:33    --------    d-----w-    c:\windows\system32\wbem\Repository

2015-06-07 18:29 . 2015-06-07 18:29    63115    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\USERTILE.JS

2015-06-07 18:29 . 2015-06-07 18:29    4599    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UIRESOURCE.JS

2015-06-07 18:29 . 2015-06-07 18:29    9310    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXTBOX.JS

2015-06-07 18:29 . 2015-06-07 18:29    8646    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TILEBOX.JS

2015-06-07 18:29 . 2015-06-07 18:29    6429    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UICORE.JS

2015-06-07 18:29 . 2015-06-07 18:29    5927    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXT.JS

2015-06-07 18:29 . 2015-06-07 18:29    8613    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\SAVEDUSER.JS

2015-06-07 18:29 . 2015-06-07 18:29    1651    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\QUERYSTRING.JS

2015-06-07 18:29 . 2015-06-07 18:29    6910    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\NEWUSERCOMM.JS

2015-06-07 18:29 . 2015-06-07 18:29    6208    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LINK.JS

2015-06-07 18:29 . 2015-06-07 18:29    18541    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LOCALIZATION.JS

2015-06-07 18:29 . 2015-06-07 18:29    8288    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\IMAGE.JS

2015-06-07 18:28 . 2015-06-07 18:28    51852    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\EXTERNALWRAPPER.JS

2015-06-07 18:28 . 2015-06-07 18:28    20719    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\DIVWRAPPER.JS

2015-06-07 18:28 . 2015-06-07 18:28    23327    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\COMBOBOX.JS

2015-06-07 18:28 . 2015-06-07 18:28    7271    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\CHECKBOX.JS

2015-06-07 18:28 . 2015-06-07 18:28    8782    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\BUTTON.JS

2015-06-01 13:26 . 2009-08-18 16:32    403840    ----a-w-    c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

2015-05-30 03:35 . 2015-05-30 03:36    --------    d-----w-    c:\program files\IBP 12

2015-05-30 02:42 . 2015-05-30 02:43    --------    d-----w-    c:\program files\AddWeb8

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-06-13 14:59 . 2015-01-08 23:53    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-06-09 19:18 . 2015-03-16 04:52    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe

2015-06-09 19:18 . 2015-03-16 04:52    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2015-04-25 12:26 . 2015-04-25 12:16    114904    ----a-w-    c:\windows\system32\drivers\6AD26103.sys

2013-02-15 19:45 . 2013-02-15 19:45    0    ----a-w-    c:\program files\GUM6F.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12    152544    ----a-w-    c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2015-01-10 07:30    723976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-28 6714136]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 5227112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-08-23 295512]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]

"nwiz"="nwiz.exe" [2003-10-06 741376]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\3Com Modem Manager.lnk

backup=c:\windows\pss\3Com Modem Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScanButton 2.1.lnk

backup=c:\windows\pss\ScanButton 2.1.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk

backup=c:\windows\pss\SnapDetect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]

path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnk

backup=c:\windows\pss\MyPC Backup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LinksysDiag]

c:\program files\Linksys\LinksysDiag\LinksysDiag [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08    1259376    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]

2012-10-25 07:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2000-07-19 14:00    176183    ----a-w-    c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp]

2000-07-19 14:00    24625    ----a-w-    c:\program files\Microsoft Money\System\Money Startup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 07:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

2014-01-09 11:18    6434176    ----a-w-    c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Zoom\\bin\\Zoom.exe"=

"c:\\Program Files\\Avanquest\\Web Easy Professional 10\\WebEasy.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/10/2015 3:31 AM 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/10/2015 3:31 AM 206248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1/10/2015 3:31 AM 787800]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/10/2015 3:31 AM 423784]

R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [10/19/2011 10:57 AM 18432]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1/10/2015 3:31 AM 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1/10/2015 3:31 AM 73480]

R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/16/2010 9:00 PM 8568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/8/2015 7:52 PM 969016]

R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [10/23/2013 10:02 AM 792608]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]

R2 VS3COM;3Com Serial Port Driver;c:\program files\3Com\ModemMgr\Program\Vs3Com.sys [1/15/2010 3:26 PM 12544]

R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/16/2010 1:14 PM 388936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/8/2015 7:52 PM 23256]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [1/8/2015 7:53 PM 114904]

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/14/2010 1:13 PM 163376]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/14/2010 1:16 PM 498592]

R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [1/8/2015 7:52 PM 1871160]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]

S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [1/10/2010 8:50 AM 54271]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/16/2010 9:00 PM 11351]

S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [10/23/2013 10:02 AM 1147424]

S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/7/2014 3:48 AM 12288]

S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [1/16/2010 9:00 PM 15360]

S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [10/23/2013 10:02 AM 1160224]

S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [8/25/2014 12:31 PM 19232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-06-09 22:51    986440    ----a-w-    c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16 19:18]

.

2015-06-13 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-10 07:30]

.

2015-06-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31 03:43]

.

2015-06-13 c:\windows\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31 03:43]

.

2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16]

.

2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16]

.

2015-06-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-07-14 01:59]

.

2015-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-07-14 01:59]

.

2015-06-13 c:\windows\Tasks\NUAutoUpdate.job

- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-10-23 03:55]

.

2015-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1410845932.job

- c:\program files\Opera\launcher.exe [2014-09-16 09:07]

.

2015-05-25 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 19:19]

.

2015-06-13 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19]

.

2015-06-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19]

.

2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2015-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2015-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2015-06-11 c:\windows\Tasks\REGSERVO.job

- c:\program files\REGSERVO\REGSERVO.exe [2015-06-07 18:35]

.

2015-06-13 c:\windows\Tasks\SpeedDiskSchedule.job

- c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2013-10-23 02:50]

.

2015-06-13 c:\windows\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

mStart Page = https://www.yahoo.com/?fr=hp-avast&type=agc511

mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511

uInternet Settings,ProxyOverride = <-loopback>;<local>

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: cyberspacehq.com

TCP: Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FF - ProfilePath - c:\documents and settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2015-06-13 14:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ...

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2015-06-13  14:39:53

ComboFix-quarantined-files.txt  2015-06-13 18:39

ComboFix2.txt  2015-06-13 14:31

.

Pre-Run: 87,836,815,360 bytes free

Post-Run: 87,818,809,344 bytes free

.

- - End Of File - - A42063F5311CF12432718D0FC7F6E7D2

8F558EB6672622401DA993E1E865C861

 

#2.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015

Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 13-06-2015 15:14:01

Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool

Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe

(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)

HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled

ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=

SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716

BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)

BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)

BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)

BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)

BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101

FF Homepage: hxxp://www.foxnews.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)

FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @hulu.com/Hulu Desktop -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)

FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)

FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]

FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]

FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]

FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]

Chrome:

=======

CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]

CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]

CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]

CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]

CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]

CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]

CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]

CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]

CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]

CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]

CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)

S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)

R4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)

R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)

S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()

S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)

R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)

S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]

S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()

R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)

R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-13] (Malwarebytes Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]

R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )

S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)

R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)

R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)

R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]

S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]

R3 catchme; \??\C:\ComboFix\catchme.sys [X]

S4 hpt3xx; No ImagePath

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U4 Scsiscan; No ImagePath

U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 14:39 - 2015-06-13 15:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp

2015-06-13 14:39 - 2015-06-13 14:39 - 00026825 _____ C:\ComboFix.txt

2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE\Local Settings\temp

2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp

2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp

2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp

2015-06-13 08:32 - 2015-06-13 08:32 - 00000000 _RSHD C:\cmdcons

2015-06-13 08:32 - 2015-05-28 17:12 - 00000212 _____ C:\Boot.bak

2015-06-13 08:32 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr

2015-06-13 08:28 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2015-06-13 08:28 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2015-06-13 08:28 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2015-06-13 08:28 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2015-06-13 08:28 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2015-06-13 08:28 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2015-06-13 08:28 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe

2015-06-13 08:28 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe

2015-06-13 08:28 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe

2015-06-13 08:27 - 2015-06-13 14:40 - 00000000 ____D C:\Qoobox

2015-06-13 08:26 - 2015-06-13 10:26 - 00000000 ____D C:\WINDOWS\erdnt

2015-06-11 23:59 - 2015-06-13 15:14 - 00000000 ____D C:\FRST

2015-06-11 23:43 - 2015-06-13 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool

2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO

2015-06-07 19:47 - 2015-06-11 03:02 - 00000402 _____ C:\WINDOWS\Tasks\REGSERVO.job

2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk

2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO

2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO

2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone

2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN

2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h

2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg

2015-06-06 23:13 - 2015-06-12 01:58 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch

2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~

2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes

2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk

2015-06-02 21:48 - 2015-06-13 14:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix

2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal.txt

2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #2

2015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data

2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 2

2015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis

2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS

2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da5

2015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner

2015-05-30 23:44 - 2015-06-13 13:24 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job

2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL

2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS

2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO

2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis

2015-05-29 23:35 - 2015-05-29 23:36 - 00000000 ____D C:\Program Files\IBP 12

2015-05-29 23:35 - 2015-05-29 23:35 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk

2015-05-29 23:35 - 2015-05-29 23:35 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 12

2015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Program Files\AddWeb8

2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk

2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk

2015-05-27 17:24 - 2015-05-29 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA

2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE  AddWeb 8.0 Deluxe Website Promoter

2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder

2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER

2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}

2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}

2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 14:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-13 14:39 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-06-13 14:36 - 2001-08-23 08:00 - 00000227 _____ C:\WINDOWS\system.ini

2015-06-13 14:34 - 2010-01-16 12:19 - 00000000 ____D C:\WINDOWS\pss

2015-06-13 14:00 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype

2015-06-13 13:57 - 2010-01-10 14:33 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt

2015-06-13 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-13 13:38 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2015-06-13 13:30 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-13 13:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-06-13 13:00 - 2013-11-11 15:17 - 00000338 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job

2015-06-13 11:04 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

2015-06-13 10:59 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-06-13 10:51 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService

2015-06-13 10:29 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\repair

2015-06-13 10:22 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-13 10:21 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-13 10:21 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-13 10:21 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log

2015-06-13 10:20 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job

2015-06-13 10:20 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera

2015-06-13 10:20 - 2010-01-10 16:53 - 01523109 _____ C:\WINDOWS\WindowsUpdate.log

2015-06-13 10:19 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-13 10:19 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2015-06-13 10:19 - 2013-10-23 10:03 - 00000296 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job

2015-06-13 10:19 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log

2015-06-13 10:19 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl

2015-06-13 10:18 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini

2015-06-13 10:15 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig

2015-06-13 10:15 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help

2015-06-13 08:32 - 2010-01-10 08:46 - 00000328 __RSH C:\boot.ini

2015-06-12 23:29 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job

2015-06-10 10:06 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2015-06-07 14:33 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE

2015-06-07 14:33 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator

2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService

2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games

2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration

2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT

2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv

2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins

2015-06-07 14:26 - 2010-07-15 11:14 - 00951738 _____ C:\WINDOWS\setupapi.log

2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log

2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log

2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log

2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log

2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log

2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log

2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log

2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log

2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security

2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox

2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox

2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk

2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox

2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe

2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI

2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini

2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew

2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log

2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk

2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log

2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log

2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log

2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore

2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC

2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini

2015-05-29 22:42 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories

2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite140

2015-05-27 18:55 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP  iBusinessPromoter

2015-05-25 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job

2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}

2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk

2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk

2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini

2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties

2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass

==================== Files in the root of some directories =======

2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp

2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results

2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML

2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache

2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache

2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache

2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Argus Thank you for youe help, Thomas

 

 

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.



Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

June 13th, 2015 Saturday 7:15pm EST ~

 

 

Dear ARGUS by using the last FIX of Farbar Recovery Scan_Tool, I was Not able to get Back-Online.  Obviously a File or a Key or something was deleted or changed for my Internet Connection which is directly to my Computer and there apparently was no way to get reconnected.

 

Argus I tried everything from Wizards to repairing and so on.  Finally I went to System Restore brought it back to the state before the FIXES.

 

So none of the fixes have been done and after you go over the List again I’ll have to review it too before I implement the Fixes.

 

#2. Argus The MSVIDEO DLL Error does Not pop Up any longer as when I open my MicroSoft Outlook, nor when I open System-Restore. The ERROR also does Not pop open when I open System Information either.

These seem to have been FIXED the first time I ran ComboFix. 

 

#3. ARGUS here’s what happened, After I downloaded the Fix for the Farbar Recovery Scan Tool, I started the program and clicked on FIX…  After jus a couple of minutes my Computer Crashed and although it keep running my Monitor when black.  I waited for a little over 15 minutes and nothing was happening.

ARGUS I shut the Computer down and rebooted it again.

I went back to your directions and did it over again.

Put the FIX notepad File into the same folder (Farbar Recovery Scan Tool) on my Desktop than started the FIRST Tool again, pressed FIX and ths time the whole Program completed to the end and my Monitor never went black.

 

Argus please advise is there something to be concerned about the Crash outlined above?

 

#4. here’s a few of the FIXES that I know can Not be removed:

a) Anything to do with connecting to the Internet.

b) reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

c) and more also.

 

All were reversed BELOW when I had to do SYSTEM RESTORE.

Blessings,

Love-in-Christ          <><.

             Thomas D ~

ARGUS none of these are done.

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Thomas D Ludwig at 2015-06-13 16:55:05 Run:2
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************

CreateRestorePoint:
closeprocesses:
emptytemp:
HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://websearch.ask...DC-851512952716
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url value
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.goo...ice/update2/crx
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]
U4 Scsiscan; No ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 hpt3xx; No ImagePath
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\THOMAS~1\APPLIC~1\WSE_Astromenda\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributes
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor:com.dropbox.attributes
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD11FC05-EF26-4ED3-9041-1A10B74294CA}" => key removed successfully.
HKCR\CLSID\{FD11FC05-EF26-4ED3-9041-1A10B74294CA} => key not found.
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}\\NameServer => value removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh" => key removed successfully.
"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => key removed successfully.
"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully.
IDriverT => Service removed successfully.
Scsiscan => Service removed successfully.
mbr => Service not found.
catchme => Service removed successfully.
hpt3xx => Service removed successfully.
C:\WINDOWS\Tasks\At1.job not found.
C:\WINDOWS\Tasks\REGSERVO.job => moved successfully.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":373E1720" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":792D4CF1" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":D1B5B4F1" ADS not found.
C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf => ":com.dropbox.attributes" ADS removed successfully..
C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt => ":com.dropbox.attributes" ADS removed successfully..
"C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE" => ":SummaryInformation" ADS not found.
C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
"C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE" => ":SummaryInformation" ADS not found.
C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
"C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE" => ":SummaryInformation" ADS not found.
C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi => ":com.dropbox.attributes" ADS removed successfully..
"C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share" => ":com.dropbox.attributes" ADS not found.
C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor => ":com.dropbox.attributes" ADS removed successfully..

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 686.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:56:59 ====

 

ALL OF THESE ABOVE HAVE NOT BEEN COMPLETED...
ARGUS I do have a few Website Building Programs and other SEO Programs on my Computer.

Thomas ~

Link to post
Share on other sites

How's your computer behaving now?

 


Argus please advise is there something to be concerned about the Crash outlined above?

 

 

 

Always something can go wrong, but now everything is okay.

Your Antivirus is Avast, but you have remnants Norton Antivirus. Maybe is it was the source of the problem.

Download and run Norton removal.
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&entsrc=redirect_pubweb&pvid=f-home

Link to post
Share on other sites

Dear Argus it's seems to be running better.  Lets still try to clear-up most or a lot of the items on the FIXLIST together.  The ones that you Know for sure are potential problems and shouldn't be there.

things like that remnents of the Sports Bar, Anything to do with Norton Symantic, Norton Ultilies, (as I don't even have them installed on my Computer any longer.

Please put them on a Fix List , and I'll go over your FIXList too... Let's leave alone all file to do with my internet Connection, from my Computer, my Unique IP Address, and so on. 

Lets leave alone my tool bars as the are SEO Toolbars...

Tomorrow I'll also look up some of the items on Google you had listed on that last FIXList and send the ones I find should be removed to You .

ARGUS after this what else has to be done from your point of view?

Thank you,

Thomas ~

Link to post
Share on other sites

June 15th, 2015 Monday 2:08pm EST

Dear Argus after this First Run what do you think Of doing the FixList in 2 stages? 

#1. for everything you decide excluding anything that could Screw-Up my internet connection again.  If anything gets deleted and effects any of my SEO Programs or working Tool Bars etc, later after we're done with everything I'll just reinstall the effected Programs that I need again So that they work, No problem...

(ARGUS for my Computer I am on network Settings, however the Cable comes into my Computer and at this time there is No other Computer in the Network. 

I originally did this to be able to hook-in a future Laptop but I haven't been able to purchase it yet.)

#2. Argus for what is left to still do. as far as FIXList,  and Argus you make the decision what else should be done.  (Argus by doing it in two stages this way, if there's another problem getting on the Internet  I won't have to undo all the 1st part FIXList  - if I'm forced to do another System Restore because of not being able to get Online.

Thank you for understanding.

Let me know on this please.

I remain, Respectfully,

Thomas ~

Link to post
Share on other sites

June 15th, 2015 Monday 2:31pm EST ~

Dear Argus here it is and it looks like it's in two parts.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 15-06-2015 14:20:38
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Image Composer\IMGCOMP.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Image Composer\IMGCOMP.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\wab.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [smartPatrol] => C:\Program Files\AddWeb8\SmartPatrol.exe [1171968 2006-04-13] (Cyberspace Headquarters, LLC)
HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FAH.lnk [2015-06-13]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-13]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxp://www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\searchplugins\search-provided-by-yahoo.xml [2015-06-13]
FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]
FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]
FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]
CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)
S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-15] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)
R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)
R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]
S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U4 Scsiscan; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 01:08 - 2015-06-15 12:04 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\AVG Removal Tool
2015-06-13 23:08 - 2015-06-14 00:55 - 00000000 ____D C:\Program Files\AddWeb8
2015-06-13 23:08 - 2015-06-13 23:08 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk
2015-06-13 23:08 - 2015-06-13 23:08 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk
2015-06-13 23:02 - 2015-06-13 23:02 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk
2015-06-13 23:02 - 2015-06-13 23:02 - 00000000 ____D C:\Program Files\IBP 12
2015-06-13 23:02 - 2015-06-13 23:02 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 12
2015-06-13 22:40 - 2015-06-13 22:43 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\WinZip
2015-06-13 22:40 - 2015-06-13 22:40 - 00001770 _____ C:\Documents and Settings\All Users\Start Menu\WinZip.lnk
2015-06-13 22:40 - 2015-06-13 22:40 - 00001770 _____ C:\Documents and Settings\All Users\Desktop\WinZip.lnk
2015-06-13 22:40 - 2015-06-13 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
2015-06-13 22:39 - 2015-06-13 22:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-06-13 22:38 - 2015-06-13 22:39 - 00000000 ____D C:\Program Files\WinZip
2015-06-13 18:44 - 2015-06-13 18:44 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-06-13 16:29 - 2015-06-13 19:02 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol
2015-06-13 14:39 - 2015-06-15 14:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp
2015-06-13 14:39 - 2015-06-13 14:39 - 00026825 _____ C:\ComboFix.txt
2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE\Local Settings\temp
2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-06-13 08:32 - 2015-06-13 08:32 - 00000000 _RSHD C:\cmdcons
2015-06-13 08:32 - 2015-05-28 17:12 - 00000212 _____ C:\Boot.bak
2015-06-13 08:32 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-06-13 08:28 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-06-13 08:28 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-06-13 08:28 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-06-13 08:28 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-06-13 08:28 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-06-13 08:28 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-06-13 08:28 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-06-13 08:28 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-06-13 08:28 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-06-13 08:27 - 2015-06-13 14:40 - 00000000 ____D C:\Qoobox
2015-06-13 08:26 - 2015-06-13 10:26 - 00000000 ____D C:\WINDOWS\erdnt
2015-06-11 23:59 - 2015-06-15 14:20 - 00000000 ____D C:\FRST
2015-06-11 23:43 - 2015-06-15 14:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO
2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk
2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO
2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN
2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h
2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg
2015-06-06 23:13 - 2015-06-12 01:58 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch
2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~
2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes
2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk
2015-06-02 21:48 - 2015-06-13 15:53 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix
2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal
2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #2
2015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data
2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 2
2015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis
2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS
2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da5
2015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner
2015-05-30 23:44 - 2015-06-15 13:21 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL
2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS
2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO
2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis
2015-05-27 17:24 - 2015-06-13 23:04 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA
2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE  AddWeb 8.0 Deluxe Website Promoter
2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder
2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER
2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}
2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}
2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 14:18 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-15 14:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-15 14:17 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-15 14:15 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype
2015-06-15 13:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 13:17 - 2010-01-10 14:33 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-15 12:49 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-15 12:48 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 12:48 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-15 12:48 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-15 12:47 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job
2015-06-15 12:47 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera
2015-06-15 12:46 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-15 12:46 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-15 12:46 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-15 12:46 - 2010-01-10 16:53 - 01568664 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-15 12:46 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-15 12:45 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-15 12:45 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-15 12:42 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini
2015-06-15 12:08 - 2014-12-10 09:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-15 01:26 - 2010-01-12 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2015-06-15 01:26 - 2010-01-10 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2015-06-14 12:25 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig
2015-06-14 10:35 - 2010-02-20 18:03 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\IBP
2015-06-14 07:40 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-06-14 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-13 23:08 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories
2015-06-13 23:01 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP  iBusinessPromoter
2015-06-13 19:03 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-13 18:58 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE
2015-06-13 18:58 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-13 18:58 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-06-13 18:58 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-13 18:57 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration
2015-06-13 18:44 - 2010-07-15 11:14 - 00958512 _____ C:\WINDOWS\setupapi.log
2015-06-13 18:44 - 2010-01-21 18:51 - 00000886 _____ C:\WINDOWS\nsw.log
2015-06-13 16:07 - 2010-01-25 19:48 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-13 14:36 - 2001-08-23 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-13 14:34 - 2010-01-16 12:19 - 00000000 ____D C:\WINDOWS\pss
2015-06-13 10:29 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\repair
2015-06-13 10:15 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help
2015-06-13 08:32 - 2010-01-10 08:46 - 00000328 __RSH C:\boot.ini
2015-06-12 23:29 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job
2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT
2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins
2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log
2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log
2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log
2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log
2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log
2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log
2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log
2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log
2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security
2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox
2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox
2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk
2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox
2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe
2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI
2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini
2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log
2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk
2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log
2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log
2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log
2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC
2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini
2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite140
2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}
2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk
2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk
2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties
2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass

==================== Files in the root of some directories =======

2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp
2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results
2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML
2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache
2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache
2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache
2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

2nd One is forth coming.

Thomas ~

Link to post
Share on other sites

Argus here's the 2nd Part Of the report.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Thomas D Ludwig at 2015-06-15 14:23:45
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-329068152-436374069-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-329068152-436374069-1060284298-1005 - Limited - Enabled)
Guest (S-1-5-21-329068152-436374069-1060284298-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-329068152-436374069-1060284298-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-329068152-436374069-1060284298-1002 - Limited - Disabled)
TDL_OFFICE (S-1-5-21-329068152-436374069-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\TDL_OFFICE
Thomas D Ludwig (S-1-5-21-329068152-436374069-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Thomas D Ludwig

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Com Modem Manager (HKLM\...\3Com Modem Manager) (Version:  - )
ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
AddWeb 8 (HKLM\...\AddWeb 8) (Version: 8.6.3.5 - Cyberspace HQ)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe ActiveShare 1.1 (HKLM\...\Adobe ActiveShare) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 9.4.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
ClearThink (HKLM\...\ClearThink) (Version: 2014.08.13.141025 - ClearThink) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copier 2.0 (HKLM\...\Copier 2.0) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CSE HTML Validator Lite v14.05 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.5.0.0 - AI Internet Solutions LLC)
DFM2HTML (HKLM\...\DFM2HTML) (Version:  - )
DFM2HTML v6.1 (HKLM\...\DFM2HTML v6.1) (Version:  - )
Dropbox (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )
EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )
EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )
EZSuite For EZCam III (HKLM\...\{313aa16e-8c61-410c-a225-917462421659}) (Version: 1.0 - )
EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )
FaxTools eXPert (HKLM\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
FVD Suite 3.0.2 (HKLM\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version:  - flashvideodownloader.org)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)
IBP 12.2.1 (HKLM\...\IBP12_is1) (Version: 12.2.1 - Axandra GmbH)
iLinc Client (HKLM\...\uninstall.exe) (Version:  - )
Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
InterVideo WinDVD (HKLM\...\InterVideo WinDVD) (Version:  - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
join.me (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
LinksysDiag (HKLM\...\{9A9412F1-6587-46F4-9689-01E2E38CE5E0}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2000 (HKLM\...\{00100409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version:  - )
Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)
Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft PowerPoint 2000 SR-1 (HKLM\...\{00130409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiraScan V3.40 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\MiraScanV3.40) (Version:  - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version:  - )
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Outlook Recovery Toolbox 1.7 (HKLM\...\Outlook Recovery Toolbox_is1) (Version:  - Recovery Toolbox)
Paint Shop Pro 4.12 Shareware (HKLM\...\Paint Shop Pro 4.12 Shareware) (Version:  - )
PhoneTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version:  - )
Presto! ImageFolio LE (HKLM\...\if40leUninstall) (Version:  - )
Presto! PageManager (HKLM\...\PageManager) (Version:  - )
Presto! PageType (HKLM\...\PageType) (Version:  - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
REGSERVO (HKLM\...\REGSERVO_is1) (Version: 2.0.0.7 - TuneUp System Software Pvt Ltd.)
Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version:  - )
ScanButton 2.1 (HKLM\...\ScanButton 2.1) (Version:  - )
SEO PowerSuite (HKLM\...\seopowersuite) (Version:  - )
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)
USB PC Camera (HKLM\...\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Easy Professional (HKLM\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.0 - Avanquest)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E8}) (Version: 19.5.11475 - WinZip Computing, S.L. )
Zoom (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{0C19B8F4-C6F9-4AB6-B18E-60BA1399C8C0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnypass.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{11216D39-C5CB-41B6-AD5A-E17220E5E524}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{19DB7584-8E4E-11D3-B605-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\fpgoals.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{1C96F515-044F-4B0A-B167-6139D7CDB801}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{33C1974B-2A42-43A6-A376-2B7744C014AE}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mctalk.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{3d391e7a-8060-461e-9a38-656c5b6b23a0}\InprocServer32 -> C:\WINDOWS\system\MSVIDEO.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D0-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D1-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7275AFDF-EF1B-4A2C-B776-3CEE7AE3224E}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{852397B0-DEA0-11D0-8A69-00A0C90C2A42}\InprocServer32 -> C:\Program Files\Microsoft Money\System\aw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622B8-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BA-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BC-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BD-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BF-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %USERPROFILE%\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll No File
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{89603FE2-F04A-4674-A3DD-A8A601014159}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C4865195-8247-47D7-BA9E-BEC1CA480BE5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C525E207-7AEE-11D0-92B4-00C04FD9027E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtsync.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F41311C2-EDBB-4141-810D-2DD7B2C9F46D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\report.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8653-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8654-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyinet.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8655-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtconn.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8657-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8659-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnylog.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofcimp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyonl.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pfplan.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8660-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8661-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8662-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8663-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8664-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8665-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8666-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8668-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8669-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\q2mny.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnycore.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msfdpb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8680-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8681-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8682-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\onlsetup.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8683-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\npc.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF868F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qif.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F647775F-88A4-448A-9A23-ABA428A7E07E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 08:00 - 2015-06-13 14:35 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2856\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2856\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-15 06:45 - 2015-06-15 06:45 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061500\algo.dll
2011-09-04 18:21 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-01-10 03:30 - 2015-01-10 03:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2001-08-23 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2001-08-23 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2001-08-23 08:00 - 2008-04-13 20:12 - 00192512 _____ () C:\WINDOWS\System32\qcap.dll
2001-08-23 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\cyberspacehq.com -> hxxp://linktrader.cyberspacehq.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk => C:\WINDOWS\pss\3Com Modem Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk => C:\WINDOWS\pss\ScanButton 2.1.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk => C:\WINDOWS\pss\SnapDetect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\WINDOWS\pss\MyPC Backup.lnkStartup
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: IBP => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: LinksysDiag => C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hw
MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"
MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Akamai\netsession_win.exe] => :LocalSubNet:Disabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\Zoom.exe] => Disabled:Zoom
StandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest\Web Easy Professional 10\WebEasy.exe] => Enabled:Web Easy Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => :LocalSubNet:Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp\7zS726.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 02:20:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, faulting module mbam.exe, version 1.0.1.711, fault address 0x0018aae7.
Processing media-specific event for [mbam.exe!ws!]

Error: (06/15/2015 02:19:39 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (06/15/2015 00:47:38 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (06/15/2015 00:45:34 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (06/15/2015 00:45:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts.  This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/15/2015 00:45:33 PM) (Source: WinMgmt) (EventID: 5601) (User: )
Description: The WinMgmt service failed to load the repository files under the directory %windir%\system32\wbem\repository.  This
can be caused by a corruption in the repository files, security settings on this directory, lack disk space, or other
system resource issues like lack of memory.  If this error happens every time the machine is rebooted then the
administrator on this machine may need to stop WinMgmt service, delete all files and directories under this location,
and restarting the WinMgmt service.

Error: (06/15/2015 00:09:42 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (06/15/2015 10:20:41 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (06/15/2015 08:32:38 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (06/15/2015 06:38:15 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.


System errors:
=============
Error: (06/15/2015 00:45:20 PM) (Source: 0) (EventID: 5008) (User: )
Description: Broadcom iLine10 Network Adapter

Error: (06/15/2015 00:45:20 PM) (Source: 0) (EventID: 4) (User: )
Description: AMLI0x710x70 - 0x71

Error: (06/15/2015 00:45:20 PM) (Source: 0) (EventID: 5) (User: )
Description: AMLI0x700x70 - 0x71

Error: (06/15/2015 06:35:52 AM) (Source: 0) (EventID: 5008) (User: )
Description: Broadcom iLine10 Network Adapter

Error: (06/15/2015 06:35:52 AM) (Source: 0) (EventID: 4) (User: )
Description: AMLI0x710x70 - 0x71

Error: (06/15/2015 06:35:52 AM) (Source: 0) (EventID: 5) (User: )
Description: AMLI0x700x70 - 0x71

Error: (06/15/2015 01:33:35 AM) (Source: 0) (EventID: 5008) (User: )
Description: Broadcom iLine10 Network Adapter

Error: (06/15/2015 01:33:35 AM) (Source: 0) (EventID: 4) (User: )
Description: AMLI0x710x70 - 0x71

Error: (06/15/2015 01:33:35 AM) (Source: 0) (EventID: 5) (User: )
Description: AMLI0x700x70 - 0x71

Error: (06/14/2015 01:34:54 PM) (Source: 0) (EventID: 5008) (User: )
Description: Broadcom iLine10 Network Adapter


Microsoft Office:
=========================
Error: (06/15/2015 02:20:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711mbam.exe1.0.1.7110018aae7

Error: (06/15/2015 02:19:39 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (06/15/2015 00:47:38 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (06/15/2015 00:45:34 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description:

Error: (06/15/2015 00:45:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description:

Error: (06/15/2015 00:45:33 PM) (Source: WinMgmt) (EventID: 5601) (User: )
Description:

Error: (06/15/2015 00:09:42 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (06/15/2015 10:20:41 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (06/15/2015 08:32:38 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (06/15/2015 06:38:15 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 1400MHz
Percentage of memory in use: 50%
Total physical RAM: 767.07 MB
Available physical RAM: 382.28 MB
Total Pagefile: 1877.77 MB
Available Pagefile: 1013.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126 GB) (Free:81.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA STORAGE) (Fixed) (Total:70.02 GB) (Free:69.93 GB) NTFS
Drive e: (MOVIES) (Fixed) (Total:29.29 GB) (Free:29.23 GB) NTFS
Drive f: (PICTURES) (Fixed) (Total:7.57 GB) (Free:7.53 GB) NTFS
Drive z: () (Network) (Total:126 GB) (Free:81.23 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.9 GB) - (Type=OF Extended)

==================== End of log ============================

 

Argus OK this is the 2nd Part.

Thank you So kindly.

Thomas D ~

Link to post
Share on other sites

Argus you'll see in the REPORTS that these last 2 day there has been ERRORS... The good new is that So far the MSVIDEO DLL has Not shown it's ugly head again.

 

#1. When do you want me to delete everything in System Restore and start fresh?

 

#2. Argus when do you want me to uninstall ComboFix?  (With all the Quarantined Files and items?

 

Thomas ~

Link to post
Share on other sites

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings

    [*]Push Run and wait until the tool completes his work. [*]All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Link to post
Share on other sites