LUDWIGS Posted June 12, 2015 ID:968668 Share Posted June 12, 2015 Dear MrCharlie, Experts,June 11th, 2015 Thursday 9:42pm ESTDear ExpertI’ve read how you’ve been able to help other people with the same Problem that my Computer has.I would like to hire you to fix my ERROR that Pop-up every time I start my Microsoft OUTLOOK Program. ( I click OK and the Error doesn’t not Pop-up again till the next time.It Reads: OUTLOOK EXE – Bad Image(ERROR message than Reads)The application or DLL C\WINDOWS\System\ MSVIDEO DLL is not a valid Windows image. Please check this against you installation diskette. The same message Pops-Up when I go to make a SYSTEM RESTORE point /or if I try to do a System Restore. (In Fact it even SHUT DOWN my System Restore from working at all, 2 months ago, till I was able to delete last week the FILE it put in the SYSTEM RESTORE Folder.)It Reads on top on the blue strip:Rstruiexe – Bad ImageThan the same message as above ERROR. This ERROR also now is effecting viewing my SYSTEM INFORMATION which sometimes Now won’t openERROR Says: helpctr.exe – Bad ImageThan it goes on to say the same as above. I’ve Scanned my Computer, including Root Scan with my Subscribed MALWAREBYTES, Also my free SUPER ANTI-SPYWARE, and also my free AVAST Anti-Virus. I’m running XP Professional, Service Pack 3,750MB RDRAMPentium IIIIHere’s my Contact information and looking forward to talking with you.Thank you So kindly, LUDWIGSFAITH HOPE And LOVE,“IN GOD WE TRUST" <><. Thomas D ~ Thomas D Ludwig 252-633-6363 tdludwig@suddenlink.net New Bern North Carolina USA Link to post Share on other sites More sharing options...
_argus Posted June 12, 2015 ID:968682 Share Posted June 12, 2015 Helllo,My name is Argus and and I will be helping you with your computer problems.Before we begin, please note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions. Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 12, 2015 Author ID:968698 Share Posted June 12, 2015 Dear Argus Thank you so much for your help... I've Run the Scans which you've requested and here are the Results:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 12-06-2015 00:00:52Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolLoaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe(Microsoft Corporation) C:\Program Files\Outlook Express\wab.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)HKLM\...\Run: [nwiz] => nwiz.exe /installHKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -kHKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabledProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTIONSearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabHandler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)Filter: text/html - {3d391e7a-8060-461e-9a38-656c5b6b23a0} - C:\WINDOWS\system\MSVIDEO.DLL [2001-08-23] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1FireFox:========FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101FF Homepage: hxxp://www.foxnews.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @hulu.com/Hulu Desktop -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]Chrome:=======CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url valueCHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx========================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-11] (Malwarebytes Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]S4 hpt3xx; No ImagePathS3 rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U4 Scsiscan; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-11 23:59 - 2015-06-12 00:01 - 00000000 ____D C:\FRST2015-06-11 23:43 - 2015-06-12 00:00 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO2015-06-07 19:47 - 2015-06-11 03:02 - 00000402 _____ C:\WINDOWS\Tasks\REGSERVO.job2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg2015-06-06 23:13 - 2015-06-06 23:26 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk2015-06-02 21:48 - 2015-06-02 22:06 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix.txt2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal.txt2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #22015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 22015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da52015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner2015-05-30 23:44 - 2015-06-11 23:24 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis2015-05-29 23:35 - 2015-05-29 23:36 - 00000000 ____D C:\Program Files\IBP 122015-05-29 23:35 - 2015-05-29 23:35 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk2015-05-29 23:35 - 2015-05-29 23:35 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 122015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Program Files\AddWeb82015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk2015-05-27 17:24 - 2015-05-29 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE AddWeb 8.0 Deluxe Website Promoter2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-12 00:03 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp2015-06-11 23:58 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype2015-06-11 23:55 - 2014-08-13 13:55 - 00000440 _____ C:\WINDOWS\Tasks\At1.job2015-06-11 23:49 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2015-06-11 23:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-06-11 23:31 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 23:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-06-11 17:55 - 2010-01-10 14:33 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt2015-06-11 17:54 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl2015-06-11 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-06-11 13:35 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job2015-06-11 13:00 - 2013-11-11 15:17 - 00000338 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job2015-06-11 11:12 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:12 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-06-11 11:11 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:11 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job2015-06-11 11:11 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-06-11 11:11 - 2013-10-23 10:03 - 00000296 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job2015-06-11 11:11 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera2015-06-11 11:11 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:11 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:11 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log2015-06-11 11:10 - 2010-01-10 16:53 - 01508437 _____ C:\WINDOWS\WindowsUpdate.log2015-06-11 11:09 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-06-11 11:09 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log2015-06-11 04:34 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini2015-06-10 10:06 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 21:00 - 2010-01-10 14:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2015-06-07 20:29 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig2015-06-07 14:33 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE2015-06-07 14:33 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins2015-06-07 14:26 - 2010-07-15 11:14 - 00951738 _____ C:\WINDOWS\setupapi.log2015-06-07 14:26 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox2015-06-03 00:04 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini2015-05-29 22:42 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories2015-05-28 17:12 - 2010-01-10 08:46 - 00000212 __RSH C:\boot.ini2015-05-28 17:12 - 2001-08-23 08:00 - 00000227 ____N C:\WINDOWS\system.ini2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite1402015-05-27 18:55 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP iBusinessPromoter2015-05-25 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass==================== Files in the root of some directories =======2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.iniFiles to move or delete:====================C:\Windows\Tasks\At1.jobSome files in TEMP:====================C:\Documents and Settings\Administrator\Local Settings\Temp\mun2B6.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\AdobeFlash_setup [1].exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfatk9m.dllC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\DWPUpgradeInstaller.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih(1).exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\jre-8u45-windows-au.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\SkypeSetup.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\{AECAB70D-0AF6-477E-822D-B69F35918BB8}-GoogleUpdateSetup.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015Ran by Thomas D Ludwig at 2015-06-12 00:05:39Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-329068152-436374069-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\AdministratorASPNET (S-1-5-21-329068152-436374069-1060284298-1005 - Limited - Enabled)Guest (S-1-5-21-329068152-436374069-1060284298-501 - Limited - Enabled)HelpAssistant (S-1-5-21-329068152-436374069-1060284298-1000 - Limited - Disabled)SUPPORT_388945a0 (S-1-5-21-329068152-436374069-1060284298-1002 - Limited - Disabled)TDL_OFFICE (S-1-5-21-329068152-436374069-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\TDL_OFFICEThomas D Ludwig (S-1-5-21-329068152-436374069-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Thomas D Ludwig==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton Internet Security (Disabled - Out of date) {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)3Com Modem Manager (HKLM\...\3Com Modem Manager) (Version: - )ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenAddWeb 8 (HKLM\...\AddWeb 8) (Version: 8.6.3.5 - Cyberspace HQ)Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)Adobe ActiveShare 1.1 (HKLM\...\Adobe ActiveShare) (Version: - )Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Reader 9.4.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Akamai NetSession Interface (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Akamai) (Version: - Akamai Technologies, Inc)Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)ClearThink (HKLM\...\ClearThink) (Version: 2014.08.13.141025 - ClearThink) <==== ATTENTIONCompatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Copier 2.0 (HKLM\...\Copier 2.0) (Version: - )Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)CSE HTML Validator Lite v14.05 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.5.0.0 - AI Internet Solutions LLC)DFM2HTML (HKLM\...\DFM2HTML) (Version: - )DFM2HTML v6.1 (HKLM\...\DFM2HTML v6.1) (Version: - )Dropbox (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )EZSuite For EZCam III (HKLM\...\{313aa16e-8c61-410c-a225-917462421659}) (Version: 1.0 - )EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )FaxTools eXPert (HKLM\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)FoxTab FLV Player (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\FoxTab FLV Player) (Version: - ) <==== ATTENTIONFVD Suite 3.0.2 (HKLM\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version: - flashvideodownloader.org)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenGoToMeeting 7.2.0.2759 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)Hulu Desktop (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)IBP 12.2.1 (HKLM\...\IBP12_is1) (Version: 12.2.1 - Axandra GmbH)iLinc Client (HKLM\...\uninstall.exe) (Version: - )Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)InterVideo WinDVD (HKLM\...\InterVideo WinDVD) (Version: - )Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)join.me (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)LinksysDiag (HKLM\...\{9A9412F1-6587-46F4-9689-01E2E38CE5E0}) (Version: - )Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Access 2000 (HKLM\...\{00100409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version: - )Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft PowerPoint 2000 SR-1 (HKLM\...\{00130409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MiraScan V3.40 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\MiraScanV3.40) (Version: - )Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - )OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenOLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - )Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)Outlook Recovery Toolbox 1.7 (HKLM\...\Outlook Recovery Toolbox_is1) (Version: - Recovery Toolbox)Paint Shop Pro 4.12 Shareware (HKLM\...\Paint Shop Pro 4.12 Shareware) (Version: - )PhoneTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: - )Presto! ImageFolio LE (HKLM\...\if40leUninstall) (Version: - )Presto! PageManager (HKLM\...\PageManager) (Version: - )Presto! PageType (HKLM\...\PageType) (Version: - )QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenREGSERVO (HKLM\...\REGSERVO_is1) (Version: 2.0.0.7 - TuneUp System Software Pvt Ltd.)Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version: - )ScanButton 2.1 (HKLM\...\ScanButton 2.1) (Version: - )SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)USB PC Camera (HKLM\...\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}) (Version: - )VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) HiddenVisual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Web Easy Professional (HKLM\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.0 - Avanquest)WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) HiddenWindow Washer (HKLM\...\Window Washer) (Version: - )Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)WYSIWYG Web Builder 4.3.5 (HKLM\...\WYSIWYG_Web_Builder_2.6) (Version: - )Zoom (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{06b5b051-1d05-443d-822f-39ab0d05f018}\InprocServer32 -> C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll No FileCustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{0C19B8F4-C6F9-4AB6-B18E-60BA1399C8C0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnypass.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{11216D39-C5CB-41B6-AD5A-E17220E5E524}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{19DB7584-8E4E-11D3-B605-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\fpgoals.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{1C96F515-044F-4B0A-B167-6139D7CDB801}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{33C1974B-2A42-43A6-A376-2B7744C014AE}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mctalk.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{3d391e7a-8060-461e-9a38-656c5b6b23a0}\InprocServer32 -> C:\WINDOWS\system\MSVIDEO.DLL (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D0-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D1-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7275AFDF-EF1B-4A2C-B776-3CEE7AE3224E}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{852397B0-DEA0-11D0-8A69-00A0C90C2A42}\InprocServer32 -> C:\Program Files\Microsoft Money\System\aw.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622B8-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BA-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BC-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BD-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BF-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %USERPROFILE%\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll No FileCustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{89603FE2-F04A-4674-A3DD-A8A601014159}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C4865195-8247-47D7-BA9E-BEC1CA480BE5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C525E207-7AEE-11D0-92B4-00C04FD9027E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtsync.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F41311C2-EDBB-4141-810D-2DD7B2C9F46D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\report.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8653-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8654-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyinet.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8655-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtconn.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8657-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8659-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnylog.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofcimp.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyonl.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pfplan.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8660-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8661-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8662-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8663-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8664-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8665-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8666-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8668-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8669-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\q2mny.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnycore.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msfdpb.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofx.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8680-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8681-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8682-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\onlsetup.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8683-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\npc.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF868F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qif.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F647775F-88A4-448A-9A23-ABA428A7E07E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)==================== Restore Points =========================31-05-2015 23:53:11 System Checkpoint31-05-2015 23:55:54 After deleting Keys with HiJack This 5-31-2015 Sunday 11:55pm EST ~01-06-2015 01:42:40 Installed Windows Internet Explorer 8.04-06-2015 20:37:32 System Checkpoint07-06-2015 06:36:37 System Checkpoint07-06-2015 12:44:04 SUNDAY 6-7-2015 12:43pm EST ~07-06-2015 14:33:16 Restore Operation07-06-2015 20:18:43 After I installed REGSERVO (DownLoard) 6-7-2015 8:18pm {TDL}.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2001-08-23 08:00 - 2001-08-23 08:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\ARO 2013.job => C:\Program Files\ARO 2013\ARO.exeTask: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\THOMAS~1\APPLIC~1\WSE_Astromenda\UpdateProc\UpdateTask.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupdate.exeTask: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupload.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exeTask: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job => C:\Program Files\Opera\launcher.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job => C:\WINDOWS\system32\msfeedssync.exe==================== Loaded Modules (Whitelisted) ==============2015-06-11 15:34 - 2015-06-11 15:34 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061102\algo.dll2011-09-04 18:21 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2015-01-10 03:30 - 2015-01-10 03:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2001-08-23 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll2001-08-23 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor:com.dropbox.attributes==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-329068152-436374069-1060284298-1003\Control Panel\Desktop\\Wallpaper ->DNS Servers: 8.8.8.8 - 8.8.4.4==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk => C:\WINDOWS\pss\3Com Modem Manager.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk => C:\WINDOWS\pss\ScanButton 2.1.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk => C:\WINDOWS\pss\SnapDetect.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartupMSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\WINDOWS\pss\MyPC Backup.lnkStartupMSCONFIG\startupreg: Advanced System Optimizer =>MSCONFIG\startupreg: Advanced-System Protector_startup =>MSCONFIG\startupreg: AROReminder =>MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStartMSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /hMSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader =>MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWMSCONFIG\startupreg: DriverUpdate =>MSCONFIG\startupreg: IBP => "C:\Program Files\QuickTime\qttask.exe" -atboottimeMSCONFIG\startupreg: LinksysDiag => C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hwMSCONFIG\startupreg: Malwarebytes' Anti-Malware =>MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exeMSCONFIG\startupreg: NSWosCheck =>MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottimeMSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exeMSCONFIG\startupreg: StartNowToolbarHelper =>MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader =>MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => Link to post Share on other sites More sharing options...
LUDWIGS Posted June 12, 2015 Author ID:968699 Share Posted June 12, 2015 Dear Argus Thank you so much for your help... I've Run the Scans which you've requested and here are the Results:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 12-06-2015 00:00:52Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolLoaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe(Microsoft Corporation) C:\Program Files\Outlook Express\wab.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)HKLM\...\Run: [nwiz] => nwiz.exe /installHKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -kHKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabledProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTIONSearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabHandler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)Filter: text/html - {3d391e7a-8060-461e-9a38-656c5b6b23a0} - C:\WINDOWS\system\MSVIDEO.DLL [2001-08-23] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1FireFox:========FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101FF Homepage: hxxp://www.foxnews.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @hulu.com/Hulu Desktop -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]Chrome:=======CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url valueCHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx========================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-11] (Malwarebytes Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]S4 hpt3xx; No ImagePathS3 rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U4 Scsiscan; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-11 23:59 - 2015-06-12 00:01 - 00000000 ____D C:\FRST2015-06-11 23:43 - 2015-06-12 00:00 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO2015-06-07 19:47 - 2015-06-11 03:02 - 00000402 _____ C:\WINDOWS\Tasks\REGSERVO.job2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg2015-06-06 23:13 - 2015-06-06 23:26 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk2015-06-02 21:48 - 2015-06-02 22:06 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix.txt2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal.txt2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #22015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 22015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da52015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner2015-05-30 23:44 - 2015-06-11 23:24 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis2015-05-29 23:35 - 2015-05-29 23:36 - 00000000 ____D C:\Program Files\IBP 122015-05-29 23:35 - 2015-05-29 23:35 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk2015-05-29 23:35 - 2015-05-29 23:35 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 122015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Program Files\AddWeb82015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk2015-05-27 17:24 - 2015-05-29 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE AddWeb 8.0 Deluxe Website Promoter2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-12 00:03 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp2015-06-11 23:58 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype2015-06-11 23:55 - 2014-08-13 13:55 - 00000440 _____ C:\WINDOWS\Tasks\At1.job2015-06-11 23:49 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2015-06-11 23:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-06-11 23:31 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 23:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-06-11 17:55 - 2010-01-10 14:33 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt2015-06-11 17:54 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl2015-06-11 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-06-11 13:35 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job2015-06-11 13:00 - 2013-11-11 15:17 - 00000338 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job2015-06-11 11:12 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:12 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-06-11 11:11 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:11 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job2015-06-11 11:11 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-06-11 11:11 - 2013-10-23 10:03 - 00000296 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job2015-06-11 11:11 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera2015-06-11 11:11 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:11 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-11 11:11 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log2015-06-11 11:10 - 2010-01-10 16:53 - 01508437 _____ C:\WINDOWS\WindowsUpdate.log2015-06-11 11:09 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-06-11 11:09 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log2015-06-11 04:34 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini2015-06-10 10:06 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 21:00 - 2010-01-10 14:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2015-06-07 20:29 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig2015-06-07 14:33 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE2015-06-07 14:33 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins2015-06-07 14:26 - 2010-07-15 11:14 - 00951738 _____ C:\WINDOWS\setupapi.log2015-06-07 14:26 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox2015-06-03 00:04 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini2015-05-29 22:42 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories2015-05-28 17:12 - 2010-01-10 08:46 - 00000212 __RSH C:\boot.ini2015-05-28 17:12 - 2001-08-23 08:00 - 00000227 ____N C:\WINDOWS\system.ini2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite1402015-05-27 18:55 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP iBusinessPromoter2015-05-25 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass==================== Files in the root of some directories =======2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.iniFiles to move or delete:====================C:\Windows\Tasks\At1.jobSome files in TEMP:====================C:\Documents and Settings\Administrator\Local Settings\Temp\mun2B6.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\AdobeFlash_setup [1].exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfatk9m.dllC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\DWPUpgradeInstaller.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih(1).exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\install_flashplayer11x32au_mssd_aih.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\jre-8u45-windows-au.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\SkypeSetup.exeC:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\{AECAB70D-0AF6-477E-822D-B69F35918BB8}-GoogleUpdateSetup.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015Ran by Thomas D Ludwig at 2015-06-12 00:05:39Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-329068152-436374069-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\AdministratorASPNET (S-1-5-21-329068152-436374069-1060284298-1005 - Limited - Enabled)Guest (S-1-5-21-329068152-436374069-1060284298-501 - Limited - Enabled)HelpAssistant (S-1-5-21-329068152-436374069-1060284298-1000 - Limited - Disabled)SUPPORT_388945a0 (S-1-5-21-329068152-436374069-1060284298-1002 - Limited - Disabled)TDL_OFFICE (S-1-5-21-329068152-436374069-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\TDL_OFFICEThomas D Ludwig (S-1-5-21-329068152-436374069-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Thomas D Ludwig==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton Internet Security (Disabled - Out of date) {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)3Com Modem Manager (HKLM\...\3Com Modem Manager) (Version: - )ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenAddWeb 8 (HKLM\...\AddWeb 8) (Version: 8.6.3.5 - Cyberspace HQ)Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)Adobe ActiveShare 1.1 (HKLM\...\Adobe ActiveShare) (Version: - )Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Reader 9.4.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Akamai NetSession Interface (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Akamai) (Version: - Akamai Technologies, Inc)Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)ClearThink (HKLM\...\ClearThink) (Version: 2014.08.13.141025 - ClearThink) <==== ATTENTIONCompatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Copier 2.0 (HKLM\...\Copier 2.0) (Version: - )Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)CSE HTML Validator Lite v14.05 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.5.0.0 - AI Internet Solutions LLC)DFM2HTML (HKLM\...\DFM2HTML) (Version: - )DFM2HTML v6.1 (HKLM\...\DFM2HTML v6.1) (Version: - )Dropbox (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )EZSuite For EZCam III (HKLM\...\{313aa16e-8c61-410c-a225-917462421659}) (Version: 1.0 - )EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )FaxTools eXPert (HKLM\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)FoxTab FLV Player (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\FoxTab FLV Player) (Version: - ) <==== ATTENTIONFVD Suite 3.0.2 (HKLM\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version: - flashvideodownloader.org)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenGoToMeeting 7.2.0.2759 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)Hulu Desktop (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)IBP 12.2.1 (HKLM\...\IBP12_is1) (Version: 12.2.1 - Axandra GmbH)iLinc Client (HKLM\...\uninstall.exe) (Version: - )Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)InterVideo WinDVD (HKLM\...\InterVideo WinDVD) (Version: - )Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)join.me (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)LinksysDiag (HKLM\...\{9A9412F1-6587-46F4-9689-01E2E38CE5E0}) (Version: - )Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Access 2000 (HKLM\...\{00100409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version: - )Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft PowerPoint 2000 SR-1 (HKLM\...\{00130409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MiraScan V3.40 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\MiraScanV3.40) (Version: - )Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - )OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenOLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - )Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)Outlook Recovery Toolbox 1.7 (HKLM\...\Outlook Recovery Toolbox_is1) (Version: - Recovery Toolbox)Paint Shop Pro 4.12 Shareware (HKLM\...\Paint Shop Pro 4.12 Shareware) (Version: - )PhoneTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: - )Presto! ImageFolio LE (HKLM\...\if40leUninstall) (Version: - )Presto! PageManager (HKLM\...\PageManager) (Version: - )Presto! PageType (HKLM\...\PageType) (Version: - )QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenREGSERVO (HKLM\...\REGSERVO_is1) (Version: 2.0.0.7 - TuneUp System Software Pvt Ltd.)Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version: - )ScanButton 2.1 (HKLM\...\ScanButton 2.1) (Version: - )SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)USB PC Camera (HKLM\...\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}) (Version: - )VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) HiddenVisual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Web Easy Professional (HKLM\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.0 - Avanquest)WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) HiddenWindow Washer (HKLM\...\Window Washer) (Version: - )Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)WYSIWYG Web Builder 4.3.5 (HKLM\...\WYSIWYG_Web_Builder_2.6) (Version: - )Zoom (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{06b5b051-1d05-443d-822f-39ab0d05f018}\InprocServer32 -> C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll No FileCustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{0C19B8F4-C6F9-4AB6-B18E-60BA1399C8C0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnypass.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{11216D39-C5CB-41B6-AD5A-E17220E5E524}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{19DB7584-8E4E-11D3-B605-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\fpgoals.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{1C96F515-044F-4B0A-B167-6139D7CDB801}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{33C1974B-2A42-43A6-A376-2B7744C014AE}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mctalk.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{3d391e7a-8060-461e-9a38-656c5b6b23a0}\InprocServer32 -> C:\WINDOWS\system\MSVIDEO.DLL (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D0-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D1-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7275AFDF-EF1B-4A2C-B776-3CEE7AE3224E}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{852397B0-DEA0-11D0-8A69-00A0C90C2A42}\InprocServer32 -> C:\Program Files\Microsoft Money\System\aw.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622B8-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BA-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BC-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BD-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BF-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %USERPROFILE%\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll No FileCustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{89603FE2-F04A-4674-A3DD-A8A601014159}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C4865195-8247-47D7-BA9E-BEC1CA480BE5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C525E207-7AEE-11D0-92B4-00C04FD9027E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtsync.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F41311C2-EDBB-4141-810D-2DD7B2C9F46D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\report.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8653-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8654-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyinet.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8655-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtconn.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8657-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8659-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnylog.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofcimp.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyonl.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pfplan.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8660-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8661-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8662-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8663-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8664-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8665-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8666-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8668-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8669-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\q2mny.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnycore.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msfdpb.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofx.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8680-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8681-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8682-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\onlsetup.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8683-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\npc.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF868F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qif.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F647775F-88A4-448A-9A23-ABA428A7E07E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)==================== Restore Points =========================31-05-2015 23:53:11 System Checkpoint31-05-2015 23:55:54 After deleting Keys with HiJack This 5-31-2015 Sunday 11:55pm EST ~01-06-2015 01:42:40 Installed Windows Internet Explorer 8.04-06-2015 20:37:32 System Checkpoint07-06-2015 06:36:37 System Checkpoint07-06-2015 12:44:04 SUNDAY 6-7-2015 12:43pm EST ~07-06-2015 14:33:16 Restore Operation07-06-2015 20:18:43 After I installed REGSERVO (DownLoard) 6-7-2015 8:18pm {TDL}.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2001-08-23 08:00 - 2001-08-23 08:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\ARO 2013.job => C:\Program Files\ARO 2013\ARO.exeTask: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\THOMAS~1\APPLIC~1\WSE_Astromenda\UpdateProc\UpdateTask.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupdate.exeTask: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2759\g2mupload.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exeTask: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job => C:\Program Files\Opera\launcher.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job => C:\WINDOWS\system32\msfeedssync.exe==================== Loaded Modules (Whitelisted) ==============2015-06-11 15:34 - 2015-06-11 15:34 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061102\algo.dll2011-09-04 18:21 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2015-01-10 03:30 - 2015-01-10 03:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2001-08-23 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll2001-08-23 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor:com.dropbox.attributes==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-329068152-436374069-1060284298-1003\Control Panel\Desktop\\Wallpaper ->DNS Servers: 8.8.8.8 - 8.8.4.4==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk => C:\WINDOWS\pss\3Com Modem Manager.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk => C:\WINDOWS\pss\ScanButton 2.1.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk => C:\WINDOWS\pss\SnapDetect.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartupMSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\WINDOWS\pss\MyPC Backup.lnkStartupMSCONFIG\startupreg: Advanced System Optimizer =>MSCONFIG\startupreg: Advanced-System Protector_startup =>MSCONFIG\startupreg: AROReminder =>MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStartMSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /hMSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader =>MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWMSCONFIG\startupreg: DriverUpdate =>MSCONFIG\startupreg: IBP => "C:\Program Files\QuickTime\qttask.exe" -atboottimeMSCONFIG\startupreg: LinksysDiag => C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hwMSCONFIG\startupreg: Malwarebytes' Anti-Malware =>MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exeMSCONFIG\startupreg: NSWosCheck =>MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottimeMSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exeMSCONFIG\startupreg: StartNowToolbarHelper =>MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader =>MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => ==================== FirewallRules (Whitelisted) ===============Argus, There's more but I don't know how to add it as it said m POST is to long.Thomas ~ Link to post Share on other sites More sharing options...
_argus Posted June 12, 2015 ID:968704 Share Posted June 12, 2015 FRST searchOnce again we shall use FRST for additional checks. Re-run FRST/FRST64 the same way:Copy MSVIDEO DLL into the Search: field in FRST then click the Search Files button. FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run. Please attach it to your reply. OK, those files are OK, not to worry about them.Download REGSEARCH from one of the links below: http://download.bleepingcomputer.com/steelwerx/regsearch.zip Download and extract the contents of the zip file.Double-click the icon for RegSearch.exe to launch the program.Enter a string to search for and click "OK".11d3a0e3-9aa8-49cb-929c-1cd939610ad7 <-----enter thisAfter completion Notepad will be opened with all the found instances of the string.The resulting file is saved in the same location as RegSearch.exe. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 12, 2015 Author ID:968714 Share Posted June 12, 2015 ARGUS these are other reports that you didn't receive yet:==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Akamai\netsession_win.exe] => :LocalSubNet:Disabled:Akamai NetSession ClientStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\Temp\7zS33.tmp\SymNRT.exe] => :LocalSubNet:Disabled:Norton Removal ToolStandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office\1033\WFXMSRVR.EXE] => :LocalSubNet:Disabled:WFXMSRVRStandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe] => :LocalSubNet:Disabled:Octoshape add-in for Adobe Flash PlayerStandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Disabled:Skype Extras ManagerStandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google ChromeStandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet BrowserStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:DropboxStandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\WebEasyUpdater.exe] => Enabled:WebEasy UpdaterStandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\WebEasy.exe] => Enabled:WebEasy ApplicationStandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\vcomFtp.exe] => Enabled:WebEasy FtpMaxStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\Zoom.exe] => Disabled:ZoomStandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest\Web Easy Professional 10\WebEasy.exe] => Enabled:Web Easy ApplicationStandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:SkypeStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice TestStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => :LocalSubNet:Disabled:Microsoft Management ConsoleStandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => :LocalSubNet:Disabled:Run a DLL as an AppStandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKitStandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest Software\Web Easy Professional 10\Website Host\WebEasySite\WEHostPublishWizard.exe] => Disabled:WebEasy Host Publishing WizardStandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service==================== Faulty Device Manager Devices =============Name: 1394 Net AdapterDescription: 1394 Net AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: MicrosoftService: NIC1394Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Broadcom iLine10 Network AdapterDescription: Broadcom iLine10 Network AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: BroadcomService: BCM42XXProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: 3ComService: EL90XBCProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Standard 101/102-Key or Microsoft Natural PS/2 KeyboardDescription: Standard 101/102-Key or Microsoft Natural PS/2 KeyboardClass Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}Manufacturer: (Standard keyboards)Service: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: PS/2 Compatible MouseDescription: PS/2 Compatible MouseClass Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================Application errors:==================Error: (06/10/2015 06:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/09/2015 11:12:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.Processing media-specific event for [plugin-container.exe!ws!]Error: (06/09/2015 04:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.Processing media-specific event for [plugin-container.exe!ws!]Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/08/2015 11:04:36 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/08/2015 01:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.Processing media-specific event for [plugin-container.exe!ws!]Error: (06/07/2015 06:45:56 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (06/07/2015 06:37:35 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application regsearch.exe, version 2.0.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.System errors:=============Error: (06/12/2015 00:55:00 AM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 11:55:01 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 10:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 09:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 08:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 07:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 06:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 05:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 04:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Error: (06/11/2015 03:55:00 PM) (Source: Schedule) (EventID: 7901) (User: )Description: The At1.job command failed to start due to the following error:%%2147942403Microsoft Office:=========================Error: (06/10/2015 06:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: OUTLOOK.EXE9.0.0.2416hungapp0.0.0.000000000Error: (06/09/2015 11:12:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1Error: (06/09/2015 04:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000Error: (06/08/2015 11:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000Error: (06/08/2015 11:04:36 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000Error: (06/08/2015 01:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1Error: (06/07/2015 06:45:56 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000Error: (06/07/2015 06:37:35 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: regsearch.exe2.0.6.0hungapp0.0.0.000000000==================== Memory info ===========================Processor: Intel® Pentium® 4 CPU 1400MHzPercentage of memory in use: 80%Total physical RAM: 767.07 MBAvailable physical RAM: 148.04 MBTotal Pagefile: 1877.77 MBAvailable Pagefile: 836.93 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1942.86 MB==================== Drives ================================Drive c: () (Fixed) (Total:126 GB) (Free:81.59 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (DATA STORAGE) (Fixed) (Total:70.02 GB) (Free:69.93 GB) NTFSDrive e: (MOVIES) (Fixed) (Total:29.29 GB) (Free:29.23 GB) NTFSDrive f: (PICTURES) (Fixed) (Total:7.57 GB) (Free:7.52 GB) NTFSDrive z: () (Network) (Total:126 GB) (Free:81.59 GB)==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 00000001)Partition 1: (Active) - (Size=126 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=106.9 GB) - (Type=OF Extended)==================== End of log ============================ ==========================================================================ARGUS here's the first one MSVIDEO DLLFarbar Recovery Scan Tool (x86) Version: 08-06-2015Ran by Thomas D Ludwig at 2015-06-12 01:51:32Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolBoot Mode: Normal================== Search Files: "MSVIDEO DLL" =================== End of Search ======REGSEARCHWindows Registry Editor Version 5.00; Registry Search 2.0 by Bobbi Flekman © 2005; Version: 2.0.6.0; Results at 6/12/2015 2:00:24 AM for strings:; '11d3a0e3-9aa8-49cb-929c-1cd939610ad7'; Strings excluded from search:; (None); Search in:; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log...Argus after this I'm going to have to go to Sleep. Talk to you tomorrow and Thank you So kindly.Thomas D ~ Link to post Share on other sites More sharing options...
_argus Posted June 12, 2015 ID:968715 Share Posted June 12, 2015 Okay, Scan with ComboFixThis is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own!Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 13, 2015 Author ID:968860 Share Posted June 13, 2015 Dear Argus I'm going to be working on the Scan with ComboFix now.Thank you, Thomas ~ Link to post Share on other sites More sharing options...
LUDWIGS Posted June 13, 2015 Author ID:968910 Share Posted June 13, 2015 June 13th, 2015 Saturday 11:26am EST ~Dear Argus here are the ComboFix LOGS. ComboFix 15-06-09.01 - Thomas D Ludwig 06/13/2015 9:56.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.420 [GMT -4:00]Running from: c:\documents and settings\Thomas D Ludwig\Desktop\ComboFix\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\ntuser.polc:\documents and settings\Thomas D Ludwig\g2mdlhlpx.exec:\documents and settings\Thomas D Ludwig\WINDOWSC:\ENDc:\program files\NewPlayerc:\program files\NewPlayer\LANGUAGES\Arabic.inic:\program files\NewPlayer\LANGUAGES\Bulgarian.inic:\program files\NewPlayer\LANGUAGES\Catalan.inic:\program files\NewPlayer\LANGUAGES\ChineseS.inic:\program files\NewPlayer\LANGUAGES\ChineseT.inic:\program files\NewPlayer\LANGUAGES\Czech.inic:\program files\NewPlayer\LANGUAGES\Danish.inic:\program files\NewPlayer\LANGUAGES\Dutch.inic:\program files\NewPlayer\LANGUAGES\Estonian.inic:\program files\NewPlayer\LANGUAGES\Finnish.inic:\program files\NewPlayer\LANGUAGES\French.inic:\program files\NewPlayer\LANGUAGES\Greek.inic:\program files\NewPlayer\LANGUAGES\HaitianCreole.inic:\program files\NewPlayer\LANGUAGES\Hebrew.inic:\program files\NewPlayer\LANGUAGES\Hindi.inic:\program files\NewPlayer\LANGUAGES\Hungarian.inic:\program files\NewPlayer\LANGUAGES\Italian.inic:\program files\NewPlayer\LANGUAGES\Japanese.inic:\program files\NewPlayer\LANGUAGES\Korean.inic:\program files\NewPlayer\LANGUAGES\Latvian.inic:\program files\NewPlayer\LANGUAGES\Lithuanian.inic:\program files\NewPlayer\LANGUAGES\Norwegian.inic:\program files\NewPlayer\LANGUAGES\Polish.inic:\program files\NewPlayer\LANGUAGES\Portuguese.inic:\program files\NewPlayer\LANGUAGES\Romanian.inic:\program files\NewPlayer\LANGUAGES\Russian.inic:\program files\NewPlayer\LANGUAGES\Slovak.inic:\program files\NewPlayer\LANGUAGES\Spanish.inic:\program files\NewPlayer\LANGUAGES\Swedish.inic:\program files\NewPlayer\LANGUAGES\Thai.inic:\program files\NewPlayer\LANGUAGES\Turkish.inic:\program files\NewPlayer\LANGUAGES\Ukrainian.inic:\program files\NewPlayer\LANGUAGES\Vietnamese.inic:\program files\NewPlayer\NewPlayerUpdaterService.InstallStatec:\windows\$msi31uninstall_kb893803v2$c:\windows\~GLC0000.TMPc:\windows\EventSystem.logc:\windows\help\wmplayer.bakc:\windows\iun6002.exec:\windows\system32\AdobePDF.dllc:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\regobj.dllc:\windows\system32\roboot.exec:\windows\system32\SET4C.tmpc:\windows\system32\SET60.tmpc:\windows\system32\SET64.tmpc:\windows\system32\SET68.tmpc:\windows\system32\SET6A.tmpc:\windows\system32\SET6C.tmpc:\windows\system32\SET79.tmpc:\windows\system32\tbc23.tmpc:\windows\system32\tbc24.tmpc:\windows\system32\tbc35.tmpc:\windows\system32\tbc6C.tmpc:\windows\system32\tbc6D.tmpc:\windows\system32\tbc6E.tmpc:\windows\system32\tbc93.tmpc:\windows\system32\tbc95.tmpc:\windows\system32\tbcB6.tmpc:\windows\system32\tbcC4.tmpc:\windows\system32\twain.dllc:\windows\wininit.inic:\windows\wmsysprx.prx..((((((((((((((((((((((((( Files Created from 2015-05-13 to 2015-06-13 )))))))))))))))))))))))))))))))..2015-06-13 14:20 . 2015-06-13 14:20 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS2015-06-13 14:20 . 2015-06-13 14:20 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS2015-06-13 14:20 . 2015-06-13 14:20 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS2015-06-13 14:20 . 2015-06-13 14:20 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS2015-06-13 14:20 . 2015-06-13 14:20 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS2015-06-13 14:20 . 2015-06-13 14:20 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS2015-06-13 14:20 . 2015-06-13 14:20 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS2015-06-13 14:20 . 2015-06-13 14:20 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS2015-06-13 14:20 . 2015-06-13 14:20 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS2015-06-13 14:20 . 2015-06-13 14:20 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS2015-06-13 14:20 . 2015-06-13 14:20 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS2015-06-13 14:20 . 2015-06-13 14:20 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS2015-06-13 14:19 . 2015-06-13 14:19 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS2015-06-13 14:19 . 2015-06-13 14:19 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS2015-06-13 14:19 . 2015-06-13 14:19 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS2015-06-13 14:19 . 2015-06-13 14:19 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS2015-06-12 03:59 . 2015-06-12 05:40 -------- d-----w- C:\FRST2015-06-07 23:47 . 2015-06-11 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\REGSERVO2015-06-07 23:47 . 2015-06-07 23:47 -------- d-----w- c:\program files\REGSERVO2015-06-07 18:33 . 2015-06-07 18:33 -------- d-----w- c:\windows\system32\wbem\Repository2015-06-07 18:29 . 2015-06-07 18:29 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\USERTILE.JS2015-06-07 18:29 . 2015-06-07 18:29 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UIRESOURCE.JS2015-06-07 18:29 . 2015-06-07 18:29 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXTBOX.JS2015-06-07 18:29 . 2015-06-07 18:29 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TILEBOX.JS2015-06-07 18:29 . 2015-06-07 18:29 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UICORE.JS2015-06-07 18:29 . 2015-06-07 18:29 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXT.JS2015-06-07 18:29 . 2015-06-07 18:29 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\SAVEDUSER.JS2015-06-07 18:29 . 2015-06-07 18:29 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\QUERYSTRING.JS2015-06-07 18:29 . 2015-06-07 18:29 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\NEWUSERCOMM.JS2015-06-07 18:29 . 2015-06-07 18:29 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LINK.JS2015-06-07 18:29 . 2015-06-07 18:29 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LOCALIZATION.JS2015-06-07 18:29 . 2015-06-07 18:29 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\IMAGE.JS2015-06-07 18:28 . 2015-06-07 18:28 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\EXTERNALWRAPPER.JS2015-06-07 18:28 . 2015-06-07 18:28 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\DIVWRAPPER.JS2015-06-07 18:28 . 2015-06-07 18:28 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\COMBOBOX.JS2015-06-07 18:28 . 2015-06-07 18:28 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\CHECKBOX.JS2015-06-07 18:28 . 2015-06-07 18:28 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\BUTTON.JS2015-06-01 13:26 . 2009-08-18 16:32 403840 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll2015-05-30 03:35 . 2015-05-30 03:36 -------- d-----w- c:\program files\IBP 122015-05-30 02:42 . 2015-05-30 02:43 -------- d-----w- c:\program files\AddWeb8...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-06-13 08:21 . 2015-01-08 23:53 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-06-09 19:18 . 2015-03-16 04:52 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe2015-06-09 19:18 . 2015-03-16 04:52 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2015-04-25 12:26 . 2015-04-25 12:16 114904 ----a-w- c:\windows\system32\drivers\6AD26103.sys2013-02-15 19:45 . 2013-02-15 19:45 0 ----a-w- c:\program files\GUM6F.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2015-01-10 07:30 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-28 6714136]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 5227112]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-08-23 295512]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]"nwiz"="nwiz.exe" [2003-10-06 741376]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SoftwareSASGeneration"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\3Com Modem Manager.lnkbackup=c:\windows\pss\3Com Modem Manager.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScanButton 2.1.lnkbackup=c:\windows\pss\ScanButton 2.1.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnkbackup=c:\windows\pss\SnapDetect.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk]path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\Dropbox.lnkbackup=c:\windows\pss\Dropbox.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnkbackup=c:\windows\pss\MyPC Backup.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System OptimizerHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced-System Protector_startupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminderHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BringMeSports_1c Browser Plugin LoaderHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdate.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LinksysDiag]c:\program files\Linksys\LinksysDiag\LinksysDiag [X]HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-MalwareHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheckHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartNowToolbarHelperHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Browser Plugin LoaderHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Search Scope Monitor.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]2000-07-19 14:00 176183 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp]2000-07-19 14:00 24625 ----a-w- c:\program files\Microsoft Money\System\Money Startup.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]2014-01-09 11:18 6434176 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\NetMeeting\\conf.exe"="c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Zoom\\bin\\Zoom.exe"="c:\\Program Files\\Avanquest\\Web Easy Professional 10\\WebEasy.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009.R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/10/2015 3:31 AM 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/10/2015 3:31 AM 206248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1/10/2015 3:31 AM 787800]R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/10/2015 3:31 AM 423784]R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [10/19/2011 10:57 AM 18432]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1/10/2015 3:31 AM 24184]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1/10/2015 3:31 AM 73480]R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/16/2010 9:00 PM 8568]R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [10/23/2013 10:02 AM 792608]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]R2 VS3COM;3Com Serial Port Driver;c:\program files\3Com\ModemMgr\Program\Vs3Com.sys [1/15/2010 3:26 PM 12544]R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/16/2010 1:14 PM 388936]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/8/2015 7:52 PM 23256]R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/14/2010 1:13 PM 163376]R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/14/2010 1:16 PM 498592]S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/8/2015 7:52 PM 969016]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [1/10/2010 8:50 AM 54271]S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/16/2010 9:00 PM 11351]S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [10/23/2013 10:02 AM 1147424]S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/7/2014 3:48 AM 12288]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [1/8/2015 7:53 PM 114904]S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [1/16/2010 9:00 PM 15360]S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [10/23/2013 10:02 AM 1160224]S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [8/25/2014 12:31 PM 19232]S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [1/8/2015 7:52 PM 1871160].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-06-09 22:51 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16 19:18].2015-06-13 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-10 07:30].2015-06-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31 03:43].2015-06-13 c:\windows\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31 03:43].2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16].2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16].2015-06-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job- c:\windows\system32\xp_eos.exe [2014-07-14 01:59].2015-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job- c:\windows\system32\xp_eos.exe [2014-07-14 01:59].2015-06-13 c:\windows\Tasks\NUAutoUpdate.job- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-10-23 03:55].2015-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1410845932.job- c:\program files\Opera\launcher.exe [2014-09-16 09:07].2015-05-25 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 19:19].2015-06-13 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19].2015-06-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19].2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-11 c:\windows\Tasks\REGSERVO.job- c:\program files\REGSERVO\REGSERVO.exe [2015-06-07 18:35].2015-06-11 c:\windows\Tasks\SpeedDiskSchedule.job- c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2013-10-23 02:50].2015-06-13 c:\windows\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.foxnews.com/mStart Page = https://www.yahoo.com/?fr=hp-avast&type=agc511mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511uInternet Settings,ProxyOverride = <-loopback>;<local>IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlTrusted Zone: cyberspacehq.comTCP: Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1FF - ProfilePath - c:\documents and settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKCU-Run-IBP - (no file)MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exeMSConfigStartUp-BringMeSports Search Scope Monitor - c:\progra~1\BRINGM~2\bar\1.bin\1csrchmn.exeAddRemove-WYSIWYG_Web_Builder_2.6 - c:\windows\iun6002.exeAddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2015-06-13 10:21Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3348)c:\windows\system32\WININET.dllc:\windows\system32\nView.dllc:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dllc:\windows\system32\nvwddi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files\Java\jre7\bin\jqs.exec:\windows\system32\nvsvc32.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Windows Media Player\WMPNetwk.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\system32\wscntfy.exec:\windows\system32\rundll32.exec:\windows\System32\wbem\unsecapp.exe.**************************************************************************.Completion time: 2015-06-13 10:31:08 - machine was rebootedComboFix-quarantined-files.txt 2015-06-13 14:31.Pre-Run: 87,096,643,584 bytes freePost-Run: 87,856,988,160 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut.- - End Of File - - 6D2F9DC4280152BD6232D6265C0AF23B8F558EB6672622401DA993E1E865C861 Thank you So kindly,God Bless,Thomas ~ . Link to post Share on other sites More sharing options...
_argus Posted June 13, 2015 ID:968916 Share Posted June 13, 2015 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:File::c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnkc:\windows\pss\MyPC Backup.lnkStartupRegistry::[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]path=-backup=-Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply. **************************************************************************************************************************************** Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content into your next reply. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 13, 2015 Author ID:968959 Share Posted June 13, 2015 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: File::c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnkc:\windows\pss\MyPC Backup.lnkStartupRegistry::[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]path=-backup=-Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply. **************************************************************************************************************************************** Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content into your next reply. June 13th, 2015 Saturday 3:28pm EST ~Dear ARGUS here's the 2 REPORTS completed. ComboFix 15-06-09.01 - Thomas D Ludwig 06/13/2015 14:17:35.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.293 [GMT -4:00]Running from: c:\documents and settings\Thomas D Ludwig\Desktop\ComboFix\ComboFix.exeCommand switches used :: c:\documents and settings\Thomas D Ludwig\Desktop\ComboFix\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}.FILE ::"c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnk""c:\windows\pss\MyPC Backup.lnkStartup"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\pss\MyPC Backup.lnkStartup..((((((((((((((((((((((((( Files Created from 2015-05-13 to 2015-06-13 )))))))))))))))))))))))))))))))..2015-06-13 14:20 . 2015-06-13 14:20 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS2015-06-13 14:20 . 2015-06-13 14:20 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS2015-06-13 14:20 . 2015-06-13 14:20 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS2015-06-13 14:20 . 2015-06-13 14:20 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS2015-06-13 14:20 . 2015-06-13 14:20 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS2015-06-13 14:20 . 2015-06-13 14:20 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS2015-06-13 14:20 . 2015-06-13 14:20 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS2015-06-13 14:20 . 2015-06-13 14:20 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS2015-06-13 14:20 . 2015-06-13 14:20 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS2015-06-13 14:20 . 2015-06-13 14:20 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS2015-06-13 14:20 . 2015-06-13 14:20 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS2015-06-13 14:20 . 2015-06-13 14:20 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS2015-06-13 14:19 . 2015-06-13 14:19 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS2015-06-13 14:19 . 2015-06-13 14:19 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS2015-06-13 14:19 . 2015-06-13 14:19 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS2015-06-13 14:19 . 2015-06-13 14:19 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS2015-06-13 14:19 . 2015-06-13 14:19 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS2015-06-12 03:59 . 2015-06-12 05:40 -------- d-----w- C:\FRST2015-06-07 23:47 . 2015-06-11 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\REGSERVO2015-06-07 23:47 . 2015-06-07 23:47 -------- d-----w- c:\program files\REGSERVO2015-06-07 18:33 . 2015-06-07 18:33 -------- d-----w- c:\windows\system32\wbem\Repository2015-06-07 18:29 . 2015-06-07 18:29 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\USERTILE.JS2015-06-07 18:29 . 2015-06-07 18:29 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UIRESOURCE.JS2015-06-07 18:29 . 2015-06-07 18:29 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXTBOX.JS2015-06-07 18:29 . 2015-06-07 18:29 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TILEBOX.JS2015-06-07 18:29 . 2015-06-07 18:29 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\UICORE.JS2015-06-07 18:29 . 2015-06-07 18:29 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\TEXT.JS2015-06-07 18:29 . 2015-06-07 18:29 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\SAVEDUSER.JS2015-06-07 18:29 . 2015-06-07 18:29 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\QUERYSTRING.JS2015-06-07 18:29 . 2015-06-07 18:29 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\NEWUSERCOMM.JS2015-06-07 18:29 . 2015-06-07 18:29 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LINK.JS2015-06-07 18:29 . 2015-06-07 18:29 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\LOCALIZATION.JS2015-06-07 18:29 . 2015-06-07 18:29 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\IMAGE.JS2015-06-07 18:28 . 2015-06-07 18:28 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\EXTERNALWRAPPER.JS2015-06-07 18:28 . 2015-06-07 18:28 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\DIVWRAPPER.JS2015-06-07 18:28 . 2015-06-07 18:28 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\COMBOBOX.JS2015-06-07 18:28 . 2015-06-07 18:28 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\CHECKBOX.JS2015-06-07 18:28 . 2015-06-07 18:28 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(3)\BUTTON.JS2015-06-01 13:26 . 2009-08-18 16:32 403840 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll2015-05-30 03:35 . 2015-05-30 03:36 -------- d-----w- c:\program files\IBP 122015-05-30 02:42 . 2015-05-30 02:43 -------- d-----w- c:\program files\AddWeb8...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-06-13 14:59 . 2015-01-08 23:53 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-06-09 19:18 . 2015-03-16 04:52 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe2015-06-09 19:18 . 2015-03-16 04:52 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2015-04-25 12:26 . 2015-04-25 12:16 114904 ----a-w- c:\windows\system32\drivers\6AD26103.sys2013-02-15 19:45 . 2013-02-15 19:45 0 ----a-w- c:\program files\GUM6F.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2015-01-10 07:30 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-28 6714136]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 5227112]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-08-23 295512]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]"nwiz"="nwiz.exe" [2003-10-06 741376]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SoftwareSASGeneration"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\3Com Modem Manager.lnkbackup=c:\windows\pss\3Com Modem Manager.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScanButton 2.1.lnkbackup=c:\windows\pss\ScanButton 2.1.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnkbackup=c:\windows\pss\SnapDetect.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk]path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\Dropbox.lnkbackup=c:\windows\pss\Dropbox.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk]path=c:\documents and settings\Thomas D Ludwig\Start Menu\Programs\Startup\MyPC Backup.lnkbackup=c:\windows\pss\MyPC Backup.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LinksysDiag]c:\program files\Linksys\LinksysDiag\LinksysDiag [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]2000-07-19 14:00 176183 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp]2000-07-19 14:00 24625 ----a-w- c:\program files\Microsoft Money\System\Money Startup.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]2014-01-09 11:18 6434176 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\NetMeeting\\conf.exe"="c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Documents and Settings\\Thomas D Ludwig\\Application Data\\Zoom\\bin\\Zoom.exe"="c:\\Program Files\\Avanquest\\Web Easy Professional 10\\WebEasy.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009.R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/10/2015 3:31 AM 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/10/2015 3:31 AM 206248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1/10/2015 3:31 AM 787800]R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/10/2015 3:31 AM 423784]R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [10/19/2011 10:57 AM 18432]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1/10/2015 3:31 AM 24184]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1/10/2015 3:31 AM 73480]R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/16/2010 9:00 PM 8568]R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/8/2015 7:52 PM 969016]R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [10/23/2013 10:02 AM 792608]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]R2 VS3COM;3Com Serial Port Driver;c:\program files\3Com\ModemMgr\Program\Vs3Com.sys [1/15/2010 3:26 PM 12544]R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/16/2010 1:14 PM 388936]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/8/2015 7:52 PM 23256]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [1/8/2015 7:53 PM 114904]R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/14/2010 1:13 PM 163376]R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/14/2010 1:16 PM 498592]R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [1/8/2015 7:52 PM 1871160]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [1/10/2010 8:50 AM 54271]S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/16/2010 9:00 PM 11351]S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [10/23/2013 10:02 AM 1147424]S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/7/2014 3:48 AM 12288]S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [1/16/2010 9:00 PM 15360]S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [10/23/2013 10:02 AM 1160224]S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [8/25/2014 12:31 PM 19232].--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-06-09 22:51 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16 19:18].2015-06-13 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-10 07:30].2015-06-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31 03:43].2015-06-13 c:\windows\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31 03:43].2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16].2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-19 04:16].2015-06-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job- c:\windows\system32\xp_eos.exe [2014-07-14 01:59].2015-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job- c:\windows\system32\xp_eos.exe [2014-07-14 01:59].2015-06-13 c:\windows\Tasks\NUAutoUpdate.job- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-10-23 03:55].2015-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1410845932.job- c:\program files\Opera\launcher.exe [2014-09-16 09:07].2015-05-25 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 19:19].2015-06-13 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19].2015-06-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19].2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13].2015-06-11 c:\windows\Tasks\REGSERVO.job- c:\program files\REGSERVO\REGSERVO.exe [2015-06-07 18:35].2015-06-13 c:\windows\Tasks\SpeedDiskSchedule.job- c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2013-10-23 02:50].2015-06-13 c:\windows\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.foxnews.com/mStart Page = https://www.yahoo.com/?fr=hp-avast&type=agc511mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511uInternet Settings,ProxyOverride = <-loopback>;<local>IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlTrusted Zone: cyberspacehq.comTCP: Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1FF - ProfilePath - c:\documents and settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2015-06-13 14:35Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2015-06-13 14:39:53ComboFix-quarantined-files.txt 2015-06-13 18:39ComboFix2.txt 2015-06-13 14:31.Pre-Run: 87,836,815,360 bytes freePost-Run: 87,818,809,344 bytes free.- - End Of File - - A42063F5311CF12432718D0FC7F6E7D28F558EB6672622401DA993E1E865C861 #2.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 13-06-2015 15:14:01Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolLoaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)HKLM\...\Run: [nwiz] => nwiz.exe /installHKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabledProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTIONSearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabHandler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1FireFox:========FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101FF Homepage: hxxp://www.foxnews.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @hulu.com/Hulu Desktop -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]Chrome:=======CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url valueCHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx========================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)R4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-13] (Malwarebytes Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]R3 catchme; \??\C:\ComboFix\catchme.sys [X]S4 hpt3xx; No ImagePathU5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U4 Scsiscan; No ImagePathU3 mbr; \??\C:\ComboFix\mbr.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-13 14:39 - 2015-06-13 15:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00026825 _____ C:\ComboFix.txt2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp2015-06-13 08:32 - 2015-06-13 08:32 - 00000000 _RSHD C:\cmdcons2015-06-13 08:32 - 2015-05-28 17:12 - 00000212 _____ C:\Boot.bak2015-06-13 08:32 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2015-06-13 08:28 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe2015-06-13 08:28 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe2015-06-13 08:28 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe2015-06-13 08:27 - 2015-06-13 14:40 - 00000000 ____D C:\Qoobox2015-06-13 08:26 - 2015-06-13 10:26 - 00000000 ____D C:\WINDOWS\erdnt2015-06-11 23:59 - 2015-06-13 15:14 - 00000000 ____D C:\FRST2015-06-11 23:43 - 2015-06-13 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO2015-06-07 19:47 - 2015-06-11 03:02 - 00000402 _____ C:\WINDOWS\Tasks\REGSERVO.job2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg2015-06-06 23:13 - 2015-06-12 01:58 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk2015-06-02 21:48 - 2015-06-13 14:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal.txt2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #22015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 22015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da52015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner2015-05-30 23:44 - 2015-06-13 13:24 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis2015-05-29 23:35 - 2015-05-29 23:36 - 00000000 ____D C:\Program Files\IBP 122015-05-29 23:35 - 2015-05-29 23:35 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk2015-05-29 23:35 - 2015-05-29 23:35 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 122015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Program Files\AddWeb82015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk2015-05-29 22:42 - 2015-05-29 22:42 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk2015-05-27 17:24 - 2015-05-29 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE AddWeb 8.0 Deluxe Website Promoter2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-13 14:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-06-13 14:39 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-06-13 14:36 - 2001-08-23 08:00 - 00000227 _____ C:\WINDOWS\system.ini2015-06-13 14:34 - 2010-01-16 12:19 - 00000000 ____D C:\WINDOWS\pss2015-06-13 14:00 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype2015-06-13 13:57 - 2010-01-10 14:33 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt2015-06-13 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-06-13 13:38 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2015-06-13 13:30 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 13:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-06-13 13:00 - 2013-11-11 15:17 - 00000338 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job2015-06-13 11:04 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2015-06-13 10:59 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-06-13 10:51 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService2015-06-13 10:29 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\repair2015-06-13 10:22 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 10:21 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 10:21 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 10:21 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log2015-06-13 10:20 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job2015-06-13 10:20 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera2015-06-13 10:20 - 2010-01-10 16:53 - 01523109 _____ C:\WINDOWS\WindowsUpdate.log2015-06-13 10:19 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 10:19 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-06-13 10:19 - 2013-10-23 10:03 - 00000296 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job2015-06-13 10:19 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log2015-06-13 10:19 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl2015-06-13 10:18 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini2015-06-13 10:15 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig2015-06-13 10:15 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help2015-06-13 08:32 - 2010-01-10 08:46 - 00000328 __RSH C:\boot.ini2015-06-12 23:29 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job2015-06-10 10:06 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2015-06-07 14:33 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE2015-06-07 14:33 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator2015-06-07 14:33 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins2015-06-07 14:26 - 2010-07-15 11:14 - 00951738 _____ C:\WINDOWS\setupapi.log2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini2015-05-29 22:42 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite1402015-05-27 18:55 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP iBusinessPromoter2015-05-25 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass==================== Files in the root of some directories =======2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End of log ============================Argus Thank you for youe help, Thomas Link to post Share on other sites More sharing options...
_argus Posted June 13, 2015 ID:968961 Share Posted June 13, 2015 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop:Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please attach it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
LUDWIGS Posted June 14, 2015 Author ID:969013 Share Posted June 14, 2015 June 13th, 2015 Saturday 7:15pm EST ~ Dear ARGUS by using the last FIX of Farbar Recovery Scan_Tool, I was Not able to get Back-Online. Obviously a File or a Key or something was deleted or changed for my Internet Connection which is directly to my Computer and there apparently was no way to get reconnected. Argus I tried everything from Wizards to repairing and so on. Finally I went to System Restore brought it back to the state before the FIXES. So none of the fixes have been done and after you go over the List again I’ll have to review it too before I implement the Fixes. #2. Argus The MSVIDEO DLL Error does Not pop Up any longer as when I open my MicroSoft Outlook, nor when I open System-Restore. The ERROR also does Not pop open when I open System Information either.These seem to have been FIXED the first time I ran ComboFix. #3. ARGUS here’s what happened, After I downloaded the Fix for the Farbar Recovery Scan Tool, I started the program and clicked on FIX… After jus a couple of minutes my Computer Crashed and although it keep running my Monitor when black. I waited for a little over 15 minutes and nothing was happening.ARGUS I shut the Computer down and rebooted it again.I went back to your directions and did it over again.Put the FIX notepad File into the same folder (Farbar Recovery Scan Tool) on my Desktop than started the FIRST Tool again, pressed FIX and ths time the whole Program completed to the end and my Monitor never went black. Argus please advise is there something to be concerned about the Crash outlined above? #4. here’s a few of the FIXES that I know can Not be removed:a) Anything to do with connecting to the Internet.b) reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fc) and more also. All were reversed BELOW when I had to do SYSTEM RESTORE.Blessings,Love-in-Christ <><. Thomas D ~ ARGUS none of these are done.Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015Ran by Thomas D Ludwig at 2015-06-13 16:55:05 Run:2Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolLoaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)Boot Mode: Normal==============================================fixlist content:*****************CreateRestorePoint:closeprocesses:emptytemp:HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTIONGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabledProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTIONSearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://websearch.ask...DC-851512952716Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileTcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url valueCHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crxCHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.goo...ice/update2/crxS3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]U4 Scsiscan; No ImagePathU3 mbr; \??\C:\ComboFix\mbr.sys [X]R3 catchme; \??\C:\ComboFix\catchme.sys [X]S4 hpt3xx; No ImagePathTask: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\THOMAS~1\APPLIC~1\WSE_Astromenda\UpdateProc\UpdateTask.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTIONAlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributesAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor:com.dropbox.attributesRemoveProxy:Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fCMD: ipconfig /flushdnsCMD: bitsadmin /reset /allusers*****************Restore point was successfully created.Processes closed successfully.HKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfully"C:\WINDOWS\system32\GroupPolicy\Machine" => File/Folder not found."HKLM\SOFTWARE\Policies\Google" => key removed successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully."HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value removed successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully.HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found."HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully.HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found."HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found."HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD11FC05-EF26-4ED3-9041-1A10B74294CA}" => key removed successfully.HKCR\CLSID\{FD11FC05-EF26-4ED3-9041-1A10B74294CA} => key not found.HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}\\NameServer => value removed successfully."HKLM\SOFTWARE\Google\Chrome\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh" => key removed successfully."HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => key removed successfully."HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully.IDriverT => Service removed successfully.Scsiscan => Service removed successfully.mbr => Service not found.catchme => Service removed successfully.hpt3xx => Service removed successfully.C:\WINDOWS\Tasks\At1.job not found.C:\WINDOWS\Tasks\REGSERVO.job => moved successfully."C:\Documents and Settings\All Users\Application Data\TEMP" => ":373E1720" ADS not found."C:\Documents and Settings\All Users\Application Data\TEMP" => ":792D4CF1" ADS not found."C:\Documents and Settings\All Users\Application Data\TEMP" => ":D1B5B4F1" ADS not found.C:\Documents and Settings\Thomas D Ludwig\Desktop\Getting Started.pdf => ":com.dropbox.attributes" ADS removed successfully..C:\Documents and Settings\Thomas D Ludwig\Desktop\PowerPoint Presenation 3.25.2015.JN.ppt => ":com.dropbox.attributes" ADS removed successfully.."C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE" => ":SummaryInformation" ADS not found.C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.."C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE" => ":SummaryInformation" ADS not found.C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.."C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE" => ":SummaryInformation" ADS not found.C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..C:\Documents and Settings\Thomas D Ludwig\My Documents\SkypeSetup_6.14.0.104.msi => ":com.dropbox.attributes" ADS removed successfully.."C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share" => ":com.dropbox.attributes" ADS not found.C:\Documents and Settings\Thomas D Ludwig\My Documents\WYSIWYG Editor => ":com.dropbox.attributes" ADS removed successfully..========= RemoveProxy: =========HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.========= End of RemoveProxy: ================== reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========The operation completed successfully========= End of Reg: ================== reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========The operation completed successfully========= End of Reg: ================== ipconfig /flushdns =========Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========= End of CMD: ================== bitsadmin /reset /allusers ========='bitsadmin' is not recognized as an internal or external command,operable program or batch file.========= End of CMD: =========EmptyTemp: => 686.2 MB temporary data Removed.The system needed a reboot.==== End of Fixlog 16:56:59 ==== ALL OF THESE ABOVE HAVE NOT BEEN COMPLETED...ARGUS I do have a few Website Building Programs and other SEO Programs on my Computer.Thomas ~ Link to post Share on other sites More sharing options...
_argus Posted June 14, 2015 ID:969045 Share Posted June 14, 2015 How's your computer behaving now? Argus please advise is there something to be concerned about the Crash outlined above? Always something can go wrong, but now everything is okay.Your Antivirus is Avast, but you have remnants Norton Antivirus. Maybe is it was the source of the problem.Download and run Norton removal.https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&entsrc=redirect_pubweb&pvid=f-home Link to post Share on other sites More sharing options...
LUDWIGS Posted June 14, 2015 Author ID:969050 Share Posted June 14, 2015 Dear Argus it's seems to be running better. Lets still try to clear-up most or a lot of the items on the FIXLIST together. The ones that you Know for sure are potential problems and shouldn't be there.things like that remnents of the Sports Bar, Anything to do with Norton Symantic, Norton Ultilies, (as I don't even have them installed on my Computer any longer.Please put them on a Fix List , and I'll go over your FIXList too... Let's leave alone all file to do with my internet Connection, from my Computer, my Unique IP Address, and so on. Lets leave alone my tool bars as the are SEO Toolbars...Tomorrow I'll also look up some of the items on Google you had listed on that last FIXList and send the ones I find should be removed to You .ARGUS after this what else has to be done from your point of view?Thank you,Thomas ~ Link to post Share on other sites More sharing options...
_argus Posted June 14, 2015 ID:969056 Share Posted June 14, 2015 Now run FRST scan for final check. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 15, 2015 Author ID:969311 Share Posted June 15, 2015 June 15th, 2015 Monday 2:08pm ESTDear Argus after this First Run what do you think Of doing the FixList in 2 stages? #1. for everything you decide excluding anything that could Screw-Up my internet connection again. If anything gets deleted and effects any of my SEO Programs or working Tool Bars etc, later after we're done with everything I'll just reinstall the effected Programs that I need again So that they work, No problem...(ARGUS for my Computer I am on network Settings, however the Cable comes into my Computer and at this time there is No other Computer in the Network. I originally did this to be able to hook-in a future Laptop but I haven't been able to purchase it yet.)#2. Argus for what is left to still do. as far as FIXList, and Argus you make the decision what else should be done. (Argus by doing it in two stages this way, if there's another problem getting on the Internet I won't have to undo all the 1st part FIXList - if I'm forced to do another System Restore because of not being able to get Online.Thank you for understanding.Let me know on this please.I remain, Respectfully,Thomas ~ Link to post Share on other sites More sharing options...
_argus Posted June 15, 2015 ID:969312 Share Posted June 15, 2015 Dont worry, i will just look report. Probably the fix wont be necessary. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 15, 2015 Author ID:969319 Share Posted June 15, 2015 June 15th, 2015 Monday 2:31pm EST ~Dear Argus here it is and it looks like it's in two parts. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015Ran by Thomas D Ludwig (administrator) on TDL-OFFICE on 15-06-2015 14:20:38Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolLoaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow32.exe(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe(Microsoft Corporation) C:\Program Files\Microsoft Image Composer\IMGCOMP.EXE(Microsoft Corporation) C:\Program Files\Microsoft Image Composer\IMGCOMP.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe(Microsoft Corporation) C:\Program Files\Outlook Express\wab.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)HKLM\...\Run: [nwiz] => nwiz.exe /installHKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)HKLM\...\Run: [smartPatrol] => C:\Program Files\AddWeb8\SmartPatrol.exe [1171968 2006-04-13] (Cyberspace Headquarters, LLC)HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-28] (SUPERAntiSpyware)HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FAH.lnk [2015-06-13]ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-13]ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabledProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTIONSearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindowsXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cabHandler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1FireFox:========FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101FF DefaultSearchEngine.US: Search Provided by YahooFF Homepage: hxxp://www.foxnews.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)FF SearchPlugin: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\searchplugins\search-provided-by-yahoo.xml [2015-06-13]FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-06-01]FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]Chrome:=======CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - No Path Or update_url valueCHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx========================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-10] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-06-15] (Malwarebytes Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S4 hpt3xx; No ImagePathU5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U4 Scsiscan; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-15 01:08 - 2015-06-15 12:04 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\AVG Removal Tool2015-06-13 23:08 - 2015-06-14 00:55 - 00000000 ____D C:\Program Files\AddWeb82015-06-13 23:08 - 2015-06-13 23:08 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\AddWeb Website Promoter 8.lnk2015-06-13 23:08 - 2015-06-13 23:08 - 00000654 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\AddWeb Website Promoter 8.lnk2015-06-13 23:02 - 2015-06-13 23:02 - 00001525 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Launch IBP.lnk2015-06-13 23:02 - 2015-06-13 23:02 - 00000000 ____D C:\Program Files\IBP 122015-06-13 23:02 - 2015-06-13 23:02 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\iBusinessPromoter 122015-06-13 22:40 - 2015-06-13 22:43 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\WinZip2015-06-13 22:40 - 2015-06-13 22:40 - 00001770 _____ C:\Documents and Settings\All Users\Start Menu\WinZip.lnk2015-06-13 22:40 - 2015-06-13 22:40 - 00001770 _____ C:\Documents and Settings\All Users\Desktop\WinZip.lnk2015-06-13 22:40 - 2015-06-13 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinZip2015-06-13 22:39 - 2015-06-13 22:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip2015-06-13 22:38 - 2015-06-13 22:39 - 00000000 ____D C:\Program Files\WinZip2015-06-13 18:44 - 2015-06-13 18:44 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics2015-06-13 16:29 - 2015-06-13 19:02 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol2015-06-13 14:39 - 2015-06-15 14:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00026825 _____ C:\ComboFix.txt2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp2015-06-13 14:39 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp2015-06-13 08:32 - 2015-06-13 08:32 - 00000000 _RSHD C:\cmdcons2015-06-13 08:32 - 2015-05-28 17:12 - 00000212 _____ C:\Boot.bak2015-06-13 08:32 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2015-06-13 08:28 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe2015-06-13 08:28 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe2015-06-13 08:28 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe2015-06-13 08:28 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe2015-06-13 08:27 - 2015-06-13 14:40 - 00000000 ____D C:\Qoobox2015-06-13 08:26 - 2015-06-13 10:26 - 00000000 ____D C:\WINDOWS\erdnt2015-06-11 23:59 - 2015-06-15 14:20 - 00000000 ____D C:\FRST2015-06-11 23:43 - 2015-06-15 14:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_Tool2015-06-07 19:47 - 2015-06-11 03:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\REGSERVO2015-06-07 19:47 - 2015-06-07 19:47 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\REGSERVO.lnk2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Program Files\REGSERVO2015-06-07 19:47 - 2015-06-07 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\REGSERVO2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN Gaming Zone2015-06-07 14:33 - 2015-06-07 14:33 - 00000000 ____D C:\Program Files\MSN2015-06-07 14:26 - 2001-08-23 08:00 - 00001361 _____ C:\WINDOWS\system32\fxscount.h2015-06-06 23:14 - 2015-06-06 23:21 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Fix.reg2015-06-06 23:13 - 2015-06-12 01:58 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RegSearch2015-06-06 02:26 - 2015-06-06 02:40 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\CATHY hapluvlife ~2015-06-04 12:50 - 2015-06-04 12:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ANTI-ROOTKIT by Malwarebytes2015-06-02 23:58 - 2010-01-10 15:09 - 00000780 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of Outlook Express.lnk2015-06-02 21:48 - 2015-06-13 15:53 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\ComboFix2015-06-02 21:43 - 2015-06-08 23:08 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\RootRepeal2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\MSVIDEO DLL #22015-06-02 11:42 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-06-01 00:20 - 2015-06-01 00:20 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Old Firefox Data2015-05-31 21:45 - 2015-06-01 16:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HiJackThis 22015-05-31 15:53 - 2015-05-31 18:17 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\HijackThis2015-05-31 15:11 - 2015-05-31 15:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\SYSTEM CLEANER RESULTS2015-05-31 15:09 - 2009-12-30 03:36 - 06338408 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\ssapiptn.da52015-05-31 11:28 - 2015-05-31 15:09 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\System Cleaner2015-05-30 23:44 - 2015-06-15 13:21 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-05-30 22:27 - 2015-05-31 00:22 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MSVIDEO DLL2015-05-30 22:17 - 2015-05-30 23:15 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\REGISTRY BACK-UPS2015-05-30 12:31 - 2015-05-30 12:33 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE SEO TOOLS and INFO2015-05-30 12:26 - 2015-05-30 12:29 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WOMEN Orgasm on demand and Erotic Hypnosis2015-05-27 17:24 - 2015-06-13 23:04 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE IBP by AXANDRA2015-05-27 16:59 - 2015-05-29 22:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE AddWeb 8.0 Deluxe Website Promoter2015-05-27 11:39 - 2015-05-27 11:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE LUDWIGS BLOGS Folder2015-05-27 10:37 - 2015-05-27 10:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\BACKLINK INDEXER2015-05-26 14:14 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}2015-05-20 11:43 - 2015-05-26 21:28 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE Copy Of CBB on Server 5-20-2015 by {TDL}2015-05-19 18:33 - 2015-05-19 18:34 - 09161683 _____ C:\Documents and Settings\Thomas D Ludwig\My Documents\awebpro.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-15 14:18 - 2015-01-10 03:32 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2015-06-15 14:17 - 2015-03-16 00:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-06-15 14:17 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job2015-06-15 14:15 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype2015-06-15 13:49 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-06-15 13:49 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-06-15 13:17 - 2010-01-10 14:33 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt2015-06-15 12:49 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-15 12:48 - 2015-01-08 19:53 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-06-15 12:48 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-15 12:48 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log2015-06-15 12:47 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job2015-06-15 12:47 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera2015-06-15 12:46 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-15 12:46 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-06-15 12:46 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-15 12:46 - 2010-01-10 16:53 - 01568664 _____ C:\WINDOWS\WindowsUpdate.log2015-06-15 12:46 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl2015-06-15 12:45 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-06-15 12:45 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log2015-06-15 12:42 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini2015-06-15 12:08 - 2014-12-10 09:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData2015-06-15 01:26 - 2010-01-12 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec2015-06-15 01:26 - 2010-01-10 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton2015-06-14 12:25 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig2015-06-14 10:35 - 2010-02-20 18:03 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\IBP2015-06-14 07:40 - 2015-03-31 22:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2015-06-14 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 23:08 - 2010-01-10 14:48 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Accessories2015-06-13 23:01 - 2010-02-20 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\IBP iBusinessPromoter2015-06-13 19:03 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-13 18:58 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE2015-06-13 18:58 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator2015-06-13 18:58 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService2015-06-13 18:58 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService2015-06-13 18:57 - 2010-01-10 14:25 - 00000000 ____D C:\WINDOWS\Registration2015-06-13 18:44 - 2010-07-15 11:14 - 00958512 _____ C:\WINDOWS\setupapi.log2015-06-13 18:44 - 2010-01-21 18:51 - 00000886 _____ C:\WINDOWS\nsw.log2015-06-13 16:07 - 2010-01-25 19:48 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy2015-06-13 14:36 - 2001-08-23 08:00 - 00000227 _____ C:\WINDOWS\system.ini2015-06-13 14:34 - 2010-01-16 12:19 - 00000000 ____D C:\WINDOWS\pss2015-06-13 10:29 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\repair2015-06-13 10:15 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\Help2015-06-13 08:32 - 2010-01-10 08:46 - 00000328 __RSH C:\boot.ini2015-06-12 23:29 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job2015-06-09 18:55 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-06-09 15:18 - 2015-03-16 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-06-09 15:18 - 2015-03-16 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-06-09 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job2015-06-09 08:08 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-06-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2015-06-07 14:33 - 2010-01-10 14:26 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games2015-06-07 14:33 - 2010-01-10 14:25 - 00000000 ____D C:\Program Files\Windows NT2015-06-07 14:33 - 2010-01-10 14:15 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv2015-06-07 14:33 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\addins2015-06-07 14:26 - 2010-01-10 16:39 - 00426765 _____ C:\WINDOWS\netfxocm.log2015-06-07 14:26 - 2010-01-10 16:38 - 00121858 _____ C:\WINDOWS\tabletoc.log2015-06-07 14:26 - 2010-01-10 16:28 - 00171196 _____ C:\WINDOWS\medctroc.Log2015-06-07 14:26 - 2010-01-10 08:49 - 02487412 _____ C:\WINDOWS\FaxSetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 01244978 _____ C:\WINDOWS\ocgen.log2015-06-07 14:26 - 2010-01-10 08:49 - 01147426 _____ C:\WINDOWS\tsoc.log2015-06-07 14:26 - 2010-01-10 08:49 - 01022254 _____ C:\WINDOWS\iis6.log2015-06-07 14:26 - 2010-01-10 08:49 - 00798940 _____ C:\WINDOWS\msmqinst.log2015-06-07 14:26 - 2010-01-10 08:49 - 00749801 _____ C:\WINDOWS\comsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00457185 _____ C:\WINDOWS\ntdtcsetup.log2015-06-07 14:26 - 2010-01-10 08:49 - 00124757 _____ C:\WINDOWS\msgsocm.log2015-06-07 14:26 - 2010-01-10 08:49 - 00123689 _____ C:\WINDOWS\ocmsn.log2015-06-07 14:26 - 2010-01-10 08:49 - 00004507 _____ C:\WINDOWS\imsins.log2015-06-07 14:26 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\security2015-06-07 00:19 - 2015-01-10 04:07 - 00000000 ___RD C:\Documents and Settings\Thomas D Ludwig\My Documents\Dropbox2015-06-06 23:32 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox2015-06-06 23:29 - 2015-01-10 04:07 - 00001100 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Dropbox.lnk2015-06-06 23:29 - 2015-01-10 03:50 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox2015-06-02 21:12 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-06-01 18:47 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe2015-06-01 10:04 - 2010-01-16 23:55 - 00000376 _____ C:\WINDOWS\ODBC.INI2015-06-01 10:03 - 2001-08-23 08:00 - 00001560 _____ C:\WINDOWS\win.ini2015-06-01 10:02 - 2011-06-17 17:36 - 00000000 ____D C:\WINDOWS\ShellNew2015-06-01 02:04 - 2010-01-10 16:53 - 00370995 _____ C:\WINDOWS\spupdsvc.log2015-06-01 02:02 - 2010-01-11 03:07 - 00000841 _____ C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Internet Explorer.lnk2015-06-01 01:48 - 2010-01-11 02:36 - 00150419 _____ C:\WINDOWS\ie8_main.log2015-06-01 01:43 - 2010-01-11 02:59 - 00133817 _____ C:\WINDOWS\ie8.log2015-06-01 01:42 - 2010-01-10 17:32 - 00419218 _____ C:\WINDOWS\updspapi.log2015-06-01 00:31 - 2015-03-15 21:58 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk2015-06-01 00:31 - 2011-05-02 09:30 - 00000774 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk2015-05-31 23:53 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore2015-05-31 12:03 - 2011-12-19 19:34 - 00000000 __SHD C:\WINDOWS\CSC2015-05-31 00:22 - 2010-08-02 11:33 - 00001014 _____ C:\WINDOWS\EZPhotoBrowser2.ini2015-05-27 19:13 - 2015-04-01 22:13 - 00000000 ____D C:\Program Files\HTMLValidatorLite1402015-05-24 13:36 - 2014-08-04 17:07 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE for Christian Based Business KARATBARS by {TDL}2015-05-22 21:01 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk2015-05-21 17:21 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk2015-05-21 08:10 - 2010-01-10 14:33 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini2015-05-17 00:23 - 2015-04-01 19:53 - 00033621 _____ C:\Documents and Settings\Thomas D Ludwig\.spyglass.properties2015-05-16 23:58 - 2015-04-01 18:47 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\.seospyglass==================== Files in the root of some directories =======2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End of log ============================ 2nd One is forth coming.Thomas ~ Link to post Share on other sites More sharing options...
_argus Posted June 15, 2015 ID:969320 Share Posted June 15, 2015 Tell me how's your computer behaving now? Link to post Share on other sites More sharing options...
LUDWIGS Posted June 15, 2015 Author ID:969321 Share Posted June 15, 2015 Argus here's the 2nd Part Of the report. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015Ran by Thomas D Ludwig at 2015-06-15 14:23:45Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan_ToolBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-329068152-436374069-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\AdministratorASPNET (S-1-5-21-329068152-436374069-1060284298-1005 - Limited - Enabled)Guest (S-1-5-21-329068152-436374069-1060284298-501 - Limited - Enabled)HelpAssistant (S-1-5-21-329068152-436374069-1060284298-1000 - Limited - Disabled)SUPPORT_388945a0 (S-1-5-21-329068152-436374069-1060284298-1002 - Limited - Disabled)TDL_OFFICE (S-1-5-21-329068152-436374069-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\TDL_OFFICEThomas D Ludwig (S-1-5-21-329068152-436374069-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Thomas D Ludwig==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)3Com Modem Manager (HKLM\...\3Com Modem Manager) (Version: - )ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenAddWeb 8 (HKLM\...\AddWeb 8) (Version: 8.6.3.5 - Cyberspace HQ)Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)Adobe ActiveShare 1.1 (HKLM\...\Adobe ActiveShare) (Version: - )Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)Adobe Reader 9.4.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Akamai NetSession Interface (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Akamai) (Version: - Akamai Technologies, Inc)Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)ClearThink (HKLM\...\ClearThink) (Version: 2014.08.13.141025 - ClearThink) <==== ATTENTIONCompatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Copier 2.0 (HKLM\...\Copier 2.0) (Version: - )Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)CSE HTML Validator Lite v14.05 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.5.0.0 - AI Internet Solutions LLC)DFM2HTML (HKLM\...\DFM2HTML) (Version: - )DFM2HTML v6.1 (HKLM\...\DFM2HTML v6.1) (Version: - )Dropbox (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )EZSuite For EZCam III (HKLM\...\{313aa16e-8c61-410c-a225-917462421659}) (Version: 1.0 - )EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )FaxTools eXPert (HKLM\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)FVD Suite 3.0.2 (HKLM\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version: - flashvideodownloader.org)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenGoToMeeting 7.2.1.2856 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)IBP 12.2.1 (HKLM\...\IBP12_is1) (Version: 12.2.1 - Axandra GmbH)iLinc Client (HKLM\...\uninstall.exe) (Version: - )Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)InterVideo WinDVD (HKLM\...\InterVideo WinDVD) (Version: - )Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)join.me (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)LinksysDiag (HKLM\...\{9A9412F1-6587-46F4-9689-01E2E38CE5E0}) (Version: - )Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Access 2000 (HKLM\...\{00100409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version: - )Microsoft Money 2001 (HKLM\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft PowerPoint 2000 SR-1 (HKLM\...\{00130409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MiraScan V3.40 (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\MiraScanV3.40) (Version: - )Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - )OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenOLYMPUS CAMEDIA Master 4.1 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - )Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)Opera Stable 24.0.1558.53 (HKLM\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)Outlook Recovery Toolbox 1.7 (HKLM\...\Outlook Recovery Toolbox_is1) (Version: - Recovery Toolbox)Paint Shop Pro 4.12 Shareware (HKLM\...\Paint Shop Pro 4.12 Shareware) (Version: - )PhoneTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: - )Presto! ImageFolio LE (HKLM\...\if40leUninstall) (Version: - )Presto! PageManager (HKLM\...\PageManager) (Version: - )Presto! PageType (HKLM\...\PageType) (Version: - )QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenREGSERVO (HKLM\...\REGSERVO_is1) (Version: 2.0.0.7 - TuneUp System Software Pvt Ltd.)Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version: - )ScanButton 2.1 (HKLM\...\ScanButton 2.1) (Version: - )SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)USB PC Camera (HKLM\...\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}) (Version: - )VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) HiddenVisual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Web Easy Professional (HKLM\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.0 - Avanquest)WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) HiddenWindow Washer (HKLM\...\Window Washer) (Version: - )Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E8}) (Version: 19.5.11475 - WinZip Computing, S.L. )Zoom (HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{0C19B8F4-C6F9-4AB6-B18E-60BA1399C8C0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnypass.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{11216D39-C5CB-41B6-AD5A-E17220E5E524}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{19DB7584-8E4E-11D3-B605-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\fpgoals.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{1C96F515-044F-4B0A-B167-6139D7CDB801}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{33C1974B-2A42-43A6-A376-2B7744C014AE}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mctalk.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{3d391e7a-8060-461e-9a38-656c5b6b23a0}\InprocServer32 -> C:\WINDOWS\system\MSVIDEO.DLL (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D0-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{5330F9D1-994E-11D3-B080-00C04F72CE64}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msofd.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7275AFDF-EF1B-4A2C-B776-3CEE7AE3224E}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{7B94F0F0-7CDD-11D3-9B96-00105AA4504D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pmasdskr.dll ()CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{852397B0-DEA0-11D0-8A69-00A0C90C2A42}\InprocServer32 -> C:\Program Files\Microsoft Money\System\aw.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622B8-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BA-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BC-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BD-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{86F622BF-EF88-458C-9E74-E2574B6875A5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %USERPROFILE%\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll No FileCustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{89603FE2-F04A-4674-A3DD-A8A601014159}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C4865195-8247-47D7-BA9E-BEC1CA480BE5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\Investor\inv8.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{C525E207-7AEE-11D0-92B4-00C04FD9027E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtsync.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E5D0E06D-5309-11D1-A1F0-0000F875A2F0}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mscps.dll ()CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F41311C2-EDBB-4141-810D-2DD7B2C9F46D}\InprocServer32 -> C:\Program Files\Microsoft Money\System\report.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8653-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8654-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyinet.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8655-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\smrtconn.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8657-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8659-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnylog.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofcimp.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyonl.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF865F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\pfplan.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8660-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8661-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8662-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8663-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8664-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8665-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8666-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8668-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8669-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\calutil.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnyolinv.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866B-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\q2mny.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866D-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mspfctl1.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF866F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mnycore.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867A-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\msfdpb.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867C-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\ofx.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF867E-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8680-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8681-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qread.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8682-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\onlsetup.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF8683-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\npc.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F5AF868F-6AED-11D3-B5FB-00C04F72D5F2}\InprocServer32 -> C:\Program Files\Microsoft Money\System\qif.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{F647775F-88A4-448A-9A23-ABA428A7E07E}\InprocServer32 -> C:\Program Files\Microsoft Money\System\mcshdlr.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-329068152-436374069-1060284298-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)==================== Restore Points =========================Could not list restore pointsCheck "winmgmt" service or repair WMI.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2001-08-23 08:00 - 2015-06-13 14:35 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2856\g2mupdate.exeTask: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Citrix\GoToMeeting\2856\g2mupload.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job => C:\Program Files\Opera\launcher.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job => C:\WINDOWS\system32\msfeedssync.exe==================== Loaded Modules (Whitelisted) ==============2015-06-15 06:45 - 2015-06-15 06:45 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061500\algo.dll2011-09-04 18:21 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2015-01-10 03:30 - 2015-01-10 03:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2001-08-23 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll2001-08-23 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2001-08-23 08:00 - 2008-04-13 20:12 - 00192512 _____ () C:\WINDOWS\System32\qcap.dll2001-08-23 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\Desktop\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\Copy of SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\SCANPiST.EXE:SummaryInformationAlternateDataStreams: C:\Documents and Settings\Thomas D Ludwig\My Documents\TDL & LK Share:com.dropbox.attributes==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\cyberspacehq.com -> hxxp://linktrader.cyberspacehq.com==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-329068152-436374069-1060284298-1003\Control Panel\Desktop\\Wallpaper ->DNS Servers: 8.8.8.8 - 8.8.4.4==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Com Modem Manager.lnk => C:\WINDOWS\pss\3Com Modem Manager.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.1.lnk => C:\WINDOWS\pss\ScanButton 2.1.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk => C:\WINDOWS\pss\SnapDetect.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartupMSCONFIG\startupfolder: C:^Documents and Settings^Thomas D Ludwig^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\WINDOWS\pss\MyPC Backup.lnkStartupMSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWMSCONFIG\startupreg: IBP => "C:\Program Files\QuickTime\qttask.exe" -atboottimeMSCONFIG\startupreg: LinksysDiag => C:\Program Files\Linksys\LinksysDiag\LinksysDiag /hwMSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\Money Express.exe"MSCONFIG\startupreg: MoneyStartUp => C:\Program Files\Microsoft Money\System\Money Startup.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottimeMSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Akamai\netsession_win.exe] => :LocalSubNet:Disabled:Akamai NetSession ClientStandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google ChromeStandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet BrowserStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:DropboxStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\Zoom.exe] => Disabled:ZoomStandardProfile\AuthorizedApplications: [C:\Program Files\Avanquest\Web Easy Professional 10\WebEasy.exe] => Enabled:Web Easy ApplicationStandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:SkypeStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice TestStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => :LocalSubNet:Disabled:Microsoft Management ConsoleStandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKitStandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp\7zS726.tmp\SymNRT.exe] => Enabled:Norton Removal ToolDomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceDomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing ServiceStandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Disabled:Windows Media Player Network Sharing Service==================== Faulty Device Manager Devices =============Could not list Devices. Check "winmgmt" service or repair WMI.==================== Event log errors: =========================Application errors:==================Error: (06/15/2015 02:20:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.1.711, faulting module mbam.exe, version 1.0.1.711, fault address 0x0018aae7.Processing media-specific event for [mbam.exe!ws!]Error: (06/15/2015 02:19:39 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.Error: (06/15/2015 00:47:38 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.Error: (06/15/2015 00:45:34 PM) (Source: SecurityCenter) (EventID: 1802) (User: )Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.Error: (06/15/2015 00:45:34 PM) (Source: WinMgmt) (EventID: 28) (User: )Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.Error: (06/15/2015 00:45:33 PM) (Source: WinMgmt) (EventID: 5601) (User: )Description: The WinMgmt service failed to load the repository files under the directory %windir%\system32\wbem\repository. Thiscan be caused by a corruption in the repository files, security settings on this directory, lack disk space, or othersystem resource issues like lack of memory. If this error happens every time the machine is rebooted then theadministrator on this machine may need to stop WinMgmt service, delete all files and directories under this location,and restarting the WinMgmt service.Error: (06/15/2015 00:09:42 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.Error: (06/15/2015 10:20:41 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.Error: (06/15/2015 08:32:38 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.Error: (06/15/2015 06:38:15 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.System errors:=============Error: (06/15/2015 00:45:20 PM) (Source: 0) (EventID: 5008) (User: )Description: Broadcom iLine10 Network AdapterError: (06/15/2015 00:45:20 PM) (Source: 0) (EventID: 4) (User: )Description: AMLI0x710x70 - 0x71Error: (06/15/2015 00:45:20 PM) (Source: 0) (EventID: 5) (User: )Description: AMLI0x700x70 - 0x71Error: (06/15/2015 06:35:52 AM) (Source: 0) (EventID: 5008) (User: )Description: Broadcom iLine10 Network AdapterError: (06/15/2015 06:35:52 AM) (Source: 0) (EventID: 4) (User: )Description: AMLI0x710x70 - 0x71Error: (06/15/2015 06:35:52 AM) (Source: 0) (EventID: 5) (User: )Description: AMLI0x700x70 - 0x71Error: (06/15/2015 01:33:35 AM) (Source: 0) (EventID: 5008) (User: )Description: Broadcom iLine10 Network AdapterError: (06/15/2015 01:33:35 AM) (Source: 0) (EventID: 4) (User: )Description: AMLI0x710x70 - 0x71Error: (06/15/2015 01:33:35 AM) (Source: 0) (EventID: 5) (User: )Description: AMLI0x700x70 - 0x71Error: (06/14/2015 01:34:54 PM) (Source: 0) (EventID: 5008) (User: )Description: Broadcom iLine10 Network AdapterMicrosoft Office:=========================Error: (06/15/2015 02:20:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.1.711mbam.exe1.0.1.7110018aae7Error: (06/15/2015 02:19:39 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description:Error: (06/15/2015 00:47:38 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description:Error: (06/15/2015 00:45:34 PM) (Source: SecurityCenter) (EventID: 1802) (User: )Description:Error: (06/15/2015 00:45:34 PM) (Source: WinMgmt) (EventID: 28) (User: )Description:Error: (06/15/2015 00:45:33 PM) (Source: WinMgmt) (EventID: 5601) (User: )Description:Error: (06/15/2015 00:09:42 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description:Error: (06/15/2015 10:20:41 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description:Error: (06/15/2015 08:32:38 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description:Error: (06/15/2015 06:38:15 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)Description:==================== Memory info ===========================Processor: Intel® Pentium® 4 CPU 1400MHzPercentage of memory in use: 50%Total physical RAM: 767.07 MBAvailable physical RAM: 382.28 MBTotal Pagefile: 1877.77 MBAvailable Pagefile: 1013.7 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1944.41 MB==================== Drives ================================Drive c: () (Fixed) (Total:126 GB) (Free:81.23 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (DATA STORAGE) (Fixed) (Total:70.02 GB) (Free:69.93 GB) NTFSDrive e: (MOVIES) (Fixed) (Total:29.29 GB) (Free:29.23 GB) NTFSDrive f: (PICTURES) (Fixed) (Total:7.57 GB) (Free:7.53 GB) NTFSDrive z: () (Network) (Total:126 GB) (Free:81.23 GB)==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 00000001)Partition 1: (Active) - (Size=126 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=106.9 GB) - (Type=OF Extended)==================== End of log ============================ Argus OK this is the 2nd Part.Thank you So kindly.Thomas D ~ Link to post Share on other sites More sharing options...
_argus Posted June 15, 2015 ID:969323 Share Posted June 15, 2015 Tell me how's your computer behaving now? Link to post Share on other sites More sharing options...
LUDWIGS Posted June 15, 2015 Author ID:969324 Share Posted June 15, 2015 Argus you'll see in the REPORTS that these last 2 day there has been ERRORS... The good new is that So far the MSVIDEO DLL has Not shown it's ugly head again. #1. When do you want me to delete everything in System Restore and start fresh? #2. Argus when do you want me to uninstall ComboFix? (With all the Quarantined Files and items? Thomas ~ Link to post Share on other sites More sharing options...
_argus Posted June 15, 2015 ID:969325 Share Posted June 15, 2015 The following will implement some post-cleanup procedures:Download DelFix by Xplode and save it to your desktop.Run the tool by right click on the icon and Run as administrator option. Make sure that these ones are checked:Remove disinfection tools Purge system restore Reset system settings [*]Push Run and wait until the tool completes his work. [*]All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFixTool deletes old system restore points and create a fresh system restore point after cleaning. Link to post Share on other sites More sharing options...
LUDWIGS Posted June 15, 2015 Author ID:969332 Share Posted June 15, 2015 Dear Argus do I also check Activate UAC ? Link to post Share on other sites More sharing options...
Recommended Posts