The application or DLL C:\ WINDOWS S\system 32\riched 20.dll

LUDWIGS · September 9, 2015

September 8th, 2015 Tuesday 9:07pm EST ~

Dear EXPERT - I need HELP with different Malware Virus.
On 9-2-2015 I received this ERROR:
X The application\Reader 10.0\ Reader \ Acro Rd 32.dll is not a valid windows image.
Please check this against your installation diskette.

After this some of my Windows frames were partly transparent. Over the next couple Of days I ran on my Computer; Avast Antivirus full scan, MalwareBytes AntiMalware Premium, and SUPER AntiSpyware.
X from 9-6-2015 6:23am EST ~
When I went to Open my OUTLOOK 2000 it would Not open completely. I tried multiple times. I received this ERROR:

X The application or DLL C:\ WINDOWS S\system 32\riched 20.dll is not a valid Windows image. Please check this against your installation diskette.
Please get back to me.
Thank you So kindly,
God Bless,
Thomas D Ludwig

(Personal Information removed form this post)

---\Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
Ran by Thomas D Ludwig (administrator) on TDL-OFFICE (08-09-2015 19:41:40)
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan Tool
Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Cyberspace Headquarters, LLC) C:\PROGRA~1\AddWeb8\smartpatrol.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-17] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [smartPatrol] => C:\Program Files\AddWeb8\SmartPatrol.exe [1171968 2015-06-26] (Cyberspace Headquarters, LLC)
HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-03] (SUPERAntiSpyware)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [Dropbox Update] => C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-17] (Avast Software s.r.o.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;
Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindows XP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindows XP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindows XP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-17] (Avast Software s.r.o.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101
FF Homepage: hxxp://www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-07-31]
FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]
FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.foxnews.com/"
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-17]
CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-17] (Avast Software s.r.o.)
S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-17] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-17] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-17] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-17] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-06-17] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-17] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-17] ()
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-08] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)
R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)
R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]
S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 hpt3xx; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U4 Scsiscan; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 19:40 - 2015-09-08 19:41 - 00000000 ____D C:\FRST
2015-09-08 19:25 - 2015-09-08 19:41 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan Tool
2015-09-08 19:23 - 2015-09-08 19:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Farbar Recovery Scan Tool
2015-09-06 07:55 - 2015-09-08 11:51 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MalwareBytes FORUM
2015-09-06 06:28 - 2015-09-06 06:28 - 00000000 _____ C:\extend.dat
2015-09-06 06:09 - 2015-09-06 06:11 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-09-06 06:09 - 2015-09-06 06:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-08-27 20:06 - 2015-08-28 07:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-16 23:46 - 2015-09-08 19:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-10 01:36 - 2015-08-10 01:36 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 19:43 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp
2015-09-08 19:30 - 2015-06-20 20:18 - 00001028 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-329068152-436374069-1060284298-1003UA.job
2015-09-08 19:26 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk
2015-09-08 19:13 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 19:07 - 2015-01-10 03:32 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-08 19:02 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-08 18:36 - 2015-05-30 23:44 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 15:59 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype
2015-09-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-08 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 11:02 - 2010-01-10 14:33 - 00032058 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-08 10:46 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job
2015-09-08 10:45 - 2015-06-26 08:19 - 00000027 _____ C:\Flag.Fil
2015-09-08 10:44 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 10:44 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 10:44 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-08 10:42 - 2015-07-08 07:21 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-08 10:42 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 10:42 - 2014-09-16 01:38 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410845932.job
2015-09-08 10:42 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 10:42 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-08 10:42 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera
2015-09-08 10:42 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-08 10:42 - 2010-01-10 16:53 - 01130076 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-08 10:42 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-08 10:41 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-08 10:41 - 2010-01-10 08:51 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-08 02:24 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini
2015-09-07 21:32 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-06 08:29 - 2015-06-20 20:17 - 00000976 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-329068152-436374069-1060284298-1003Core.job
2015-09-06 06:10 - 2010-08-01 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-06 06:09 - 2014-05-29 09:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-06 06:09 - 2011-10-21 19:41 - 00000000 ___RD C:\Program Files\Skype
2015-09-05 12:09 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE
2015-09-05 12:09 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator
2015-09-05 12:09 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig
2015-09-05 12:09 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-09-05 12:09 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-09-05 09:35 - 2012-04-13 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\KARATBARS MEMORY JOGGER
2015-09-03 23:11 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-09-02 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-08-29 18:00 - 2010-08-03 14:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2286198$
2015-08-28 18:54 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 07:15 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-08-23 12:04 - 2011-06-17 18:06 - 00002471 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Excel.lnk
2015-08-22 21:55 - 2015-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE CBB 5-26-2015 by {TDL}
2015-08-22 21:54 - 2014-09-23 23:01 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\KEYWORD SUGGESTION TOOL
2015-08-17 00:47 - 2015-03-16 00:52 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-17 00:47 - 2015-03-16 00:52 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-16 19:25 - 2010-09-17 15:37 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\THOMAS D LUDWIG
2015-08-10 01:36 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox

==================== Files in the root of some directories =======

2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp
2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results
2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML
2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache
2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache
2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache
2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition.txt

FRST.txt

Edited September 9, 2015 by Spud
Please do not publicly post personal information in the forums.

TwinHeadedEagle · September 9, 2015

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

Before we start please read and note the following:

We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
Note that we may live in totally different time zones, what may cause some delays between answers.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

LUDWIGS · September 11, 2015

Dear TwinHeadedEagle I'm attaching the Report:

After I completed this and rebooted -- I could no longer get on the Internet as my settings apparently were changes by the the Tool or the FIX... After a couple Of hours without any success I used SYSTEM RESTORE to get my settings back in my computer.

So TwinHeadedEagle what do we need to do Now because I used System Restore?

Please advise!

I remain Respectfully,

Thomas D Ludwig

Edited September 14, 2015 by AdvancedSetup
removed email address

LUDWIGS · September 11, 2015

Fix result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01

Ran by Thomas D Ludwig (2015-09-10 18:57:05) Run:1

Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan Tool

Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)

Boot Mode: Normal

==============================================

fixlist content:

*****************

createrestorepoint:

closeprocesses:

emtpytemp:

HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION

HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:3249;https=127.0.0.1:3249;

Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

RemoveProxy:

cmd: ipconfig /flushdns

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=

SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.certified-toolbar.com?si=&st=bs&tid=6533&ver=4.4&ts=1377054169832.000009&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindows XP&p={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindows XP&p={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_24_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyEtCtByCzz0DtBtGtD0AtD0AtGtAyByEyDtGzz0AtDyDtGtCyB0D0FyBtD0Azy0F0DzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtCtCyE0C0BtGyEtB0ByEtGyByD0DtDtG0A0D0C0EtGyDtDzztB0CzytBtD0A0Ezy0D2Q&cr=689438464&ir=

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CKL92cKVu7ICFXGRPAodV3IAEA&ptb=16E2B954-42E3-41BA-8DC1-57D7DD3A16E4&psa=&ind=2012091619&st=sb&n=77ee14e3&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.4&ts=1377054169832&tguid=62606-6533-1377054169832-9150CCA918ED461D36392841626685C5&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E1BF2FBE-C270-4183-B4FA-1688BDD9A957} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyE0B0FyDyBtDyE0AtCtD0FyD0EtN0D0Tzu0StCtByDzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtCyDtDtByDtC0EtGyDtBtCzytGyCtB0C0DtGyC0F0C0FtGyBtA0DtCyDyDyDyDzz0BtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCzzyE0A0A0FtBtG0FtDzzyEtGyE0A0AzztGzy0A0E0BtGyC0B0AyD0A0B0B0FtB0CtByE2QtN0A0LzutB%26cr%3D613774268%26a%3Dwny_wnzp_15_24%26os%3DWindows XP&p={searchTerms}

SearchScopes: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> {FD11FC05-EF26-4ED3-9041-1A10B74294CA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=60C9164E-87F8-4C85-A075-F48AD7F62EAF&apn_sauid=B42CC8E7-FF9A-4A36-B5DC-851512952716

*****************

Restore point was successfully created.

Processes closed successfully.

emtpytemp: => Error: No automatic fix found for this entry.

HKLM Group Policy restriction on software: C:\Program Files\Webroot <====== ATTENTION => restored successfully

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION => restored successfully

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION => restored successfully

HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION => restored successfully

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION => restored successfully

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION => restored successfully

HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION => restored successfully

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run\\IBP => value removed successfully.

"HKLM\SOFTWARE\Policies\Google" => key removed successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}\\NameServer => value removed successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.

HKU\S-1-5-21-329068152-436374069-1060284298-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully.

HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully.

HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => key removed successfully.

HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => key removed successfully.

HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.

HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully.

HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.

HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully.

HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully.

HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => key removed successfully.

HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => key removed successfully.

HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.

HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1BF2FBE-C270-4183-B4FA-1688BDD9A957}" => key removed successfully.

HKCR\CLSID\{E1BF2FBE-C270-4183-B4FA-1688BDD9A957} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully.

HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.

"HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD11FC05-EF26-4ED3-9041-1A10B74294CA}" => key removed successfully.

HKCR\CLSID\{FD11FC05-EF26-4ED3-9041-1A10B74294CA} => key not found.

The system needed a reboot.

==== End of Fixlog 18:57:31 ====

TwinHeadedEagle · September 11, 2015

Were you using proxy settings?

TwinHeadedEagle · September 14, 2015

Still with me?

LUDWIGS · September 14, 2015

hello TwinHeadedEagle ~ how would I know if I'm using using proxy settings? and What are proxy settings?

LUDWIGS, Thomas ~

TwinHeadedEagle · September 14, 2015

Okay, I was hoping to see this. We need to perform one more fix, but please if you lose internet this time, please do not perform system restore, because it moves us one step back.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

LUDWIGS · September 15, 2015

Dear TwinHeadedEagle I completed the Scan and have Attached Both the FRST.txt and the Addition.txt report for your review.

Thank you,

Thomas

--\

Addition.txt

FRST.txt

LUDWIGS · September 15, 2015

TwinHeadedEagle I also yesterday turned Off the Proxy Server from my FireFox Browser.

Thank you So kindly,

Thomas D ~

TwinHeadedEagle · September 16, 2015

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

LUDWIGS · September 16, 2015

Dear TwinHeadedEagle ~ before I do this FIX I want to be sure that my internet connection does Not get cut Off and disrupted.

TwinHeadedEagle please check the FIX first, and tell me how to check my Computer ahead Of time before the next step FIX so we both know I'm Not going to have a problem getting back-online with my internet connection!

TwinHeadedEagle I also know that originally I did Set this my Computer to be the main hub or a Network where I could plug another computer (Laptop which I do NOT have yet), into it and also have a connection for that future Laptop).

Also TwinHeadedEagle - I don't know if there is a Proxy Server or Not, how can I check this from my computer?

I appreciate your Help and please advise..

Thank you So kindly,

Thomas ~ :huh:

TwinHeadedEagle · September 16, 2015

There is a fake proxy server set, but I think you should be okay now. Before every fix, we make backup if something unexpected happens, so you're safe

LUDWIGS · September 18, 2015

September 18th, 2015 Friday 6:47pm EST ~

Dear TwinHeadedEagle ~ I've completed the FIX and you'll find the Fixlog attached below.

Thank you,

Thomas ~

LUDWIGS · September 18, 2015

September 18th, 2015 Friday 6:47pm EST ~

Dear TwinHeadedEagle ~ I've completed the FIX and you'll find the Fixlog attached below.

Thank you,

Thomas ~

Fixlog.txt

TwinHeadedEagle · September 18, 2015

Fix did not finish completely. Can you run it one more time?

LUDWIGS · September 19, 2015

September 19th, 2015 Saturday 10:21am EST ~y

Hi TwinHeadsEagle - let me ask you what was the name of the Malware Or Virus that my Computer had?

I reran the FIX again as requested and you'll find it attached below.

Thank you So kindly.

Have a great day, :unsure:

Thomas D ~

Fixlog.txt

TwinHeadedEagle · September 19, 2015

I cannot tell you 100% what is the name of infection, but there were a lot of registry modifications that shouldn't be there.

How is your PC behaving now?

LUDWIGS · September 21, 2015

September 20th, 2015 Sunday 8:pm EST ~

Dear TwinHeadedEagle – PC Not good.

#1. I see sometimes transparent through a Window back and see the Task Manager Graph behind it.

#2.My OPERA Browser will Not let me watch FOXNews.com Videos… It’s says “Error: No valid source could be found. (No Sound and No Video)

#3. Than when I use my OPERA Browser to watch NetFlix movies they don’t Stream and an ERROR Occurs…

#4. When I go to my FIREFOX Browser it works Showing FOXNews.com Videos and Sound is fine.

#5. However when I use FIREFOX Browser to watch NetFlix.com movies they do play but sound is Not loading or playing correctly.

**(All these 5 Problems outlined above only just started after the latest FIX. Everything as far as watching Videos or NetFlix movies and FOXNews with OPERA Browser all worked just one day before.)

TwinHeadedEagle #6. Something is wrong and Not FIXED.

Do I need to download and Run ComboFix.exe or something else?

TwinHeadedEagle

Please advise.

Thank you,

Thomas ~

TwinHeadedEagle · September 21, 2015

Let's run FRST scan again:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

LUDWIGS · September 25, 2015

September

Dear TwinHeadedEagle here's the two Reports:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by Thomas D Ludwig (administrator) on TDL-OFFICE (25-09-2015 00:13:42)
Running from C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan Tool
Loaded Profiles: Thomas D Ludwig (Available Profiles: Thomas D Ludwig & TDL_OFFICE & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Cyberspace Headquarters, LLC) C:\PROGRA~1\AddWeb8\smartpatrol.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-17] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-23] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [smartPatrol] => C:\Program Files\AddWeb8\SmartPatrol.exe [1171968 2015-06-26] (Cyberspace Headquarters, LLC)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [iBP] => [X]
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-03] (SUPERAntiSpyware)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Run: [Dropbox Update] => C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-329068152-436374069-1060284298-1003\...\Policies\Explorer: [NoInstrumentation] 1
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-17] (Avast Software s.r.o.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-06-01]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3A8933F7-70EC-416F-BBC4-F7D728066B7A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-17] (Avast Software s.r.o.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-329068152-436374069-1060284298-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101
FF Homepage: hxxp://www.foxnews.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-03-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-436374069-1060284298-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Thomas D Ludwig\Application Data\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-23] (RealPlayer)
FF Extension: SeoQuake - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-07-31]
FF Extension: SEO For Firefox - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\seo4firefox@seobook.com.xpi [2015-06-01]
FF Extension: Alexa Traffic Rank - C:\Documents and Settings\Thomas D Ludwig\Application Data\Mozilla\Firefox\Profiles\9uwd7mva.default-1433132431101\Extensions\toolbar@alexa.com.xpi [2015-06-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.foxnews.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-07]
CHR Extension: (Bing) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-14]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-20]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-07]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-17]
CHR HKLM\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-329068152-436374069-1060284298-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://www.netflix.com/"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-17] (Avast Software s.r.o.)
S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-29] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [388936 2007-08-09] (Webroot Software, Inc.)
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-17] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-17] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-17] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-17] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-06-17] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-17] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-17] ()
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
R3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cwcspud; C:\WINDOWS\System32\drivers\cwcspud.sys [111872 2001-08-17] (Crystal Semiconductor Corp.)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11351 2004-05-24] (Realtek Semiconductor Corporation) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8568 2004-03-09] (Realtek Semiconductor Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-24] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 prcmondrv; C:\WINDOWS\system32\drivers\prcmondrv1041.sys [18432 2011-10-19] (Igor Nys) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
S3 RTLVLANXP; C:\WINDOWS\System32\DRIVERS\RTLVLANXP.SYS [15360 2005-01-26] (Linksys, A Division of Cisco Systems, Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [163376 2000-10-26] (Voyetra Turtle Beach)
R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [498592 2000-10-26] (Voyetra Turtle Beach)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [289352 2013-09-27] (Trend Micro Inc.)
R2 VS3COM; C:\Program Files\3Com\ModemMgr\Program\VS3COM.sys [12544 1998-08-17] () [File not signed]
S3 vtdg46xx; C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys [19232 2000-10-24] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 hpt3xx; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U4 Scsiscan; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 02:42 - 2015-09-22 02:42 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox
2015-09-22 02:32 - 2015-09-22 02:42 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Start Menu\Programs\Dropbox(2)
2015-09-20 13:02 - 2015-09-24 20:05 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442768521.job
2015-09-20 13:02 - 2015-09-20 13:02 - 00000713 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-09-20 13:02 - 2015-09-20 13:02 - 00000713 _____ C:\Documents and Settings\All Users\Desktop\Opera 32.lnk
2015-09-08 19:40 - 2015-09-25 00:13 - 00000000 ____D C:\FRST
2015-09-08 19:25 - 2015-09-25 00:13 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Desktop\Farbar Recovery Scan Tool
2015-09-08 19:23 - 2015-09-08 19:23 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\Farbar Recovery Scan Tool
2015-09-06 07:55 - 2015-09-24 23:56 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\MalwareBytes FORUM
2015-09-06 06:28 - 2015-09-06 06:28 - 00000000 _____ C:\extend.dat
2015-08-27 20:06 - 2015-08-28 07:32 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 00:14 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\temp
2015-09-25 00:13 - 2015-03-08 15:22 - 00000534 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-25 00:02 - 2014-08-19 00:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-24 23:30 - 2015-06-20 20:18 - 00001028 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-329068152-436374069-1060284298-1003UA.job
2015-09-24 23:02 - 2014-08-19 00:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-24 22:36 - 2015-05-30 23:44 - 00000630 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-24 21:29 - 2010-01-10 14:33 - 00032618 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-24 21:08 - 2010-01-10 14:26 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-24 20:57 - 2011-06-17 18:06 - 00002473 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Microsoft Word.lnk
2015-09-24 20:07 - 2015-06-26 08:19 - 00000027 _____ C:\Flag.Fil
2015-09-24 20:06 - 2015-04-16 20:00 - 00000298 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-24 20:06 - 2012-12-28 14:47 - 00000306 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-24 20:06 - 2012-06-02 17:16 - 00000298 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-24 20:05 - 2015-07-08 07:21 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 20:05 - 2015-04-14 07:58 - 00000320 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-24 20:05 - 2015-01-10 03:32 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-24 20:05 - 2014-07-31 08:49 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-24 20:05 - 2010-01-10 08:51 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-24 20:04 - 2010-01-10 16:53 - 01285715 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-24 20:04 - 2010-01-10 08:51 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-24 20:04 - 2001-08-23 08:00 - 00013742 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-24 20:03 - 2010-01-10 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-24 20:02 - 2010-01-10 14:48 - 00000278 ___SH C:\Documents and Settings\Thomas D Ludwig\ntuser.ini
2015-09-24 20:01 - 2014-10-14 21:03 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Tuneup Pro
2015-09-24 20:01 - 2010-08-02 11:40 - 00000000 ____D C:\WINDOWS\Setup2K
2015-09-23 10:22 - 2012-04-19 21:50 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4792017-2696-4552-AD7E-91C1162166FD}.job
2015-09-23 02:10 - 2015-03-16 00:52 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-23 02:10 - 2015-03-16 00:52 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-23 02:10 - 2014-08-26 00:49 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\Adobe
2015-09-23 01:34 - 2010-01-10 14:33 - 00000042 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-09-22 23:14 - 2015-06-13 14:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-22 11:11 - 2011-07-08 19:52 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-22 02:43 - 2014-12-24 08:18 - 00000000 ____D C:\Documents and Settings\TDL_OFFICE
2015-09-22 02:43 - 2010-01-14 01:39 - 00000000 ____D C:\Documents and Settings\Administrator
2015-09-22 02:43 - 2010-01-10 14:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig
2015-09-22 02:43 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-09-22 02:43 - 2010-01-10 14:33 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-09-22 02:42 - 2015-01-10 03:46 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Dropbox
2015-09-22 01:15 - 2013-03-11 09:33 - 00000346 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-20 22:22 - 2013-08-21 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-09-20 22:22 - 2013-08-21 19:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-20 13:02 - 2013-03-11 15:17 - 00000000 ____D C:\Program Files\Opera
2015-09-20 08:29 - 2015-06-20 20:17 - 00000976 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-329068152-436374069-1060284298-1003Core.job
2015-09-20 06:47 - 2010-01-10 15:14 - 00001580 _____ C:\Documents and Settings\Thomas D Ludwig\Desktop\Volume Control.lnk
2015-09-18 07:15 - 2013-03-11 09:38 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-436374069-1060284298-1003.job
2015-09-12 21:01 - 2015-04-07 14:18 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\WEBSITE #2 Borders Gold Nugget
2015-09-11 01:51 - 2010-08-01 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-10 22:01 - 2010-07-15 11:14 - 00995950 _____ C:\WINDOWS\setupapi.log
2015-09-10 22:01 - 2010-01-10 08:42 - 00000000 ____D C:\WINDOWS\system32\ias
2015-09-10 21:45 - 2010-01-21 18:51 - 00000576 _____ C:\WINDOWS\nsw.log
2015-09-10 20:17 - 2014-05-29 09:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-10 19:05 - 2010-08-01 16:38 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\Application Data\Skype
2015-09-10 18:54 - 2010-01-14 01:40 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-09-10 10:09 - 2015-01-09 22:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-08 15:00 - 2014-07-31 08:49 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-06 06:09 - 2011-10-21 19:41 - 00000000 ___RD C:\Program Files\Skype
2015-09-05 09:35 - 2012-04-13 17:48 - 00000000 ____D C:\Documents and Settings\Thomas D Ludwig\My Documents\KARATBARS MEMORY JOGGER
2015-09-03 23:11 - 2014-08-19 00:17 - 00001853 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-08-29 18:00 - 2010-08-03 14:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2286198$
2015-08-28 18:54 - 2012-05-03 02:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-02-15 15:45 - 2013-02-15 15:45 - 0000000 _____ () C:\Program Files\GUM6F.tmp
2014-06-14 19:20 - 2014-06-15 03:21 - 0000326 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\aps.uninstall.scan.results
2011-12-13 11:23 - 2011-12-13 11:23 - 0009398 _____ () C:\Documents and Settings\Thomas D Ludwig\Application Data\Tab Separated Values (Windows).EML
2014-12-10 18:31 - 2014-12-10 18:31 - 0205925 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\ars.cache
2014-12-10 18:33 - 2014-12-10 18:33 - 0392431 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\census.cache
2010-01-11 14:53 - 2011-04-04 09:02 - 0005120 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-17 14:05 - 2012-09-17 14:05 - 0000036 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\housecall.guid.cache
2010-10-20 17:48 - 2012-09-11 22:01 - 0001940 _____ () C:\Documents and Settings\Thomas D Ludwig\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Thank you So kindly for all your help,

Thomas D ~

FRST.txt

Addition.txt

TwinHeadedEagle · September 25, 2015

remove%20outdated.jpg Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

ClearThink

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Note: If you are unable to uninstall all programs, please inform me, but continue with other steps.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

Fix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
If security notifications appear, click Continue or Run.
Accept the prompt about restoring services.
Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

fixlist.txt

LUDWIGS · September 26, 2015

hello TwinHeadedEagle - I don't know what you are referring to here? What is the thing in front of the + R?

Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.

Thank you,

Thomas ~

TwinHeadedEagle · September 26, 2015

It is Windows key:

LUDWIGS · September 26, 2015

hi TwinHeadedEagle I've completed the ESET Services Repair.

and here is the Log.

Log Opened: 2015-09-26 @ 17:28:30
17:28:30 - -----------------
17:28:30 - | Begin Logging |
17:28:30 - -----------------
17:28:30 - Fix started on a WIN_XP X86 computer
17:28:30 - Prep in progress. Please Wait.
17:28:39 - Prep complete
17:28:39 - Repairing Services Now. Please wait...
17:28:39 - Services Repair Complete.
17:28:50 - Reboot Initiated

---\

TwinHeadedEagle first I could NOT Find the ClearThink Program, so without touching anything below I proceeded with the above Service Repair.

Uninstall: ClearThink / Didn't Find it 9-2-26-2015 Saturday 4:32pm EST ~ by {TDL}.

#1. The ESET repair didn’t find the ClearThink program.

#2 I also did a full Search in my Computer for ClearThink and nothing found.

#3. Than I did a full Search of my Computer for appwiz.cpl

#4. I did a full Search my Computer for appwiz.cpl

And found 4 entries:

1.) add or remove Programs

2.) appwiz.cpl C\WINDOWS\$NtServicePackUninstall$ 537KB Control Panel extension 8/4/2004 1:56 AM (Date Modified)

[all in blue print]***

3.) appwiz.cpl C\WINDOWS\System32 537KB Control Panel extension 4/13/2008 8:12 PM

(Date Modified)

4.) appwiz.cpl C\WINDOWS\ServicePackFiles\i386 537KB Control Panel extension 8:12 PM (Date Modified)

---------------\

SvcRepair.log

The application or DLL C:\ WINDOWS S\system 32\riched 20.dll

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information