[RESOLVED] troublshooting vista 32 bit

Printable View

Show 40 post(s) from this thread on one page

January 30th, 2014, 05:21 AM
nlday

[RESOLVED] troublshooting vista 32 bit

a 7yr old vista running sluggish. i would like to rule out infection as cause.
here are the logs ...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
carm :: CARM-PC [administrator]

1/28/2014 11:08:16 PM
mbam-log-2014-01-28 (23-08-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426019
Time elapsed: 1 hour(s), 29 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dds
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by carm at 16:13:14 on 2014-01-28
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_comm_customer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_system_customer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_user_customer.exe
C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Security Suite\Engine\21.1.0.18\cltRT.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thefreedictionary.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uURLSearchHooks: <No Name>: {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - c:\program files\popularscreensavers_7i\bar\1.bin\7iSrcAs.dll
BHO: Toolbar BHO: {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - c:\program files\popularscreensavers_7i\bar\1.bin\7ibar.dll
BHO: Search Assistant BHO: {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - c:\program files\popularscreensavers_7i\bar\1.bin\7iSrcAs.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.1.0.18\ips\IPSBHO.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.1211.1\NativeBHO.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: PopularScreensavers: {f339a07f-9578-412d-85e0-b8a80277151a} - c:\program files\popularscreensavers_7i\bar\1.bin\7ibar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.1.0.18\CoIEPlg.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] "c:\users\carm\appdata\local\microsoft\windows\temporary internet files\content.ie5\ionc97ni\cfw_installer_x86[1].exe" -lang 1033 -restore c:\windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{0EE27FAF-F026-4199-B902-72AE9B548541} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist remote support customer\594\g2ax_winlogon.dll
AppInit_DLLs= c:\progra~1\keycry~1\KEYCRY~4.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\carm\appdata\roaming\mozilla\firefox\profiles\mkdp91jr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\popularscreensavers\NPp5Stub.dll
FF - plugin: c:\program files\popularscreensavers_7i\bar\1.bin\NP7iStub.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-07-27 18:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-06-18 12:56; 7iffxtbr@PopularScreensavers_7i.com; c:\program files\popularscreensavers_7i\bar\1.bin
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? MCLServiceATL;Intel(R) Application Tracker
R? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver
R? SASENUM;SASENUM
R? SkypeUpdate;Skype Updater
S? !SASCORE;SAS Core Service
S? AntiLog32;AntiLog32
S? BHDrvx86;BHDrvx86
S? ccSet_N360;N360 Settings Manager
S? DQLWinService;DQLWinService
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FontCache;Windows Font Cache Service
S? GoToAssist Remote Support Customer;GoToAssist Remote Support Customer
S? IDSVix86;IDSVix86
S? IDVaultSvc;CGPS Service
S? IntelDH;IntelDH Driver
S? keycrypt;keycrypt
S? N360;Norton Security Suite
S? nmsgopro;GoProto Protocol Driver for NMS
S? nmsunidr;UniDriver for NMS
S? PSI;PSI
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMTDIv;Symantec Vista Network Dispatch Driver
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-01-21 19:43:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-21 19:43:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-30 19:35:17 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2013-12-06 20:28:51 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-12-06 19:40:05 199240 ----a-w- c:\windows\system32\g2ax_credential_provider_594.dll
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:18:43.22 ===============
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Actiontec Gateway
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
AntiLogger SDK version 1.6.6.296
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Constant Guard Protection Suite
Coupon Printer for Windows
CyberPower PowerPanel Personal Edition
D3DX10
Dell Games
Dell PC Fax
Dell Support Center (Support Software)
Dell System Customization Wizard
DellConnect
DellSupport
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
Games, Music, & Photos Launcher
Google Drive
Google Earth
Google Update Helper
GoToAssist Customer 1.6.0.594
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Update
iCloud
Icon Restore 1.0
Intel(R) Matrix Storage Manager
Intel(R) Viiv(TM) Software
Internet Service Offers Launcher
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft IntelliType Pro 6.2
Microsoft LifeCam
Microsoft Money 2006
Microsoft Office Excel Viewer
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Norton Security Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PopularScreensavers Toolbar and Software
Prison Tycoon 3
QuickConnect
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Segoe UI
SigmaTel Audio
Skype Click to Call
Skype™ 6.11
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware Free Edition
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
User's Guides
VC 9.0 Runtime
WeatherBug
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Works Upgrade
.
==== End Of File ===========================
January 31st, 2014, 03:16 AM
nlday

would someone have time to check these logs
thanks
January 31st, 2014, 01:22 PM
Broni
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================

http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
http://dev.discussions.virtualdr.forums.relay.cool/ Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
January 31st, 2014, 02:13 PM
nlday

hi and thanks broni
just had an unexplained shutdown on this lightly used dell vista
here is 2 RK logs...
ogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : carm [Admin rights]
Mode : Remove -- Date : 01/31/2014 11:53:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : {1606DC18-9578-4cbd-8312-8E9868F06A1D} ("C:\Users\carm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IONC97NI\cfw_installer_x86[1].exe" -lang 1033 -restore C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf [x][-]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x830CC823 -> HOOKED (Unknown @ 0x88B37868)
[Address] SSDT[14] : NtAlertThread @ 0x8304534F -> HOOKED (Unknown @ 0x88B37900)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8308169D -> HOOKED (Unknown @ 0x88B37F60)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x830238A7 -> HOOKED (Unknown @ 0x886696E0)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x82FF6B32 -> HOOKED (Unknown @ 0x88BB8F90)
[Address] SSDT[60] : NtCreateFile @ 0x8307B4F1 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A89DC)
[Address] SSDT[67] : NtCreateMutant @ 0x83059993 -> HOOKED (Unknown @ 0x88B37690)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82FF9349 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A8DBA)
[Address] SSDT[78] : NtCreateThread @ 0x830CAE40 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9102)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x8309DED4 -> HOOKED (Unknown @ 0x88B37378)
[Address] SSDT[123] : NtDeleteKey @ 0x82FEB749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9476)
[Address] SSDT[126] : NtDeleteValueKey @ 0x82FE6CEA -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9544)
[Address] SSDT[127] : NtDeviceIoControlFile @ 0x8308166A -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9690)
[Address] SSDT[129] : NtDuplicateObject @ 0x83031579 -> HOOKED (Unknown @ 0x88804C98)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x82EBDE75 -> HOOKED (Unknown @ 0x88B37DF0)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82FF3F3F -> HOOKED (Unknown @ 0x88B37738)
[Address] SSDT[158] : NtImpersonateThread @ 0x83009589 -> HOOKED (Unknown @ 0x88B377D0)
[Address] SSDT[165] : NtLoadDriver @ 0x82FA4E12 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB062)
[Address] SSDT[177] : NtMapViewOfSection @ 0x83049994 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB480)
[Address] SSDT[184] : NtOpenEvent @ 0x83032DF7 -> HOOKED (Unknown @ 0x88B375F8)
[Address] SSDT[186] : NtOpenFile @ 0x8303F4E7 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB798)
[Address] SSDT[189] : NtOpenKey @ 0x83041790 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB962)
[Address] SSDT[194] : NtOpenProcess @ 0x8305A12F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB974)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8303AA58 -> HOOKED (Unknown @ 0x88804C00)
[Address] SSDT[197] : NtOpenSection @ 0x8304A78C -> HOOKED (Unknown @ 0x88B374C8)
[Address] SSDT[201] : NtOpenThread @ 0x8305562B -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC03E)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x830533E2 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0D2)
[Address] SSDT[255] : NtQueueApcThread @ 0x82FEA889 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0E4)
[Address] SSDT[282] : NtResumeThread @ 0x83054C4A -> HOOKED (Unknown @ 0x88B37998)
[Address] SSDT[286] : NtSecureConnectPort @ 0x83006749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC3E6)
[Address] SSDT[289] : NtSetContextThread @ 0x830CC2CF -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC452)
[Address] SSDT[305] : NtSetInformationProcess @ 0x8304D9E6 -> HOOKED (Unknown @ 0x88B37BF8)
[Address] SSDT[317] : NtSetSystemInformation @ 0x8301FF1E -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC78A)
[Address] SSDT[324] : NtSetValueKey @ 0x83017405 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC7F4)
[Address] SSDT[330] : NtSuspendProcess @ 0x830CC75F -> HOOKED (Unknown @ 0x88B37560)
[Address] SSDT[331] : NtSuspendThread @ 0x82FD3945 -> HOOKED (Unknown @ 0x88B37A30)
[Address] SSDT[335] : NtTerminateThread @ 0x83055660 -> HOOKED (Unknown @ 0x88B37AC8)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x83049C57 -> HOOKED (Unknown @ 0x88B37CA0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x83046A27 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AECBA)
[Address] SSDT[382] : NtCreateThreadEx @ 0x83055115 -> HOOKED (Unknown @ 0x88BB8E30)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A99BA)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9CD2)
[Address] Shadow SSDT[124] : NtGdiDeleteObjectApp -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FE4)
[Address] Shadow SSDT[198] : NtGdiGetPixel -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FFE)
[Address] Shadow SSDT[235] : NtGdiMaskBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA324)
[Address] Shadow SSDT[241] : NtGdiOpenDCW -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA63C)
[Address] Shadow SSDT[245] : NtGdiPlgBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA716)
[Address] Shadow SSDT[301] : NtGdiStretchBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAA38)
[Address] Shadow SSDT[307] : NtGdiTransparentBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAD4E)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACC36)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACFA8)
[Address] Shadow SSDT[401] : NtUserGetClassInfoEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD2C4)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88D52790)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD740)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87EAB3A0)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADA54)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADD68)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDDE)
[Address] Shadow SSDT[513] : NtUserRegisterRawInputDevices -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDF0)
[Address] Shadow SSDT[525] : NtUserSendInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE1F4)
[Address] Shadow SSDT[532] : NtUserSetClipboardViewer -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE538)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEB2E)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE80E)
[Address] Shadow SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEC98)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x581972B1)
[Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x401937CC)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] ebfcc064a0def3c12df1e244eec8c8de
[BSP] e5ecab62487d0dea97643843967a883e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01312014_115305.txt >>
RKreport[0]_S_01312014_115108.txt

and the 2nd one
RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : carm [Admin rights]
Mode : Scan -- Date : 01/31/2014 11:51:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : {1606DC18-9578-4cbd-8312-8E9868F06A1D} ("C:\Users\carm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IONC97NI\cfw_installer_x86[1].exe" -lang 1033 -restore C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf [x][-]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x830CC823 -> HOOKED (Unknown @ 0x88B37868)
[Address] SSDT[14] : NtAlertThread @ 0x8304534F -> HOOKED (Unknown @ 0x88B37900)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8308169D -> HOOKED (Unknown @ 0x88B37F60)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x830238A7 -> HOOKED (Unknown @ 0x886696E0)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x82FF6B32 -> HOOKED (Unknown @ 0x88BB8F90)
[Address] SSDT[60] : NtCreateFile @ 0x8307B4F1 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A89DC)
[Address] SSDT[67] : NtCreateMutant @ 0x83059993 -> HOOKED (Unknown @ 0x88B37690)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82FF9349 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A8DBA)
[Address] SSDT[78] : NtCreateThread @ 0x830CAE40 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9102)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x8309DED4 -> HOOKED (Unknown @ 0x88B37378)
[Address] SSDT[123] : NtDeleteKey @ 0x82FEB749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9476)
[Address] SSDT[126] : NtDeleteValueKey @ 0x82FE6CEA -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9544)
[Address] SSDT[127] : NtDeviceIoControlFile @ 0x8308166A -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9690)
[Address] SSDT[129] : NtDuplicateObject @ 0x83031579 -> HOOKED (Unknown @ 0x88804C98)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x82EBDE75 -> HOOKED (Unknown @ 0x88B37DF0)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82FF3F3F -> HOOKED (Unknown @ 0x88B37738)
[Address] SSDT[158] : NtImpersonateThread @ 0x83009589 -> HOOKED (Unknown @ 0x88B377D0)
[Address] SSDT[165] : NtLoadDriver @ 0x82FA4E12 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB062)
[Address] SSDT[177] : NtMapViewOfSection @ 0x83049994 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB480)
[Address] SSDT[184] : NtOpenEvent @ 0x83032DF7 -> HOOKED (Unknown @ 0x88B375F8)
[Address] SSDT[186] : NtOpenFile @ 0x8303F4E7 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB798)
[Address] SSDT[189] : NtOpenKey @ 0x83041790 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB962)
[Address] SSDT[194] : NtOpenProcess @ 0x8305A12F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB974)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8303AA58 -> HOOKED (Unknown @ 0x88804C00)
[Address] SSDT[197] : NtOpenSection @ 0x8304A78C -> HOOKED (Unknown @ 0x88B374C8)
[Address] SSDT[201] : NtOpenThread @ 0x8305562B -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC03E)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x830533E2 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0D2)
[Address] SSDT[255] : NtQueueApcThread @ 0x82FEA889 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0E4)
[Address] SSDT[282] : NtResumeThread @ 0x83054C4A -> HOOKED (Unknown @ 0x88B37998)
[Address] SSDT[286] : NtSecureConnectPort @ 0x83006749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC3E6)
[Address] SSDT[289] : NtSetContextThread @ 0x830CC2CF -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC452)
[Address] SSDT[305] : NtSetInformationProcess @ 0x8304D9E6 -> HOOKED (Unknown @ 0x88B37BF8)
[Address] SSDT[317] : NtSetSystemInformation @ 0x8301FF1E -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC78A)
[Address] SSDT[324] : NtSetValueKey @ 0x83017405 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC7F4)
[Address] SSDT[330] : NtSuspendProcess @ 0x830CC75F -> HOOKED (Unknown @ 0x88B37560)
[Address] SSDT[331] : NtSuspendThread @ 0x82FD3945 -> HOOKED (Unknown @ 0x88B37A30)
[Address] SSDT[335] : NtTerminateThread @ 0x83055660 -> HOOKED (Unknown @ 0x88B37AC8)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x83049C57 -> HOOKED (Unknown @ 0x88B37CA0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x83046A27 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AECBA)
[Address] SSDT[382] : NtCreateThreadEx @ 0x83055115 -> HOOKED (Unknown @ 0x88BB8E30)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A99BA)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9CD2)
[Address] Shadow SSDT[124] : NtGdiDeleteObjectApp -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FE4)
[Address] Shadow SSDT[198] : NtGdiGetPixel -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FFE)
[Address] Shadow SSDT[235] : NtGdiMaskBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA324)
[Address] Shadow SSDT[241] : NtGdiOpenDCW -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA63C)
[Address] Shadow SSDT[245] : NtGdiPlgBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA716)
[Address] Shadow SSDT[301] : NtGdiStretchBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAA38)
[Address] Shadow SSDT[307] : NtGdiTransparentBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAD4E)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACC36)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACFA8)
[Address] Shadow SSDT[401] : NtUserGetClassInfoEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD2C4)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88D52790)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD740)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87EAB3A0)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADA54)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADD68)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDDE)
[Address] Shadow SSDT[513] : NtUserRegisterRawInputDevices -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDF0)
[Address] Shadow SSDT[525] : NtUserSendInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE1F4)
[Address] Shadow SSDT[532] : NtUserSetClipboardViewer -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE538)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEB2E)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE80E)
[Address] Shadow SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEC98)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x581972B1)
[Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x401937CC)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] ebfcc064a0def3c12df1e244eec8c8de
[BSP] e5ecab62487d0dea97643843967a883e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01312014_115108.txt >>
February 1st, 2014, 09:12 AM
nlday

hi and thanks broni
just had an unexplained shutdown on this lightly used dell vista
here is 2 RK logs...
ogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : carm [Admin rights]
Mode : Remove -- Date : 01/31/2014 11:53:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : {1606DC18-9578-4cbd-8312-8E9868F06A1D} ("C:\Users\carm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IONC97NI\cfw_installer_x86[1].exe" -lang 1033 -restore C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf [x][-]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x830CC823 -> HOOKED (Unknown @ 0x88B37868)
[Address] SSDT[14] : NtAlertThread @ 0x8304534F -> HOOKED (Unknown @ 0x88B37900)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8308169D -> HOOKED (Unknown @ 0x88B37F60)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x830238A7 -> HOOKED (Unknown @ 0x886696E0)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x82FF6B32 -> HOOKED (Unknown @ 0x88BB8F90)
[Address] SSDT[60] : NtCreateFile @ 0x8307B4F1 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A89DC)
[Address] SSDT[67] : NtCreateMutant @ 0x83059993 -> HOOKED (Unknown @ 0x88B37690)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82FF9349 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A8DBA)
[Address] SSDT[78] : NtCreateThread @ 0x830CAE40 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9102)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x8309DED4 -> HOOKED (Unknown @ 0x88B37378)
[Address] SSDT[123] : NtDeleteKey @ 0x82FEB749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9476)
[Address] SSDT[126] : NtDeleteValueKey @ 0x82FE6CEA -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9544)
[Address] SSDT[127] : NtDeviceIoControlFile @ 0x8308166A -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9690)
[Address] SSDT[129] : NtDuplicateObject @ 0x83031579 -> HOOKED (Unknown @ 0x88804C98)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x82EBDE75 -> HOOKED (Unknown @ 0x88B37DF0)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82FF3F3F -> HOOKED (Unknown @ 0x88B37738)
[Address] SSDT[158] : NtImpersonateThread @ 0x83009589 -> HOOKED (Unknown @ 0x88B377D0)
[Address] SSDT[165] : NtLoadDriver @ 0x82FA4E12 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB062)
[Address] SSDT[177] : NtMapViewOfSection @ 0x83049994 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB480)
[Address] SSDT[184] : NtOpenEvent @ 0x83032DF7 -> HOOKED (Unknown @ 0x88B375F8)
[Address] SSDT[186] : NtOpenFile @ 0x8303F4E7 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB798)
[Address] SSDT[189] : NtOpenKey @ 0x83041790 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB962)
[Address] SSDT[194] : NtOpenProcess @ 0x8305A12F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB974)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8303AA58 -> HOOKED (Unknown @ 0x88804C00)
[Address] SSDT[197] : NtOpenSection @ 0x8304A78C -> HOOKED (Unknown @ 0x88B374C8)
[Address] SSDT[201] : NtOpenThread @ 0x8305562B -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC03E)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x830533E2 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0D2)
[Address] SSDT[255] : NtQueueApcThread @ 0x82FEA889 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0E4)
[Address] SSDT[282] : NtResumeThread @ 0x83054C4A -> HOOKED (Unknown @ 0x88B37998)
[Address] SSDT[286] : NtSecureConnectPort @ 0x83006749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC3E6)
[Address] SSDT[289] : NtSetContextThread @ 0x830CC2CF -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC452)
[Address] SSDT[305] : NtSetInformationProcess @ 0x8304D9E6 -> HOOKED (Unknown @ 0x88B37BF8)
[Address] SSDT[317] : NtSetSystemInformation @ 0x8301FF1E -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC78A)
[Address] SSDT[324] : NtSetValueKey @ 0x83017405 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC7F4)
[Address] SSDT[330] : NtSuspendProcess @ 0x830CC75F -> HOOKED (Unknown @ 0x88B37560)
[Address] SSDT[331] : NtSuspendThread @ 0x82FD3945 -> HOOKED (Unknown @ 0x88B37A30)
[Address] SSDT[335] : NtTerminateThread @ 0x83055660 -> HOOKED (Unknown @ 0x88B37AC8)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x83049C57 -> HOOKED (Unknown @ 0x88B37CA0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x83046A27 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AECBA)
[Address] SSDT[382] : NtCreateThreadEx @ 0x83055115 -> HOOKED (Unknown @ 0x88BB8E30)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A99BA)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9CD2)
[Address] Shadow SSDT[124] : NtGdiDeleteObjectApp -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FE4)
[Address] Shadow SSDT[198] : NtGdiGetPixel -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FFE)
[Address] Shadow SSDT[235] : NtGdiMaskBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA324)
[Address] Shadow SSDT[241] : NtGdiOpenDCW -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA63C)
[Address] Shadow SSDT[245] : NtGdiPlgBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA716)
[Address] Shadow SSDT[301] : NtGdiStretchBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAA38)
[Address] Shadow SSDT[307] : NtGdiTransparentBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAD4E)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACC36)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACFA8)
[Address] Shadow SSDT[401] : NtUserGetClassInfoEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD2C4)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88D52790)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD740)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87EAB3A0)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADA54)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADD68)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDDE)
[Address] Shadow SSDT[513] : NtUserRegisterRawInputDevices -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDF0)
[Address] Shadow SSDT[525] : NtUserSendInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE1F4)
[Address] Shadow SSDT[532] : NtUserSetClipboardViewer -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE538)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEB2E)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE80E)
[Address] Shadow SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEC98)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x581972B1)
[Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x401937CC)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] ebfcc064a0def3c12df1e244eec8c8de
[BSP] e5ecab62487d0dea97643843967a883e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01312014_115305.txt >>
RKreport[0]_S_01312014_115108.txt

and the 2nd one
RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : carm [Admin rights]
Mode : Scan -- Date : 01/31/2014 11:51:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : {1606DC18-9578-4cbd-8312-8E9868F06A1D} ("C:\Users\carm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IONC97NI\cfw_installer_x86[1].exe" -lang 1033 -restore C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf [x][-]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x830CC823 -> HOOKED (Unknown @ 0x88B37868)
[Address] SSDT[14] : NtAlertThread @ 0x8304534F -> HOOKED (Unknown @ 0x88B37900)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8308169D -> HOOKED (Unknown @ 0x88B37F60)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x830238A7 -> HOOKED (Unknown @ 0x886696E0)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x82FF6B32 -> HOOKED (Unknown @ 0x88BB8F90)
[Address] SSDT[60] : NtCreateFile @ 0x8307B4F1 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A89DC)
[Address] SSDT[67] : NtCreateMutant @ 0x83059993 -> HOOKED (Unknown @ 0x88B37690)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82FF9349 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A8DBA)
[Address] SSDT[78] : NtCreateThread @ 0x830CAE40 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9102)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x8309DED4 -> HOOKED (Unknown @ 0x88B37378)
[Address] SSDT[123] : NtDeleteKey @ 0x82FEB749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9476)
[Address] SSDT[126] : NtDeleteValueKey @ 0x82FE6CEA -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9544)
[Address] SSDT[127] : NtDeviceIoControlFile @ 0x8308166A -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9690)
[Address] SSDT[129] : NtDuplicateObject @ 0x83031579 -> HOOKED (Unknown @ 0x88804C98)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x82EBDE75 -> HOOKED (Unknown @ 0x88B37DF0)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82FF3F3F -> HOOKED (Unknown @ 0x88B37738)
[Address] SSDT[158] : NtImpersonateThread @ 0x83009589 -> HOOKED (Unknown @ 0x88B377D0)
[Address] SSDT[165] : NtLoadDriver @ 0x82FA4E12 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB062)
[Address] SSDT[177] : NtMapViewOfSection @ 0x83049994 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB480)
[Address] SSDT[184] : NtOpenEvent @ 0x83032DF7 -> HOOKED (Unknown @ 0x88B375F8)
[Address] SSDT[186] : NtOpenFile @ 0x8303F4E7 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB798)
[Address] SSDT[189] : NtOpenKey @ 0x83041790 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB962)
[Address] SSDT[194] : NtOpenProcess @ 0x8305A12F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AB974)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8303AA58 -> HOOKED (Unknown @ 0x88804C00)
[Address] SSDT[197] : NtOpenSection @ 0x8304A78C -> HOOKED (Unknown @ 0x88B374C8)
[Address] SSDT[201] : NtOpenThread @ 0x8305562B -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC03E)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x830533E2 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0D2)
[Address] SSDT[255] : NtQueueApcThread @ 0x82FEA889 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC0E4)
[Address] SSDT[282] : NtResumeThread @ 0x83054C4A -> HOOKED (Unknown @ 0x88B37998)
[Address] SSDT[286] : NtSecureConnectPort @ 0x83006749 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC3E6)
[Address] SSDT[289] : NtSetContextThread @ 0x830CC2CF -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC452)
[Address] SSDT[305] : NtSetInformationProcess @ 0x8304D9E6 -> HOOKED (Unknown @ 0x88B37BF8)
[Address] SSDT[317] : NtSetSystemInformation @ 0x8301FF1E -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC78A)
[Address] SSDT[324] : NtSetValueKey @ 0x83017405 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AC7F4)
[Address] SSDT[330] : NtSuspendProcess @ 0x830CC75F -> HOOKED (Unknown @ 0x88B37560)
[Address] SSDT[331] : NtSuspendThread @ 0x82FD3945 -> HOOKED (Unknown @ 0x88B37A30)
[Address] SSDT[335] : NtTerminateThread @ 0x83055660 -> HOOKED (Unknown @ 0x88B37AC8)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x83049C57 -> HOOKED (Unknown @ 0x88B37CA0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x83046A27 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AECBA)
[Address] SSDT[382] : NtCreateThreadEx @ 0x83055115 -> HOOKED (Unknown @ 0x88BB8E30)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A99BA)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9CD2)
[Address] Shadow SSDT[124] : NtGdiDeleteObjectApp -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FE4)
[Address] Shadow SSDT[198] : NtGdiGetPixel -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5A9FFE)
[Address] Shadow SSDT[235] : NtGdiMaskBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA324)
[Address] Shadow SSDT[241] : NtGdiOpenDCW -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA63C)
[Address] Shadow SSDT[245] : NtGdiPlgBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AA716)
[Address] Shadow SSDT[301] : NtGdiStretchBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAA38)
[Address] Shadow SSDT[307] : NtGdiTransparentBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AAD4E)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACC36)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ACFA8)
[Address] Shadow SSDT[401] : NtUserGetClassInfoEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD2C4)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88D52790)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AD740)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87EAB3A0)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADA54)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADD68)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDDE)
[Address] Shadow SSDT[513] : NtUserRegisterRawInputDevices -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5ADDF0)
[Address] Shadow SSDT[525] : NtUserSendInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE1F4)
[Address] Shadow SSDT[532] : NtUserSetClipboardViewer -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE538)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEB2E)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AE80E)
[Address] Shadow SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x9A5AEC98)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3605BD66)
[Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x581972B1)
[Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x401937CC)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD2500JS-75NCB3 +++++
--- User ---
[MBR] ebfcc064a0def3c12df1e244eec8c8de
[BSP] e5ecab62487d0dea97643843967a883e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01312014_115108.txt >>
February 1st, 2014, 09:17 AM
nlday

here's the 2 mbar reports..looks like it's clean
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.31.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
carm :: CARM-PC [administrator]

1/31/2014 12:21:25 PM
mbar-log-2014-01-31 (12-21-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 267737
Time elapsed: 13 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.862000 GHz
Memory total: 3218305024, free: 1257193472

Downloaded database version: v2014.01.31.08
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/31/2014 12:21:18
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360\1501000.012\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360\1501000.012\SYMEFA.SYS
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\System32\Drivers\IntelDH.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\N360\1501000.012\ccSetx86.sys
\SystemRoot\System32\Drivers\N360\1501000.012\SRTSP.SYS
\SystemRoot\system32\drivers\N360\1501000.012\SRTSPX.SYS
\SystemRoot\system32\drivers\N360\1501000.012\Ironx86.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\KeyCrypt32.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\N360\1501000.012\SYMTDIV.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys
\??\C:\Windows\system32\drivers\AntiLog32.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nmsgopro.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140130.001\IDSvix86.sys
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\NAVEX15.SYS
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\NAVENG.SYS
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8750eac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff864fc030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8750eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8750e7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8750eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff864fc030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 50000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 112640 Numsec = 20971520

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21084160 Numsec = 467193856
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-21084160-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.862000 GHz
Memory total: 3218305024, free: 1777938432

=======================================
Initializing...
------------ Kernel report ------------
02/01/2014 06:11:09
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360\1501000.012\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360\1501000.012\SYMEFA.SYS
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\System32\Drivers\IntelDH.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\N360\1501000.012\ccSetx86.sys
\SystemRoot\System32\Drivers\N360\1501000.012\SRTSP.SYS
\SystemRoot\system32\drivers\N360\1501000.012\SRTSPX.SYS
\SystemRoot\system32\drivers\N360\1501000.012\Ironx86.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\NAVEX15.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\NAVENG.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\KeyCrypt32.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\N360\1501000.012\SYMTDIV.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140130.001\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys
\??\C:\Windows\system32\drivers\AntiLog32.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nmsgopro.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff875e0ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff864fc030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff875e0ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff875e07b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff875e0ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff864fc030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 50000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 112640 Numsec = 20971520

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21084160 Numsec = 467193856
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Scan finished
February 1st, 2014, 06:47 PM
Broni
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
- Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
February 1st, 2014, 07:29 PM
nlday

thanks broni
combofix ran just fine, did not need to try the other one? .....here is the log
ComboFix 14-02-01.01 - carm 02/01/2014 17:06:22.1.2 - x86
Running from: c:\users\carm\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\1371844031.bdinstall.bin
c:\programdata\1371845029.bdinstall.bin
c:\programdata\1371845039.bdinstall.bin
c:\users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\[email protected]
c:\users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\[email protected]\chrome.manifest
c:\users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\[email protected]\chrome\64ffxtbr.jar
c:\users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\[email protected]\install.rdf
c:\users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\[email protected]\installKeys.js
c:\users\carm\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\carm\GoToAssistDownloadHelper.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-01-01 to 2014-02-01 )))))))))))))))))))))))))))))))
.
.
2014-02-01 23:18 . 2014-02-01 23:18 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2014-02-01 23:18 . 2014-02-01 23:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-01 23:18 . 2014-02-01 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-31 18:21 . 2014-02-01 12:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-31 18:21 . 2014-02-01 12:11 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-31 18:19 . 2014-02-01 12:10 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-21 19:43 . 2012-04-04 19:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-21 19:43 . 2011-10-09 19:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-30 19:35 . 2013-06-25 18:31 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2013-12-06 20:28 . 2013-06-25 18:44 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-12-06 19:40 . 2013-12-06 19:47 199240 ----a-w- c:\windows\system32\g2ax_credential_provider_594.dll
2013-11-14 22:50 . 2013-12-11 20:10 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-11 20:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-11 20:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-11 20:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-11 20:10 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-11 20:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 21:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 21:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 21:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 21:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2006-10-19 262144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-15 5625624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2013-12-06 19:40 610888 ----a-w- c:\program files\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KEYCRY~1\KeyCrypt32(2).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 16:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2010-03-09 11:17 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2006-11-18 13:01 182744 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-11-12 08:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-03 22:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 18:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 06:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2007-08-31 19:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
2006-09-26 16:56 423424 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-04-14 07:33 13687328 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-04-14 07:33 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-04-14 07:33 641568 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-11-22 22:56 303104 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-09-09 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-29 19:43]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 21:19]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thefreedictionary.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - ExtSQL: !HIDDEN! 2009-07-27 18:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-06-18 12:56; 7iffxtbr@PopularScreensavers_7i.com; c:\program files\PopularScreensavers_7i\bar\1.bin

.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
MSConfigStartUp-SetupWizard - E:\SetupWizard.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-01 17:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
? [46408]
? [55324]
? [55336]
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1501000.012\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-02-01 17:22:58
ComboFix-quarantined-files.txt 2014-02-01 23:22
.
Pre-Run: 153,555,845,120 bytes free
Post-Run: 153,484,271,616 bytes free
.
- - End Of File - - 248E054141619112143948E6954A0ADD
5C616939100B85E558DA92B899A0FC36
February 1st, 2014, 09:42 PM
Broni
Looks good.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
http://dev.discussions.virtualdr.forums.relay.cool/ Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
February 2nd, 2014, 08:35 AM
nlday

# AdwCleaner v3.018 - Report created 01/02/2014 at 20:47:17
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : carm - CARM-PC
# Running from : C:\Users\carm\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\PopularScreensavers
Folder Deleted : C:\Users\carm\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\Extensions\7iffxtbr@PopularScreensavers_7i.com
File Deleted : C:\Windows\system32\p5PSSavr.scr
File Deleted : C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [7iffxtbr@PopularScreensavers_7i.com]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKLM\Software\PopularScreensavers
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TelevisionFanaticbar Uninstall

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\prefs.js ]

Line Deleted : user_pref("extensions.snipit.askTbInstalled", true);

-\\ Google Chrome v

[ File : C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

the JRT wouldn't run
here is adw

AdwCleaner[R0].txt - [4668 octets] - [01/02/2014 20:35:17]
AdwCleaner[S0].txt - [4673 octets] - [01/02/2014 20:47:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4733 octets] ##########
February 2nd, 2014, 08:38 AM
nlday

the JRT wouldnot run
OTL logfile created on: 2/2/2014 6:08:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\carm\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.25% Memory free
6.21 Gb Paging File | 4.70 Gb Available in Paging File | 75.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 142.51 Gb Free Space | 63.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.11 Gb Free Space | 51.13% Space Free | Partition Type: NTFS

Computer Name: CARM-PC | User Name: carm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/02 06:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\carm\Downloads\OTL.exe
PRC - [2014/01/15 10:54:47 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/11 13:57:25 | 000,041,024 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/12/11 13:57:22 | 004,383,296 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/12/06 13:40:04 | 000,610,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_user_customer.exe
PRC - [2013/12/06 13:40:04 | 000,610,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_system_customer.exe
PRC - [2013/12/06 13:40:04 | 000,610,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe
PRC - [2013/12/06 13:40:04 | 000,610,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_comm_customer.exe
PRC - [2013/10/18 15:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2012/09/09 17:29:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/12/21 06:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 06:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 06:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/11/22 16:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/10/19 15:58:44 | 000,512,000 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2006/10/19 15:58:06 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/04/07 14:02:24 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/30 14:08:59 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\58599be6aedb2bcc25a266fc1efcc03c\WindowsFormsIntegration.ni.dll
MOD - [2013/12/30 14:00:34 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\9dcf4adb73ccc5397321c688a6a532c7\System.ServiceModel.Web.ni.dll
MOD - [2013/12/30 14:00:20 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll
MOD - [2013/12/30 13:59:21 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5fe10bae336585d4703262f1f2d110ee\System.IdentityModel.ni.dll
MOD - [2013/12/30 13:58:56 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\49d7f498821498b3d5e9fe5bafceba41\System.Xml.Linq.ni.dll
MOD - [2013/12/30 13:50:17 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll
MOD - [2013/12/30 13:50:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\64c51ef21713c34883a839dd202ff655\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2013/12/30 13:50:12 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll
MOD - [2013/12/30 13:50:11 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\ff13f9fe7d9433f2f399f805f8106ff5\PresentationFramework-SystemData.ni.dll
MOD - [2013/12/16 14:55:02 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2013/12/16 14:54:43 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013/12/16 14:54:32 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\13f5eb7285c90c219d2be24eebb55cd9\System.Management.ni.dll
MOD - [2013/12/16 14:54:30 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013/12/16 14:54:22 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll
MOD - [2013/12/16 14:54:22 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll
MOD - [2013/12/16 14:54:21 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll
MOD - [2013/12/16 14:54:15 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll
MOD - [2013/12/16 14:54:02 | 001,870,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b5fd06157db989bbf02ee1a3cd6a583b\System.Web.Services.ni.dll
MOD - [2013/12/16 14:53:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll
MOD - [2013/12/16 14:53:54 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\0ab04fef0fc6f97df51351e743e30e7a\System.Data.ni.dll
MOD - [2013/12/16 14:53:47 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2013/12/16 14:53:43 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll
MOD - [2013/12/16 14:53:43 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll
MOD - [2013/12/16 14:53:38 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013/12/16 14:53:33 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013/12/16 14:53:28 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013/12/16 14:53:22 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013/12/16 14:53:11 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\139993b400194f04600f318d33c89fbf\System.Numerics.ni.dll
MOD - [2013/12/16 14:53:09 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2013/12/11 13:57:28 | 000,549,272 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/08/20 15:17:00 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/20 15:10:37 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/14 18:49:26 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2006/10/19 15:58:06 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe

========== Services (SafeList) ==========

SRV - [2014/01/21 13:43:44 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/11 13:57:25 | 000,041,024 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/12/06 13:40:04 | 000,610,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/18 15:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/09 17:29:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/12/21 06:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 06:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/10/19 15:58:44 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\carm\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/01/31 05:36:21 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140201.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/01/31 05:36:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140201.002\NAVENG.SYS -- (NAVENG)
DRV - [2014/01/21 13:15:46 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140131.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/12/30 13:35:17 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/12/17 18:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/12/11 05:09:31 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/12/06 14:28:51 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/11/25 17:16:56 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/26 21:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 20:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 20:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 21:27:59 | 000,383,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symtdiv.sys -- (SYMTDIv)
DRV - [2013/09/25 20:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 20:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 19:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/07/24 10:25:24 | 000,024,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2011/08/04 18:27:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 18:27:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/12/02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/24 10:59:43 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/14 01:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/01/18 22:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/03/05 08:50:30 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/22 16:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thefreedictionary.com/
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\SearchScopes\{1B69A83A-DC2A-4270-B912-850112D70243}: "URL" = http://www.bing.com/search?FORM=IE8SRC&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.thefreedictionary.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@popularscreensavers.com/Plugin: C:\Program Files\PopularScreensavers\NPp5Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@PopularScreensavers_7i.com/Plugin: C:\Program Files\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/02/01 21:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/06 15:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/23 15:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/21 13:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/10/14 17:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/23 15:42:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/21 13:36:35 | 000,000,000 | ---D | M]

[2010/05/09 18:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carm\AppData\Roaming\Mozilla\Extensions
[2010/05/09 18:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carm\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/02/01 20:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions
[2013/06/25 13:29:39 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2012/03/10 17:30:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/02/01 07:52:39 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009/09/26 17:43:06 | 000,002,163 | ---- | M] () -- C:\Users\carm\AppData\Roaming\Mozilla\Firefox\Profiles\mkdp91jr.default\searchplugins\bing.xml
[2013/05/23 14:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/15 11:06:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/15 11:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/16 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/16 15:13:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/19 06:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2012/12/18 11:21:58 | 000,031,456 | ---- | M] (popularscreensavers.com) -- C:\Program Files\mozilla firefox\plugins\NPp5Stub.dll

========== Chrome ==========

CHR - homepage: http://xfinity.comcast.net/?cid=insDate06162013
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: Popular Screensavers Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPp5Stub.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Docs = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Xfinity = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb\1_0\
CHR - Extension: Norton Identity Protection = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Gmail = C:\Users\carm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/01 17:18:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EE27FAF-F026-4199-B902-72AE9B548541}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KeyCrypt32(2).dll) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 20:35:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/01 17:57:13 | 000,000,000 | ---D | C] -- C:\Users\carm\Desktop\fixlogs
[2014/02/01 17:23:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/01 17:03:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/01 17:03:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/01 17:03:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/01 17:03:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/01 17:03:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/31 12:21:18 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/01/31 12:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/31 12:19:56 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

========== Files - Modified Within 30 Days ==========

[2014/02/02 06:04:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/02 06:00:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 05:59:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 05:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/02 01:11:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/02 01:11:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 21:10:56 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/01 20:32:12 | 000,001,208 | ---- | M] () -- C:\Users\carm\Desktop\Welcome to HealthStream.website
[2014/02/01 17:18:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/02/01 06:11:09 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/02/01 06:10:04 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/30 20:07:32 | 000,650,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/30 20:07:32 | 000,122,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/30 19:59:35 | 608,042,923 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2014/02/01 17:03:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/01 17:03:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/01 17:03:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/01 17:03:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/01 17:03:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/25 12:38:14 | 000,000,900 | ---- | C] () -- C:\Users\carm\Norton Installation Files.lnk
[2011/04/26 17:44:07 | 000,000,680 | ---- | C] () -- C:\Users\carm\AppData\Local\d3d9caps.dat
[2011/01/01 11:38:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/26 20:54:17 | 000,000,294 | ---- | C] () -- C:\Users\carm\carm - Shortcut (3).lnk
[2009/09/26 20:53:05 | 000,000,294 | ---- | C] () -- C:\Users\carm\carm - Shortcut (2).lnk
[2009/09/26 20:53:01 | 000,000,294 | ---- | C] () -- C:\Users\carm\carm - Shortcut.lnk
[2008/08/30 16:31:43 | 000,028,750 | ---- | C] () -- C:\Users\carm\AppData\Roaming\wklnhst.dat
[2007/03/17 13:22:17 | 000,000,092 | ---- | C] () -- C:\Users\carm\AppData\Local\fusioncache.dat
[2007/03/17 13:08:05 | 000,031,744 | ---- | C] () -- C:\Users\carm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/04/28 10:07:57 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/02/02 06:09:32 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\ID Vault
[2013/06/21 13:47:55 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\QuickScan
[2008/12/06 13:59:01 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\Template
[2010/05/09 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\Thunderbird
[2014/02/01 07:24:14 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\WeatherBug
[2007/03/18 09:33:53 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\WildTangent
[2013/06/23 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\carm\AppData\Roaming\Windows Live Writer
[2013/11/02 09:31:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ID Vault
[2011/09/05 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PCToolsFirewallPlus
[2007/03/27 15:22:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
February 2nd, 2014, 08:41 AM
nlday

will try jrt again
OTL Extras logfile created on: 2/2/2014 6:08:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\carm\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.25% Memory free
6.21 Gb Paging File | 4.70 Gb Available in Paging File | 75.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 142.51 Gb Free Space | 63.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.11 Gb Free Space | 51.13% Space Free | Partition Type: NTFS

Computer Name: CARM-PC | User Name: carm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051268F4-FFB7-400B-9B59-659EBD586241}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1EE6CF20-2AA1-4E8F-8B4D-A3B331BBFCB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3490FF72-C068-49F6-85FA-6667B572DBBE}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{96A801DE-FB9B-4997-A387-A46C1EE49093}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BCA48BCB-3AD7-4139-91CF-8A72A8431A9F}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{FD36F083-58B2-44C5-A1ED-DC4C7FB9A7C4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028D4633-7602-4F1B-A4FA-37EE90E97F5C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{0E5FB671-3A41-47BC-B115-234A36069BC8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{0E674BF7-003C-4C6C-93FE-8B40880DE7A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{29064514-BF03-4B56-8594-6E6414710526}" = dir=in | app=c:\program files\constant guard protection suite\idvault.exe |
"{2E9A1191-AC8A-4870-BF6B-00F7B4C7EA1F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{42453DAB-576B-42F4-A064-AF99D1A116B5}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{48848E42-81A1-4E37-87EB-08AE0C5719BB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{4A6D676B-D254-4B08-BE57-2B72AC3BEB6F}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{5C598A93-D966-4506-AEB7-08F09BF5A9A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{60A2C9BB-9A83-434D-87C4-56E81BCDFC21}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{61F13AAC-8640-4326-916D-5858EF3D8D53}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{6398A59E-763D-4352-A6F3-CDA7441EF6E3}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{6768A3E4-347E-4D91-B05E-DB1B97359614}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{68165F50-E085-4445-A352-615B22BA8900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72D2493B-520D-4774-B81C-2F2347A86DE3}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{7F0C681C-9B65-448C-916E-D9D6E65B286E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{84B0093E-7D01-42B5-ACD2-550D3953F54B}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{AB2B20B9-1706-406F-8AA9-11EBA2DEB70E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{AE0BAFAD-9AC0-418C-8148-A3DDD5448898}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{B099C65A-5AD6-4B2E-AD09-580A635C5432}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{B194AC7D-3986-4DEB-B5C2-FC83AEE47D7C}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B1D144F8-B963-46C7-AD89-334C1B61F5ED}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{BB43D14F-F755-4C90-A22D-FA1060B58616}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{BFE96F6A-C834-4B65-9725-C22214CBFA5B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{C22150C2-E27C-45B3-8535-8637CCC860F1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C34E223E-7C81-443A-96EB-65AA3C066242}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C6937F74-38B1-4980-9C8F-E233996CB978}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{CA7CC8AF-59E8-4B95-A314-0403FE910F0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC2EB91D-B7B3-4243-BC7F-8BAE70B64503}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D013EB7C-FD8B-46DE-88FB-426F9D6A0939}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D8217028-8A3C-4BF0-B0CF-2ED1CF7ADCD8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E3D51088-5512-4F38-9450-7A6484F671D0}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{E674B5C0-9885-4F19-BEDB-228710B93839}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{E6B9007D-917D-44B0-977D-36E8F80865CC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{EFB7FB4C-A662-4AFC-B98F-1B27208FB279}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{F1E88177-AF56-43AE-B6A4-ED89829DAE03}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0099B484-C24C-4D5F-8167-B0F6DF196E72}" = Adobe Shockwave Player 12.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel(R) Viiv(TM) Software
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.6.6.296
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58762801-BA53-42B3-890B-C6B9CC8CFE26}" = QuickConnect
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1DD3B5-ADC9-4440-A9A6-EFD64490C5CE}" = CyberPower PowerPanel Personal Edition
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1497C00-2605-433E-822E-3E82649CE056}" = HP Deskjet 3050 J610 series Product Improvement Study
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell PC Fax" = Dell PC Fax
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.594
"Icon Restore_is1" = Icon Restore 1.0
"ID Vault" = Constant Guard Protection Suite
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Mozilla Thunderbird 24.2.0 (x86 en-US)" = Mozilla Thunderbird 24.2.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PopularScreensavers_7ibar Uninstall" = PopularScreensavers Toolbar and Software
"Prison Tycoon 3" = Prison Tycoon 3
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"WeatherBug" = WeatherBug
"WildTangent dell Master Uninstall" = Dell Games
"WinLiveSuite" = Windows Live Essentials
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2011 11:25:20 AM | Computer Name = carm-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 6/24/2011 4:13:22 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/23/2011 9:21:01 PM | Computer Name = carm-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12fc Start Time: 01cc499f9b0426b0 Termination Time: 16

Error - 7/24/2011 10:15:59 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2011 10:15:59 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/4/2011 8:45:09 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/4/2011 10:45:18 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/10/2011 5:30:08 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/10/2011 5:30:14 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/10/2011 5:30:15 PM | Computer Name = carm-PC | Source = Windows Search Service | ID = 3013
Description =

[ IntelDH Events ]
Error - 10/17/2008 6:24:06 PM | Computer Name = carm-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: IsLimitedUser call failed

[ System Events ]
Error - 1/21/2014 3:36:18 PM | Computer Name = carm-PC | Source = DCOM | ID = 10005
Description =

Error - 1/21/2014 3:36:18 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/21/2014 3:36:18 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/25/2014 2:47:09 PM | Computer Name = carm-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 76.113.254.74 for the Network Card with network
address 001676B6772C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/30/2014 9:59:46 PM | Computer Name = carm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:57:02 PM on 1/30/2014 was unexpected.

Error - 2/1/2014 7:04:57 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/1/2014 7:05:53 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/1/2014 7:05:58 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/1/2014 7:12:13 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/1/2014 7:18:56 PM | Computer Name = carm-PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >
February 2nd, 2014, 10:33 AM
nlday

here's the JRT
[i had to trick it by going into the folder and 'run as admin' even tho i was already]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by carm on Sun 02/02/2014 at 6:43:50.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\popularscreensavers_7i.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{17B0B148-1491-4668-AD7D-1F39972E03E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{406463E6-91B4-4BBE-8182-E41FDCA2B2B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5469582E-6A71-4C2C-AB43-AB183058C88C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5C0A85B9-3980-475D-AA36-EA2EF138EC04}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6833E938-D47A-4BCA-B7D4-A712CD561127}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{756E61B2-52AE-4D73-8535-F8DF642D72E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F9BAD37-202C-468D-A046-EBDEF588616D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96D0C95F-BFE7-430E-A406-D8E2D33FEE48}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9197738-02A5-46EF-BBF9-FDE251C5A631}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B7C7E5C1-F49C-476A-A7E9-F45E5C85C995}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC07C71E-C13B-4E16-B9A4-D954C3F097B6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D952F4A1-8B38-4B62-9E1E-CB74A2917580}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E51062CE-0B63-42A4-934A-C2ABE7B3EE7B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0797C39C-6FDE-45BA-A89F-FDF91A1432D7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{13431DEE-CAD4-403C-BDC2-F36F3F3F0852}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{50CE9C1E-AFA8-494D-98F1-FFEC8965EA0A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66376EFC-73B3-41CB-8403-C19EA5A60623}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A1C4DF97-9F5A-4518-A185-B71B3E2EDFA2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A40F7F79-8927-4A4A-B0FC-D41A8BE8C018}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B956E151-3D90-489F-B109-97D5B4545D36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B985332B-07EF-4185-BBFA-805BF2130D59}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C91E811C-4C64-4705-9C79-6DCF4184CE2C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{2CF52ECC-9E7E-43D7-8F7F-BBFB10C2D36F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{32416A28-DAA5-4EE2-A5A1-6E9CB952C19D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{46A5C277-35A6-4C87-A0D2-D34D30D5A363}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{679DD02B-BFD7-439D-ADFF-20D7ED92FFD4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A5F237F3-1DA6-43AF-8CA5-CFD7BE9259A2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BBB1A756-C3A5-42CF-8FA3-BA0BD4C6F386}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{CCEC4CA8-9CE0-48E2-B203-C0239AA97A62}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EA010B0B-1015-4E3E-B752-CC20A792B34C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{FD4D02F2-EA24-4809-B0B6-805031110E8C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17B0B148-1491-4668-AD7D-1F39972E03E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{406463E6-91B4-4BBE-8182-E41FDCA2B2B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F9BAD37-202C-468D-A046-EBDEF588616D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D952F4A1-8B38-4B62-9E1E-CB74A2917580}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\carm\appdata\locallow\popularscreensavers_7i"
Successfully deleted: [Folder] "C:\Users\carm\appdata\locallow\recipehub_2j"
Successfully deleted: [Folder] "C:\Users\carm\appdata\locallow\recipehub_2jei"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\popularscreensavers_7i"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{00781B0B-9A21-4E15-A089-4DB14F982555}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{00D0757C-05D5-41AC-B47C-1E4A24DA6D8E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{0121E608-7483-4024-ACC4-EE1CF2929D32}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{02229D12-D96D-4B46-92B6-8C21DB0CDE50}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{03C0B390-53E6-4885-9144-659AE774AB20}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{05D4634A-981F-4D42-8AB9-53897903D570}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{07528F27-09AB-4F59-8333-AC0F2C1537E3}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{0872E8F3-9986-4989-A6FA-6A7EE12C13FF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{0B2CF392-48F5-4F79-8EDD-8EE2EC19C3F3}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{0C516DAC-2C32-42AE-B3D1-069BFE9707A8}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{0DC2809F-62E7-48A2-85DF-74361269098D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{0DC79A6A-310D-4BCA-A21D-DB21F5F72361}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{1017AB76-475D-46D3-8ADD-A27E3225A615}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{11EBE309-49A6-4612-8081-907C4ED2C8AD}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{12468EC9-EB91-4E77-904C-251ABD8453DE}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{125A11CB-C768-455F-89B6-A0EAB41A03B0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{156F322F-F784-44F8-91BE-CC56CBB3E414}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{15CB6EFB-93DA-4FD0-AA88-5CBCE4CE36FC}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{16EFDEE1-C86C-4035-8F7D-4F609F3FECC5}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{18A8EB46-1452-4BD0-8DCA-630B8206179E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{1AC45ED8-6CB8-4FC1-8E70-88D6DDBC8573}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{1B607E11-0B9C-4642-9438-55408592FEC0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{1DB65253-6A60-4AB7-A96C-04A58652846C}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{1E0E35DD-E609-40AF-AB88-4D23249CE90F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{1F48EAC3-E3EB-4F0F-82A0-0F3F2DEC1186}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{22E11457-2124-4C8E-A9B6-BB3B47AD8C57}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{235DA12C-D7FF-4272-B8C7-A83F7465CAE9}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{24D1F516-EEDB-462B-861B-F39241A7DBC7}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{289AB203-7ABB-4435-ABE7-EA845AE87F4A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{29E33F84-78C8-4A4A-82AA-BE0AD8DFEFEB}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{2BAE25B1-26C0-4A1F-B43B-29709D0375CB}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{2DDD2FCD-3A27-48A6-AB0D-ABDC6C302F01}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{2F957DFD-08D6-4A68-8CE9-9D12B8FB8523}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{2F980090-7A3E-4D63-9A56-AE5687CCDE4D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{32017427-F1D5-4B88-96FC-9B580BA38004}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{32E98346-208A-40B1-8602-CC12CF0BE825}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{37B9C456-60C5-41F1-A747-91750B2D20F2}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3888135E-79D3-4DF5-86CD-C28EBFD7FB8F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3A5D1A97-7174-4B5B-A2E3-7F92E95AB504}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3A9BFC28-A19D-4856-859A-515B3463023C}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3AC0C543-D7CA-4EF2-AE6F-0113E13D8262}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3C67D093-5F05-4D66-B270-CF29F66E1B94}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3E29A05B-477B-4F6F-A3E4-75EE1D9480F1}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3E693B45-2329-4B41-9927-80B7CF8449AF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{3F4E3079-445F-4CE4-A6C4-FBD3D15D16FD}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{40E501FF-B7CB-445F-B1D0-200F96E638AD}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{410BA0C2-BB18-4107-96E9-7C1FD8C84CF4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{4225B9BE-79B3-417B-B63E-6CE9FD78123A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{44138888-B933-42F2-A952-6035FEA8E197}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{44618E5F-9B4A-4A61-AEA6-E7967D7A93A9}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{4549E94F-7943-41D1-94FF-920DF434BB2C}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{473FC434-4D0E-4941-92B3-4B88BBF8FDFE}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{48A21233-4C8C-4E69-81FF-04C317405626}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{48EBF656-BE18-4286-80C3-EDA1008034C2}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{4920EDAD-6C2C-4B22-BD59-32210C813F9D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{4EA728E4-65E3-43B4-9FC9-64A1909D6C56}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{520049D2-4A3D-4E59-9EAA-508E739CCF97}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{52219782-7AFD-4993-841A-0176E6461BA1}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{52AA13DB-A9B9-445F-A918-107C113701EA}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{549A0755-EAB0-451F-949E-E1C811DB2CD4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{55724644-AAC7-46F2-952A-15B54A0AA9D9}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{55E251B7-9A3F-4CD6-AE35-5F9FA0FEFF69}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{5A770FD4-169F-4AE3-A260-8D6E9C1CC7B0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{5AA0776A-053E-4866-AC84-7CA970267B3D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{5AF7BE9D-F517-4FD0-A463-3F567A75ED4A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{5BB54CB4-B586-4126-A5A2-6F1451520D9D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{5D60A0EF-8A9E-4726-9E4C-6A5E22920B58}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{5FF15800-6048-4E60-BA48-CF12A62361EA}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{606C9B1A-DE5C-4B00-9760-F4B0796775A3}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{60DCB8A7-6F3A-40D0-87D6-04BB0C72F7E7}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{6108D3B3-059C-4FDC-B79E-D72FCE038CF9}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{62C8C7CC-0457-4FAF-9020-9D37F885E5A1}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{6325E575-993F-4EFD-B919-18478D72B12D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{63F2C787-A067-49A0-A1C8-D814DF310C39}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{6591B432-82EB-4712-8EE1-8BD4DB9CD2E7}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{6947F0B3-0D27-4270-BCC3-77BE77C3206F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{69D7B3F9-1BE6-4B25-A330-738094F4D692}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{6D542A3B-B954-44F2-90D8-27B0F6817B3D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{6E1A8FAB-0E59-4D59-AECB-8F857C08F54E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{702584A6-94F0-4FC9-BB05-2B5D52FB3139}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{71B5E9B4-69D1-43A6-921B-9711881FF5F0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{73656A34-1D43-4EE1-A630-892B8CAEEB63}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{749F119B-54BB-47EA-8F13-ECDCDB3D5850}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{75132578-4E36-4B07-8C0B-CBA370DAD1A6}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{768756E6-D165-485D-8054-91E2197ADADD}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{783CE7AE-C629-4765-9C99-9456F1181274}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{78A4A617-5379-4CBF-8B50-B9B0C8551682}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7A0EB12B-3010-416F-A450-E8198229E1E8}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7A7B60B0-E146-4844-8408-D6E923FD9533}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7ABDEB65-35B4-449F-BEB9-1FF2D42C4E0D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7B10EADC-2751-4035-A43F-C644998B806A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7C001643-38B7-4343-832E-1B992AFF10BA}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7F831E00-0EB7-4A89-9E79-98A2625D7A8B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{7FE82999-67BF-4AE9-BC1B-13391002BDE0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{80161709-39D2-4182-8342-D42DAC4F98FF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{811C9648-EF89-4017-8B9C-75A88C43E126}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{84213700-EDA1-49C5-B3B6-7352AE7CA570}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{84C495EA-1730-41B5-AA1B-6B4BDCBD4C1A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8518FBA4-8C98-4F90-B04F-5A4CBB0C1066}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{85FD8CC3-354B-4F36-8478-0D28DD376238}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{863786F1-9F4C-444B-B227-4C58A95677B5}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8724047D-BF37-4298-AB32-F237C989B9E4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{87F8F6CE-EE95-4F89-8DEA-3A75956D7E32}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{896DE889-6428-4FC2-AB5F-667D58B73C1F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{89C7EFAF-51AE-466F-BC1D-6F89BE4D89F0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8AA5BBC6-F722-4391-BABF-62403A916C08}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8C56334D-F0D8-474D-ABEC-32B1C102E600}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8C66635C-B0DB-4DF0-8453-36B696DAB322}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8C967C7E-96CC-45A7-9272-E8F650611A35}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{8D9D3AF6-7748-4D73-9212-3A5217544CFB}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{90D35DC7-0BB1-4DE9-9DA6-B3B67D7668E4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{91A6504A-F464-4949-8278-475E81B0BADA}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9419A329-53F1-485C-BF2D-45F1F7A3D0ED}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{94759463-B3C9-4818-82D5-2C57E3EE2ED6}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{95342054-AD98-41B3-A80E-C4466505D556}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{963C14DF-1886-44D7-91F9-F225058FBA31}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9921AE95-E926-4AAA-A0D6-E2233E25A00E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9922B079-2837-4AF8-892B-4783E00A96C5}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9A776F7F-FDC5-48C5-8066-FA4D5F1ACC34}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9EFFDBFC-1D17-453D-A2A4-7F08BC6EA32B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9F673FE9-4DCD-42ED-B52A-EFFD0B7C90BF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9FF190F8-E12E-49D9-9AEB-8E6CFAE6AD7C}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{9FFE5667-A68A-4EE1-A4B8-C845980C141F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A26849A9-D0BA-44F8-8EAA-E43FD7BB7E77}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A2F5573B-0B0F-49B5-BDE5-F4D5AF2B26A3}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A414B676-F8C8-4650-B5A7-44DF063E4BC7}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A53FE3C3-11E3-4F3A-AECB-72F7ECA2A82B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A5D59732-E9E0-4376-AB41-3D3303DD4EBF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A64646DE-15E9-4103-B850-168178E58275}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A67F2B6A-2100-4B7A-BE8A-C0419D1A945D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A78B0C2B-3111-4699-9A3B-589E2BF82FD4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A94A456D-18DF-4AA2-927C-7B513B8EB8A0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{A9CD108A-054F-45FB-8FE6-FEB695C5AE76}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{AB782891-2095-4A31-A3D2-2E2BDF8A669B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{AB84CCAB-6280-4D57-9207-8FFD128ECD16}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{ACB4FB45-3BE6-468A-9EC4-B036B9695845}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{AD76205C-7CD3-4137-9556-2E6C2FE95D29}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{AF1072E2-25EB-4017-A3AC-856A90D1DF1E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B00A22CD-1BC5-449A-9D0F-2E7DB723E40E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B2EF8A03-0CB4-4D32-9F7A-98D9E635F22E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B33F2198-A95B-4C9E-81B9-0D91C11C56A1}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B54D3C6A-472E-401D-A02B-5F9078CCEA9B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B6649772-300B-4B5E-81C0-48CC98ECF16B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B71C8651-CD5E-4CF7-B4E6-0F5762A3CD96}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B7209E42-06D6-4CE9-8C14-B17CF24F7002}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B95273FB-263F-4107-B9B7-ACE1FCE8D8FB}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{B98BC843-D967-4490-9DAB-6D20AA12F23D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BAA2580F-1F38-4ED6-803B-CA61C381B77F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BB959A80-F20F-4309-A8B8-80F585BBD1FD}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BBA397EE-0C16-4BDE-9708-3099800394EF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BD3FD95C-CF5B-49F2-9EB7-F1A1413813F8}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BDB98B74-3A8B-4500-9A3B-961F95A81C2B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BFBCF86B-85F1-42D9-A5D6-0DE2CAD1EB99}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{BFDF796E-01D0-41A8-8685-30022775AD66}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C021CD7F-87D5-4955-A6D9-C364B561EBE0}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C216650B-2674-4C9E-8F68-1F1C72E56E16}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C2F4472B-C7A4-48FC-A493-98534EF8C9A4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C4AE6790-44E5-4FA0-A003-32C0AD4E2804}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C5674EB5-00D4-4193-9550-D5799B86FC64}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C5A6083F-E2C8-4E9F-A002-0ADE15F0E113}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C5DE2DC5-A115-49D3-B267-3E44ABDAD577}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C7E759BE-DC11-47EB-8232-38C383389685}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C81395EB-F972-4DF8-99CD-1A647498CA76}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{C8CD8951-6006-4042-83FE-E2EFFC3928A7}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{CC589797-34B8-4137-9100-7DB1458089ED}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{CCF6EAFE-2B1F-46C7-828A-164ADD3F7F30}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D163C912-B433-4E39-9EC0-7D241167670A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D233123E-0553-44AC-BB58-41135121F9CF}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D26357A0-E302-4A4D-8447-726D54E0B50F}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D2EAB111-70B3-4AE0-9036-16F0B2C17C61}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D391DB03-7BBC-4269-A327-DDD08A937720}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D3B5B3E4-9E43-4D4C-88C1-D64CF7902AA7}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D3C94A5B-611D-415F-9350-44BBA3F4B7F4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D4800EEA-BB82-4EC9-9A4F-A1B735BEFC8D}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{D9E5F618-3BF4-45BE-B38E-909EEECD4679}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{DB3A3C9F-0E9D-4A49-B9B6-72D346EC54ED}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{DD5A4242-E3BE-41F5-9857-DE9C8804FCA2}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{DE9B8D3B-16DA-4C33-A16A-3EFDE5A9A569}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{DF136550-E900-4E8F-A87C-DF143CA25C52}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{E596444C-C28F-4147-8B4D-695B57F2D389}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{E6DDA377-53A8-4E3D-BCD8-40FF2C36C985}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{E774D056-6F20-44F5-A222-44F0E197B6EC}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{E82C84CB-CAEF-4D88-8FF4-864D92177E86}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{EAEFBD73-F9C8-4084-B436-42180368A5A6}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{EBEE934A-C78D-48BE-ACCA-3CDF674A1012}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{EC0A6342-9623-4BC3-B4D2-FBFC192EF654}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{EC3E13A5-3E0B-498C-9F3A-2EC8BFABA12A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{ECAE72B9-7CF8-4128-B8CC-052C7DA1EE1B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{EE6EC50B-FED6-49D2-8DD4-7F62CA8FD2A5}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{EF88FC37-D7C6-4582-A0F1-DC48B8A039A1}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F0313769-E3A0-4A3A-8E66-B3DACCF9433B}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F3D1EFE3-D61D-4555-A4C5-615B67E2E9DE}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F448F25F-16EB-438B-A1D7-E8E6184076B4}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F461F2B1-2EB8-4FF6-8496-C4ABF74C7125}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F5248EBD-67C2-4B84-9FE6-BD81B18B5403}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F88EF72C-CF4E-4913-ABBC-DC2C6D52D894}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F910BE10-E4D8-4E7B-8CDF-6E405C59EA83}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F9363C54-AB3D-43EF-9B44-72BE3EDAF59E}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{F9866673-29E5-4BC4-BBA3-F3D64DF8A76A}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{FC6585F5-9E1B-432B-8988-CF12F09B1DB8}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{FC913E01-AEC4-4788-8E7B-3B41B5EAAA54}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{FD457063-C4AB-4940-AB41-93AC2E08C6AE}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{FE10E547-8F7F-4D6D-B977-50E57D7DBC24}
Successfully deleted: [Empty Folder] C:\Users\carm\appdata\local\{FEA39B3C-DF14-46FB-A7F0-2CD6FC74FC19}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/02/2014 at 6:48:30.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
February 2nd, 2014, 04:23 PM
Broni
http://dev.discussions.virtualdr.forums.relay.cool/ Uninstall Constant Guard Protection Suite by Comcast. Nothing but waste of resources.

http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\carm\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) FF - HKLM\Software\MozillaPlugins\@popularscreensavers.com/Plugin: C:\Program Files\PopularScreensavers\NPp5Stub.dll File not found O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3606559871-4034222485-686357916-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6 :Services :Reg :Files C:\FRST :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
  - Internet Services
  - Windows Firewall
  - System Restore
  - Security Center
  - Windows Update
  - Windows Defender
  - Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Click on "Run ESET Online Scanner" button.
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
February 3rd, 2014, 01:26 AM
nlday

thanks bronii
i'll get back to this in the am

Show 40 post(s) from this thread on one page