I have downloaded Super AintSpyware and Avast to not to my avail my computers
performance is at a constant rate of [bleep] on a piece of bread.
I have even done a disk check and it fixed a [bleep] ton of errors. windows defender say
Win32 Small. Whatever that means..
here are my syptoms.
Blue Screen of death
Slow Doing Anything
Slow Program start.
Slow Window start up
A complete screen freeze but the mouse works
You cant even Ctrl Atl Delete
Here my OTL Logs:
OTL logfile created on: 8/3/2013 11:49:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaywanda\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 75.47% Memory free
3.49 Gb Paging File | 3.02 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 96.02 Gb Free Space | 43.69% Space Free | Partition Type: NTFS
Computer Name: KAYWANDA-PC | User Name: Kaywanda | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/08/03 11:47:18 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\aeb8069c-2235-43e8-a40b-41146a923cc3.com
PRC - [2013/08/03 10:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaywanda\Desktop\OTL (1).com
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Kaywanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Kaywanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Kaywanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- C:\Users\Kaywanda\AppData\Local\LOGMEI~1\LMIR0002.tmp\LMI_Rescue_srv.exe -- (LMIRescue_8c228621-3a3a-4408-81e2-965040e3ebe5)
SRV - [2013/06/09 22:22:48 | 001,316,024 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/17 20:12:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/11 19:37:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/29 22:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe -- (N360)
SRV - [2011/10/09 22:53:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/27 23:38:04 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 18:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/11 17:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/01 18:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kaywanda\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/07/30 09:36:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/11 08:30:29 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20130710.022\navex15.sys -- (NAVEX15)
DRV - [2013/07/11 08:30:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/11 08:30:29 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20130710.022\naveng.sys -- (NAVENG)
DRV - [2013/07/10 13:55:08 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130710.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/06/14 17:10:55 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/06/14 16:02:41 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 17:15:28 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130702.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/02 21:31:14 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/23 22:23:47 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0600010.002\SymEFA.sys -- (SymEFA)
DRV - [2011/11/23 21:50:26 | 000,574,584 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0600010.002\srtsp.sys -- (SRTSP)
DRV - [2011/11/23 21:50:26 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0600010.002\srtspx.sys -- (SRTSPX)
DRV - [2011/11/16 23:37:59 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0600010.002\symnets.sys -- (SymNetS)
DRV - [2011/11/16 23:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0600010.002\Ironx86.sys -- (SymIRON)
DRV - [2011/11/04 19:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0600010.002\ccSetx86.sys -- (ccSet_N360)
DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0600010.002\SymDS.sys -- (SymDS)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/10/28 00:10:44 | 006,465,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/10/27 23:03:20 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/09/23 20:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/06/17 05:18:24 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/06/16 17:15:36 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/05/15 08:48:24 | 000,325,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2010/05/11 06:11:48 | 001,803,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/04/28 17:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/01/26 23:04:44 | 000,183,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=73ab2607-a5f5-48b2-8c72-7ce089dd8d80&query={searchTerms}
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.26
FF - prefs.js..extensions.enabledAddons: avg@toolbar:15.3.0.11
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kaywanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kaywanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kaywanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2013/06/14 16:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2013/08/03 11:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/17 20:12:38 | 000,000,000 | ---D | M]
[2011/11/24 11:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaywanda\AppData\Roaming\Mozilla\Extensions
[2013/06/15 11:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaywanda\AppData\Roaming\Mozilla\Firefox\Profiles\d0tthmx4.default\extensions
[2013/06/15 18:03:20 | 000,002,402 | ---- | M] () -- C:\Users\Kaywanda\AppData\Roaming\Mozilla\Firefox\Profiles\d0tthmx4.default\searchplugins\bingp.xml
[2013/06/08 11:19:01 | 000,000,915 | ---- | M] () -- C:\Users\Kaywanda\AppData\Roaming\Mozilla\Firefox\Profiles\d0tthmx4.default\searchplugins\yahoo.xml
[2013/06/15 09:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/17 20:12:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/27 14:04:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/27 14:04:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kaywanda\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kaywanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kaywanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kaywanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kaywanda\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Norton Identity Protection = C:\Users\Kaywanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.1.5_0\
O1 HOSTS File: ([2013/08/03 10:55:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.0.1.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3664361437-1486554591-4173619770-1001\..Trusted Domains: argosy.edu ([mycampus] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 63.162.197.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00455211-BB30-4229-BD99-FF209A199C97}: DhcpNameServer = 192.168.0.1 63.162.197.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFC6B2CD-1E23-4439-B716-C3192A5D0AD6}: DhcpNameServer = 192.168.0.1 63.162.197.99
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/08/03 11:01:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/03 11:01:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/03 11:01:03 | 000,000,000 | ---D | C] -- C:\Users\Kaywanda\AppData\Local\temp
[2013/08/03 10:44:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/03 10:44:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/03 10:44:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/03 10:43:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/03 10:43:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/03 10:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/03 10:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/03 10:34:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaywanda\Desktop\OTL (1).com
[2013/08/03 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\Kaywanda\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/03 10:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/03 00:19:31 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/03 00:19:31 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/03 00:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/03 00:19:29 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/08/03 00:19:28 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/03 00:19:28 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/03 00:19:25 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/08/03 00:19:25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/03 00:18:24 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/07/30 16:05:58 | 000,000,000 | ---D | C] -- C:\Users\Kaywanda\Desktop\BUSFIN
[2013/07/25 00:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2013/07/20 12:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/18 07:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/07/17 19:03:19 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/07/17 19:02:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/17 17:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/07/17 17:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/07/17 17:03:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/10 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\Kaywanda\AppData\Local\LogMeIn Rescue Applet
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/03 11:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/03 11:44:36 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/03 10:55:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/03 10:41:40 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/03 10:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaywanda\Desktop\OTL (1).com
[2013/08/03 10:03:25 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 27a2f9f4-23d1-411d-b9d4-641ea796066e.job
[2013/08/03 10:03:24 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 256d1698-dddd-4537-8216-77c8be4af61d.job
[2013/08/03 00:19:33 | 000,000,034 | ---- | M] () -- C:\Windows\AvastEmUpdate.ini
[2013/08/03 00:19:31 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/03 00:19:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/03 00:19:25 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/08/02 23:59:04 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 23:59:01 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 23:46:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001UA.job
[2013/07/31 09:44:04 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001UA.job
[2013/07/31 09:29:31 | 000,000,884 | RHS- | M] () -- C:\Users\Kaywanda\ntuser.pol
[2013/07/30 09:36:57 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/07/29 22:45:03 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001Core.job
[2013/07/29 17:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001Core.job
[2013/07/29 01:39:13 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 01:39:13 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/29 01:33:28 | 182,348,407 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/17 18:45:55 | 002,319,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/17 17:55:34 | 001,804,512 | ---- | M] () -- C:\Windows\GABRIOLA.tt2
[2013/07/17 17:52:00 | 000,002,390 | ---- | M] () -- C:\Users\Kaywanda\Desktop\Google Chrome.lnk
[2013/07/10 21:22:17 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\{F25E3CE5-5FC6-4923-95C5-91B26212FBAB}.job
[2013/07/09 19:36:52 | 000,017,543 | ---- | M] () -- C:\Users\Kaywanda\Desktop\job postig.odt
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/03 10:44:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/03 10:44:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/03 10:44:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/03 10:44:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/03 10:44:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/03 10:41:40 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/03 10:03:25 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 27a2f9f4-23d1-411d-b9d4-641ea796066e.job
[2013/08/03 10:03:24 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 256d1698-dddd-4537-8216-77c8be4af61d.job
[2013/08/03 00:19:33 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2013/08/03 00:19:31 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/03 00:19:27 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/03 00:19:27 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/03 00:19:25 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/07/17 17:57:00 | 001,804,512 | ---- | C] () -- C:\Windows\GABRIOLA.tt2
[2013/07/10 21:22:17 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\{F25E3CE5-5FC6-4923-95C5-91B26212FBAB}.job
[2013/07/09 19:36:49 | 000,017,543 | ---- | C] () -- C:\Users\Kaywanda\Desktop\job postig.odt
[2013/06/15 18:03:33 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/06/14 23:17:59 | 004,341,760 | ---- | C] () -- C:\Users\Kaywanda\s-1-5-21-3664361437-1486554591-4173619770-1001.rrr
[2013/06/14 14:38:27 | 000,005,462 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\fgtrlopx
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_pspw.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_opra.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_mess.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_mail.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_ie.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_ff.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_dial.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_chro.bss
[2013/06/09 10:40:13 | 000,000,000 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\pws_cdk.bss
[2013/06/09 09:07:12 | 000,000,032 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\data.bin
[2013/06/08 12:48:27 | 000,000,980 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\cme
[2013/05/18 20:23:45 | 000,000,884 | RHS- | C] () -- C:\Users\Kaywanda\ntuser.pol
[2012/03/09 15:55:39 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/27 13:56:44 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/26 15:17:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/02/12 10:20:36 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/02/12 08:33:30 | 001,143,059 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2012/02/12 08:33:30 | 000,360,729 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/02/12 08:33:30 | 000,203,818 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/02/12 08:33:28 | 006,414,616 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2012/02/12 08:33:28 | 000,138,774 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011/12/16 11:55:45 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2011/12/15 21:01:46 | 000,003,584 | ---- | C] () -- C:\Users\Kaywanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/10/07 06:47:14 | 000,006,118 | ---- | C] () -- C:\Users\Kaywanda\AppData\Roaming\AbsoluteReminder.xml
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
========== ZeroAccess Check ==========
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/10 08:17:01 | 000,000,000 | RHSD | M] -- C:\Users\Kaywanda\AppData\Roaming\-1003476996
[2012/02/26 17:13:56 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/06/14 23:06:24 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\IObit
[2013/06/06 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\Logs
[2013/06/08 13:11:41 | 000,000,000 | -HSD | M] -- C:\Users\Kaywanda\AppData\Roaming\msnmsg
[2011/12/15 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\MusicNet
[2013/05/20 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\OpenOffice.org
[2013/06/11 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\PCFixSpeed
[2013/05/18 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\redsn0w
[2013/07/11 07:51:54 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\SoftGrid Client
[2013/06/15 18:03:46 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\Systweak
[2011/10/12 16:44:02 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\TP
[2013/05/20 18:26:11 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\TPEYO
[2013/06/15 09:22:53 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\TuneUpMedia
[2013/06/10 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\Kaywanda\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
------------------------------------------
Heres the Extras:
------------------------------------------
OTL Extras logfile created on: 8/3/2013 11:49:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaywanda\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 75.47% Memory free
3.49 Gb Paging File | 3.02 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 96.02 Gb Free Space | 43.69% Space Free | Partition Type: NTFS
Computer Name: KAYWANDA-PC | User Name: Kaywanda | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3664361437-1486554591-4173619770-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.YHT7FYECDYRXK3NICRA2XCXQKI] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050B0794-5159-40B3-81A7-E180DE02386D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A006BA8-B91D-4017-A38E-CF16CACAA340}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{23114166-49B4-4842-A616-4AC9D6448136}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{38B09D76-FBCD-472C-8977-3F1065A94F6A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{406E63CC-31F5-4CC6-AEEF-B158F080803B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4748AF5B-D773-4BA6-8B24-67ECDB486A89}" = rport=138 | protocol=17 | dir=out | app=system |
"{63674600-AD27-4B52-A650-05E37A5B9437}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73AD63E1-E301-4595-A924-92B2357C81B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{75D31E6A-6092-4108-B0B1-900648293B8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81564443-6CFA-4895-A200-E0D3ED7FBE3F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{83BC2D97-3FA0-455E-9FE9-47EEDAE057D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{98C15F93-E917-49C4-B9C1-60ACF8766984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A80AF1C8-35C5-4FF2-A02B-5D6E5B437B79}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC889484-2004-4985-BE3E-1D1B11E3688B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBB794F8-B24F-40FE-9601-685FF0710490}" = lport=138 | protocol=17 | dir=in | app=system |
"{BBBBF3CF-3384-4262-8FB1-CD3FAC891F07}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C4E3E818-1ECE-4F7B-86A4-D77EB2CC8001}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5871661-E849-43CC-8AA9-586A8D246E58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9D5030D-45AC-45DA-9FE8-23D24D1DFC34}" = lport=445 | protocol=6 | dir=in | app=system |
"{E60F3A44-54B9-439F-8171-AB68ECBE5433}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECFDF479-410E-4487-AA42-99F5F1AD44D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3DEBBC8-F97F-4C40-9BC0-4DBB4F04FA40}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F463D4F1-FA79-4B71-B2DB-49345F82D398}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4B54D4F-6105-4AB6-81EE-B543D20AC717}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{F5ECD6FA-9596-43DA-BE16-B5A0229EC645}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C088A3-EA8D-4710-94A2-0893866173B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0ED7DB92-4380-483D-A8E9-54DE398EF62D}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{108B16DA-A532-4A75-B8B1-68B9D91F4D0E}" = dir=in | app=c:\users\kaywanda\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1334A917-AC55-4866-B8B8-BC3BFDE6627F}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{1468E6C0-51DD-4BEE-9690-9F3F1F6BD177}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{14D6499E-031F-4CEE-9E99-63094EE799AE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1DC62BDF-BFEA-47BF-918F-2FEB46A916B4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{22A05C9B-413F-43AD-99FB-9CC6EE11FB1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E546C32-A402-409A-BDD3-C2594920B8BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39CED366-3457-442B-ACE0-5869980AA502}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4386C276-BAEE-4E8E-9F02-80BA58E9965A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45709A20-7EC0-4447-85E4-3BF4E0EEEF7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4906DFD8-EB43-40E1-AE79-DA44D3C78299}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{71EE875E-4FB9-4B7A-8D1F-97F2F8A13E96}" = protocol=6 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe |
"{8033AA9D-5CD1-4E28-8A09-D2B95B2C469E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80D75488-7FA2-4E1D-820C-A7509B388AFD}" = protocol=58 | dir=out | [email protected],-28546 |
"{8CAB6DC2-8FD8-4852-99CA-3671C5F04189}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8F1B4F64-BAD4-400F-A8CE-7BF5FC1E2B72}" = protocol=6 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe |
"{AFACED33-17DD-4086-8655-3329D265A45D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8893B1B-13C2-43BD-AAC7-C10FBB995ACE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAD621C2-80BD-4EEB-A371-54E87C8B72DE}" = protocol=17 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe |
"{C104AB10-81BE-4B53-B8B8-3E6BC97E089D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C49F2394-2706-4378-8CBA-F891B1E9F433}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C51A6911-F525-450B-9B62-BB454D165177}" = protocol=17 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe |
"{C964EDE4-7806-4980-85BE-06E64F2530A1}" = protocol=6 | dir=out | app=system |
"{CA8A4A4E-5E3F-4DD3-8EE1-BD5DEB03EDE0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CC4B54BE-74B0-49C2-A601-27E1E557606F}" = protocol=1 | dir=in | [email protected],-28543 |
"{D37C4B0E-91C0-4B14-A928-0ACD983BADA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D56CB25B-4A1C-4B18-969A-10CAB1C9B833}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D78B4006-94E6-4A02-ACA5-4484B6CBF594}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DADE6687-B90A-452B-9E7B-8494848FDF38}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DD8D4E81-663F-47F7-A2DD-69DDA96C12BE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DF2B8DF2-F77E-441E-8704-3A7216AF8241}" = protocol=58 | dir=in | [email protected],-28545 |
"{E39F4A74-F6FA-4FDE-B9D2-D90E2258D2D1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E7162F0D-758D-4A84-B91B-D956362B2822}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8FF464E-41FB-422A-BEA5-2D4501252FB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F43B03DB-8169-45FE-A0AC-584AB2243882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7724813-9CBA-431F-A03C-B942CD06D16B}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{FABCA444-CB56-4ED2-8079-8229A5D3BB73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD467BF8-2164-4F5F-ACAF-155FFD7E6789}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD86518A-3368-4D5B-A0D1-D72EBD260562}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{559514C2-5114-4020-8398-85D8E39843F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5D732584-6FD3-4923-AEE7-984155500C99}C:\users\kaywanda\desktop\sn0wbreezedl-master\tinyumbrella-6.14.00.exe" = protocol=6 | dir=in | app=c:\users\kaywanda\desktop\sn0wbreezedl-master\tinyumbrella-6.14.00.exe |
"UDP Query User{4596D679-1CE8-4676-84B0-472CCEFC37C9}C:\users\kaywanda\desktop\sn0wbreezedl-master\tinyumbrella-6.14.00.exe" = protocol=17 | dir=in | app=c:\users\kaywanda\desktop\sn0wbreezedl-master\tinyumbrella-6.14.00.exe |
"UDP Query User{E4DAF6B5-4D33-4578-956B-910307CE3BAD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212BA4B5-4ED0-CCFD-9675-9D3DE3D049B4}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DFDEAD-1084-0F3F-E068-9135FC876027}" = Catalyst Control Center InstallProxy
"{2B9B5777-D6CF-57B4-6228-FE5EE8C63ED0}" = ccc-utility
"{2FCA5F46-55AA-B96E-87FA-47F5811E33AD}" = CCC Help Dutch
"{30026C82-13BA-D7FF-E155-3D2B0C192A28}" = CCC Help Chinese Standard
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32022218-B297-B983-025B-A03A1C2B202C}" = CCC Help Finnish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Install Absolute Data Protect
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6617E770-55EE-587D-06FA-B49A8A6F2EF4}" = CCC Help Korean
"{679E3E0C-E913-CA59-6664-A54BE85193E2}" = CCC Help Spanish
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A408B2-80E0-9191-6FDF-6F8318E94B71}" = CCC Help Portuguese
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76A32E41-F8B9-50B3-5CEE-DD42115DF9A2}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}" = ccc-core-static
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{813CFC98-FE1C-7249-49C8-017A227F8574}" = CCC Help Danish
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8218F4EC-35C0-2CEB-1ABC-24E114270157}" = CCC Help Italian
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C1DE40-C1D3-9F4B-C5E1-12A3835FE1F0}" = CCC Help Polish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FDE7841-D6E0-26FE-B923-D2F3533C7C9C}" = CCC Help Swedish
"{90150000-007E-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{91C6CFF0-F3A1-CB93-9072-446C8B8774C1}" = CCC Help Japanese
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94358C28-335B-4E43-BC4E-C59576BAB653}" = ASPCA Reminder by We-Care.com v4.0.16.1
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98ADCC35-E388-B4D7-1353-6964CEF74CF1}" = CCC Help French
"{98EE2259-4D34-6709-1447-6759E0C7C4E8}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A38939B8-4DE7-896D-01FA-C183EA33BBDA}" = CCC Help Russian
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AC904169-4386-A9F9-AC00-67D5C42133BF}" = ATI Catalyst Install Manager
"{ACBF0550-A317-4C22-AC93-0DDB73087412}" = VitalSource Bookshelf
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B60119FB-0A43-69BC-1D2C-EE3A91A85300}" = CCC Help Hungarian
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B94F6A6A-56CB-465E-885E-CB099331E456}" = Convergys Health Checker
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE1738EB-A0EA-0A4F-F9A8-A8731F1B88CC}" = Catalyst Control Center Graphics Previews Common
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAAB5F83-B7D1-6AD9-1D86-D37C3E1277C5}" = CCC Help Thai
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D7AE3689-D40E-DAFE-385D-2B45308E59B6}" = CCC Help English
"{DD3E3DAA-B005-54D2-CF94-0C919F55CFCE}" = CCC Help Norwegian
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E11A86A7-B346-5FA0-A84B-8805B87580B4}" = CCC Help Turkish
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8ED6EE9-B477-CD27-048A-6291A719A8A1}" = CCC Help German
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB3EB614-9284-5C13-6BDB-C8915F180881}" = CCC Help Czech
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"avast" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Elantech" = ETDWare PS/2-x86 7.0.6.5_WHQL
"FrostWire 5" = FrostWire 5.3.4
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3664361437-1486554591-4173619770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"176B617376BCB7476A46D45F0C90807519F9A753" = Monster Resume Easy Submit
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/27/2013 9:59:11 PM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3
Error - 7/27/2013 10:01:00 PM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16808,
time stamp: 0x4dc0cc22 Faulting module name: TQUERY.DLL, version: 7.0.7600.16808,
time stamp: 0x4dc0db11 Exception code: 0xc0000006 Fault offset: 0x0002ebfd Faulting
process id: 0x214 Faulting application start time: 0x01ce8b3615daea37 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: 8c986e40-f729-11e2-a2f1-1c7508ed752f
Error - 7/27/2013 10:01:00 PM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3
Error - 7/29/2013 1:28:54 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: integratedoffice.exe, version: 15.0.4517.1004,
time stamp: 0x51b13fe5 Faulting module name: integratedoffice.exe, version: 15.0.4517.1004,
time stamp: 0x51b13fe5 Exception code: 0xc0000006 Fault offset: 0x0009e55a Faulting
process id: 0x708 Faulting application start time: 0x01ce8b29776c2ca2 Faulting application
path: C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe Faulting
module path: C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
Report
Id: c22216b2-f80f-11e2-a2f1-1c7508ed752f
Error - 7/29/2013 1:29:00 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Office Click-to-Run
because of this error. Program: Microsoft Office Click-to-Run File: C:\Program Files\Microsoft
Office 15\ClientX86\integratedoffice.exe The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000185 Disk type: 3
Error - 7/29/2013 1:29:00 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb23 Exception code: 0xc0000006 Fault offset: 0x00014e0c Faulting
process id: 0x378 Faulting application start time: 0x01ce8b296dae45e8 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: c554f010-f80f-11e2-a2f1-1c7508ed752f
Error - 7/29/2013 1:29:00 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgCx_SC1.db for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgCx_SC1.db
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3
Error - 7/29/2013 1:36:02 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16808,
time stamp: 0x4dc0cc22 Faulting module name: TQUERY.DLL, version: 7.0.7600.16808,
time stamp: 0x4dc0db11 Exception code: 0xc0000006 Fault offset: 0x000123e9 Faulting
process id: 0xcf0 Faulting application start time: 0x01ce8c1d680d4fe9 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: c0b0f15e-f810-11e2-a02b-1c7508ed752f
Error - 7/29/2013 1:36:02 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3
Error - 7/29/2013 1:36:39 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16808,
time stamp: 0x4dc0cc22 Faulting module name: TQUERY.DLL, version: 7.0.7600.16808,
time stamp: 0x4dc0db11 Exception code: 0xc0000006 Fault offset: 0x000123e9 Faulting
process id: 0x3d8 Faulting application start time: 0x01ce8c1d87894342 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: d6e7a8c8-f810-11e2-a02b-1c7508ed752f
Error - 7/29/2013 1:36:39 AM | Computer Name = Kaywanda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3
[ Media Center Events ]
Error - 3/16/2012 9:43:01 AM | Computer Name = Kaywanda-PC | Source = MCUpdate | ID = 0
Description = 9:43:00 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)
Error - 3/16/2012 9:43:01 AM | Computer Name = Kaywanda-PC | Source = MCUpdate | ID = 0
Description = 9:43:01 AM - Failed to retrieve NetTV (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)
Error - 3/16/2012 9:43:01 AM | Computer Name = Kaywanda-PC | Source = MCUpdate | ID = 0
Description = 9:43:01 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)
Error - 3/16/2012 9:43:01 AM | Computer Name = Kaywanda-PC | Source = MCUpdate | ID = 0
Description = 9:43:01 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)
Error - 3/16/2012 9:43:01 AM | Computer Name = Kaywanda-PC | Source = MCUpdate | ID = 0
Description = 9:43:01 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)
Error - 3/16/2012 9:43:09 AM | Computer Name = Kaywanda-PC | Source = MCUpdate | ID = 0
Description = 9:43:01 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)
[ System Events ]
Error - 8/3/2013 11:53:18 AM | Computer Name = Kaywanda-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 8/3/2013 11:54:29 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:54:29 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:54:29 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:54:29 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:55:56 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:55:56 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:55:56 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:55:56 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 8/3/2013 11:55:56 AM | Computer Name = Kaywanda-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
< End of report >
________________________________________________________
I even have a combo fix log.
_________________________________________________________
ComboFix 13-08-02.01 - Kaywanda 08/03/2013 10:45:29.1.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1787.1243 [GMT -4:00]
Running from: c:\users\Kaywanda\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Kaywanda\AppData\Local\assembly\tmp
c:\users\Kaywanda\AppData\Local\TopArcadeHits
c:\users\Kaywanda\AppData\Local\TopArcadeHits\tah.config
c:\users\Kaywanda\AppData\Local\TopArcadeHits\uninstaller.exe
c:\users\Kaywanda\AppData\Local\TopArcadeHits\updater.exe
c:\users\Kaywanda\AppData\Roaming\__0004e5ac.lnk
c:\users\Kaywanda\AppData\Roaming\local
c:\users\Kaywanda\AppData\Roaming\Macromedia\coinutil.dll
c:\users\Kaywanda\AppData\Roaming\Macromedia\miner.dll
c:\users\Kaywanda\AppData\Roaming\Macromedia\openssl.dll
c:\users\Kaywanda\AppData\Roaming\Macromedia\phatk.cl
c:\users\Kaywanda\AppData\Roaming\Macromedia\phatk.ptx
c:\users\Kaywanda\AppData\Roaming\Macromedia\shell.exe
c:\users\Kaywanda\AppData\Roaming\Macromedia\usft_ext.dll
c:\users\Kaywanda\AppData\Roaming\Macromedia\usft_ext.exe.vbs
c:\users\Kaywanda\AppData\Roaming\WindowsLogon
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\coinutil.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\kill.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe_part1
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macro\macromedia.exe_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\macromedia.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part1
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part10
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part11
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part12
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part13
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part14
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part15
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part16
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part17
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part18
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part19
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part20
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part21
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part22
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part23
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part24
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part25
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part26
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part27
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part28
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part29
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part30
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part31
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part32
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part33
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part34
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part35
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part7
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part8
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\min\miner.dll_part9
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\miner.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\openssl.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\phatk.cl
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\phatk.ptx
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe_part1
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shel\shell.exe_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\shell.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\usft_ext.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogon\usft_ext.exe.vbs
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\coinutil.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\killer.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macro\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macro\macromedia.exe_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macro\macromedia.exe_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macro\macromedia.exe_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macro\macromedia.exe_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macro\macromedia.exe_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\macromedia.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part10
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part11
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part12
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part13
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part14
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part15
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part16
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part17
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part18
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part19
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part20
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part21
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part22
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part23
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part24
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part25
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part26
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part27
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part28
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part29
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part30
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part31
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part32
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part33
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part34
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part35
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part7
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part8
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\min\miner.dll_part9
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\miner.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\openssl.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\phatk.cl
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\phatk.ptx
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\puts.vbs
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shel\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shel\shell.exe_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shel\shell.exe_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shel\shell.exe_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shel\shell.exe_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shel\shell.exe_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\shell.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\usft_ext.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSS\usft_ext.exe.vbs
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\coinutil.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\killer.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macro\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macro\macromedia.exe_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macro\macromedia.exe_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macro\macromedia.exe_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macro\macromedia.exe_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macro\macromedia.exe_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\macromedia.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part10
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part11
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part12
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part13
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part14
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part15
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part16
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part17
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part18
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part19
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part20
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part21
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part22
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part23
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part24
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part25
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part26
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part27
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part28
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part29
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part30
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part31
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part32
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part33
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part34
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part35
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part7
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part8
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\min\miner.dll_part9
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\miner.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\openssl.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\phatk.cl
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\phatk.ptx
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\puts.vbs
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shel\compile.bat
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shel\shell.exe_part2
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shel\shell.exe_part3
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shel\shell.exe_part4
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shel\shell.exe_part5
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shel\shell.exe_part6
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\shell.exe
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\usft_ext.dll
c:\users\Kaywanda\AppData\Roaming\WindowsLogonSSS\usft_ext.exe.vbs
c:\users\Kaywanda\Documents\~WRL0003.tmp
c:\users\Public\videos\vlcmediaplayer-setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
2013-08-03 14:55 . 2013-08-03 14:55 -------- d-----w- c:\users\Kaywanda\AppData\Local\temp
2013-08-03 14:55 . 2013-08-03 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-03 14:41 . 2013-08-03 14:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-03 14:03 . 2013-08-03 14:03 -------- d-----w- c:\users\Kaywanda\AppData\Roaming\SUPERAntiSpyware.com
2013-08-03 14:03 . 2013-08-03 14:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-03 04:19 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-03 04:19 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-03 04:19 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-03 04:19 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-03 04:19 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-03 04:19 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-03 04:19 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-03 04:19 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-03 04:19 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-03 04:18 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-07-25 04:34 . 2013-07-25 04:34 -------- d-----w- c:\programdata\Applications
2013-07-17 23:03 . 2013-07-30 13:36 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-17 23:02 . 2013-07-17 23:02 -------- d--h--w- c:\programdata\Common Files
2013-07-17 21:58 . 2013-07-17 21:53 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-17 21:53 . 2013-07-20 16:21 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-07-17 21:46 . 2013-07-17 21:46 -------- d-----w- c:\program files\Microsoft Office 15
2013-07-11 00:16 . 2013-07-17 23:16 -------- d-----w- c:\users\Kaywanda\AppData\Local\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 20:02 . 2013-06-14 20:02 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-13 09:50 . 2013-06-13 09:50 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-06-13 09:50 . 2013-06-13 09:50 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-06-09 13:07 . 2013-06-09 13:07 32 ----a-w- c:\users\Kaywanda\AppData\Roaming\data.bin
2013-06-06 17:56 . 2013-06-06 17:56 0 ----a-w- c:\windows\system32\sho1748.tmp
2013-05-22 04:57 . 2013-05-22 04:57 0 ----a-w- c:\windows\system32\sho61F2.tmp
2013-05-20 16:15 . 2013-05-20 16:15 0 ----a-w- c:\windows\system32\shoA13F.tmp
2013-05-18 03:21 . 2013-05-18 03:21 0 ----a-w- c:\windows\system32\sho4462.tmp
2013-05-14 05:49 . 2013-06-14 18:12 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A64427-DCCE-4760-AADA-2961CF1C27BD}\mpengine.dll
2013-05-18 00:12 . 2011-11-24 15:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^Kaywanda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk]
path=c:\users\Kaywanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
backup=c:\windows\pss\Skype.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 21:28 715296 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2010-06-28 22:22 265984 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2010-04-13 07:32 548744 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 18:59 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-08-10 09:06 975952 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
2010-06-01 22:32 966488 ----a-w- c:\program files\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-09-21 08:33 9718376 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-11-15 21:05 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-10-28 18:06 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-03-03 685816]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [2013-05-31 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0600010.002\ccSetx86.sys [2011-11-04 132744]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130710.001\IDSvix86.sys [2013-07-10 386720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0600010.002\Ironx86.SYS [2011-11-17 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0600010.002\SYMNETS.SYS [2011-11-17 318584]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 LMIRescue_8c228621-3a3a-4408-81e2-965040e3ebe5;LogMeIn Rescue (8c228621-3a3a-4408-81e2-965040e3ebe5);c:\users\Kaywanda\AppData\Local\LOGMEI~1\LMIR0002.tmp\LMI_Rescue_srv.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe [2011-11-30 138248]
R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-06-10 1316024]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-07-11 106656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-10 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 176128]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R4 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0600010.002\SYMDS.SYS [2011-08-16 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0600010.002\SYMEFA.SYS [2011-11-24 905336]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-07-30 37664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-05-15 325672]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 30464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-03 08:58]
.
2013-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001Core.job
- c:\users\Kaywanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-25 01:39]
.
2013-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001UA.job
- c:\users\Kaywanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-25 01:39]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001Core.job
- c:\users\Kaywanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 15:41]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664361437-1486554591-4173619770-1001UA.job
- c:\users\Kaywanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 15:41]
.
2013-08-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 256d1698-dddd-4537-8216-77c8be4af61d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-08-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 27a2f9f4-23d1-411d-b9d4-641ea796066e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-11 c:\windows\Tasks\{F25E3CE5-5FC6-4923-95C5-91B26212FBAB}.job
- c:\users\kaywanda\appdata\local\google\chrome\application\chrome.exe [2011-11-24 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: argosy.edu\mycampus
TCP: DhcpNameServer = 192.168.0.1 63.162.197.99
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Kaywanda\AppData\Roaming\Mozilla\Firefox\Profiles\d0tthmx4.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-07-17 19:03; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Advanced System Protector_startup - c:\program files\Advanced System Protector\AdvancedSystemProtector.exe
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files\Advanced System Protector\unins000.exe
AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Kaywanda\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.0.1.2\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3664361437-1486554591-4173619770-1001_Classes\CLSID\{D7788E54-DFE8-9D4A-8AA2-FB1D51474E3B}]
@Denied: (A 4) (Everyone)
.
[HKEY_USERS\S-1-5-21-3664361437-1486554591-4173619770-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BJRWZMZIS.EXE]
@Denied: (A B 2 3) (Everyone)
"DisableExceptionChainValidation"=""
.
[HKEY_USERS\S-1-5-21-3664361437-1486554591-4173619770-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xsljqlodf.exe]
@Denied: (A B 2 3) (Everyone)
"DisableExceptionChainValidation"=""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-03 11:01:00
ComboFix-quarantined-files.txt 2013-08-03 15:01
.
Pre-Run: 102,892,097,536 bytes free
Post-Run: 103,093,084,160 bytes free
.
- - End Of File - - B6E4B59222105DF30F0E2D40E17FF1D2
A36C5E4F47E84449FF07ED3517B43A31