Please help, my child said " downloaded app for remote control of the pc from I phone 5. Since then pc flashes a blue screen and reboots. Also the infection prevents me from running aswMBR. I scaned with spybot 1.6 and it found some kind of trojan file but was unable to remove it. Thanks


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by ALEXIS at 2:33:30 on 2013-04-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.502 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uWindow Title = Internet explorer 10
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome&d=y
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TBSB05810 Class: {A7AF277D-1466-4A7B-93AF-B043984A5671} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Glarysoft Toolbar: {32D47EA5-9473-4CAD-805D-9999F15D5AE2} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll
uRun: [CrazyRemote] C:\Program Files (x86)\CrazyRemote\CrazyRemote.exe
uRun: [CrazyRemoteCommand] C:\Program Files (x86)\CrazyRemote\CrazyRemoteCommand.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\ALEXIS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\05F4C495A4739313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\07F6C697A6739313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\07F6C697A67393F5568747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\84F445D24555E414 : DHCPNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\84F445D24555E414F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{EC3332F1-66CF-436A-A22A-6B9189C30622} : DHCPNameServer = 192.168.1.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-15 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-15 28800]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403000.024\SymDS64.sys [2013-3-20 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403000.024\SymEFA64.sys [2013-3-20 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403000.024\ccSetx64.sys [2013-3-20 168096]
R1 ccSet_NOF;Norton Online Settings Manager;C:\Windows\System32\drivers\NOFx64\0203000.007\ccsetx64.sys [2012-2-9 167048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130330.001\IDSviA64.sys [2013-4-1 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403000.024\Ironx64.sys [2013-3-20 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys [2013-3-20 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-10 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2013-3-20 144520]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-1 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-1 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-18 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-20 138912]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-18 329832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-18 349800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-18 38528]
S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2013-3-10 168096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2011-10-31 36256]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-10-31 15360]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-10-31 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-28 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;C:\Windows\System32\drivers\NSMx64\0203000.011\symrdrs.sys [2012-2-9 218232]
S3 tapklink;Klink Virtual Network Adapter;C:\Windows\System32\drivers\tapklink.sys [2011-10-23 31232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-28 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-02 01:47:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-02 01:47:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-21 14:29:14 0 ----a-w- C:\Windows\SysWow64\sho4682.tmp
2013-03-21 04:18:17 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys
2013-03-21 04:18:17 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-21 02:19:15 796248 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\srtsp64.sys
2013-03-21 02:19:15 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\SymDS64.sys
2013-03-21 02:19:15 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys
2013-03-21 02:19:15 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\srtspx64.sys
2013-03-21 02:19:15 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\SymELAM.sys
2013-03-21 02:19:15 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\Ironx64.sys
2013-03-21 02:19:15 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\ccSetx64.sys
2013-03-21 02:19:15 1139800 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\SymEFA64.sys
2013-03-21 02:19:03 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403000.024
2013-03-21 02:19:03 -------- d-----w- C:\Windows\System32\drivers\NISx64
2013-03-21 02:19:01 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-03-20 22:24:55 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\offreg.dll
2013-03-20 18:25:57 -------- d-----w- C:\Users\ALEXIS\AppData\Local\Avg2013
2013-03-20 18:25:23 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\mpengine.dll
2013-03-20 08:06:07 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-03-20 03:30:39 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
2013-03-20 02:35:04 -------- d--h--w- C:\ProgramData\Common Files
2013-03-20 02:35:00 -------- d-----w- C:\Users\ALEXIS\AppData\Local\MFAData
2013-03-20 02:35:00 -------- d-----w- C:\ProgramData\MFAData
2013-03-20 02:16:52 -------- d-----w- C:\Users\ALEXIS\AppData\Local\Google
2013-03-20 02:08:53 -------- d-----w- C:\Program Files (x86)\Glarysoft Toolbar
2013-03-19 19:20:00 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-03-19 19:14:41 -------- d-----w- C:\ProgramData\CPA_VA
2013-03-19 17:00:57 20480 ----a-w- C:\Windows\svchost.exe
2013-03-19 16:17:44 -------- d-----w- C:\ProgramData\Comodo
2013-03-19 16:17:28 -------- d-----w- C:\Program Files (x86)\Comodo
2013-03-19 16:17:22 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-03-19 15:59:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-19 15:59:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-03-19 14:55:21 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS
2013-03-19 04:56:05 -------- d-----w- C:\Program Files\Symantec
2013-03-19 03:07:56 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-03-18 19:50:29 -------- d-----w- C:\Users\ALEXIS\AppData\Local\CyberLink
2013-03-18 19:31:24 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\Blio
2013-03-18 17:46:47 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2013-03-18 17:13:39 -------- d-----w- C:\Windows\SysWow64\BestPractices
2013-03-18 17:13:38 -------- d-----w- C:\Windows\System32\BestPractices
2013-03-18 17:13:35 -------- d-----w- C:\inetpub
2013-03-18 16:54:47 -------- d-----w- C:\ProgramData\Symantec
2013-03-18 03:28:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-03-18 03:28:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-03-18 03:11:36 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\Malwarebytes
2013-03-18 03:11:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-18 03:11:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-10 08:14:53 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys
2013-03-10 08:14:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD03000.01A
2013-03-10 08:14:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2013-03-10 08:14:18 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2013-03-10 05:00:31 -------- d-----w- C:\Program Files (x86)\MSECache
2013-03-10 04:50:24 -------- d-----w- C:\Windows\CheckSur
2013-03-10 03:15:39 -------- d-----w- C:\Users\ALEXIS\AppData\Local\Symantec
2013-03-10 02:47:24 -------- d-----w- C:\Users\ALEXIS\AppData\Local\NPE
2013-03-10 02:39:06 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\Tific
2013-03-08 03:35:46 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2013-03-21 02:20:01 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-03-19 02:55:16 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 02:55:16 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-30 10:53:22 273840 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 2:36:43.40 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR


Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.10.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ALEXIS :: ALEXIS-HP [administrator]

Protection: Enabled

4/10/2013 8:27:56 PM
mbam-log-2013-04-10 (20-27-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264911
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4396 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
:thanks:

Good Morning,

svchost.exe <-- This is a legit windows file BUT, its home is in the system32 folder, this file was in the windows folder and is a virus, Malwarebytes removed it but it has a way of returning, so lets run another program and see what turns up



Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Hello, Thanks for taking the time to help me. I am unable to disable Norton as the Combfix states. I did right click on the system tray and disable the Norton Smart firewall & Anitvirus Auto-Protect. If I go to Norton in the system tray it now shows Enable Smart Firewall & Enable Antivirus Auto-Protect. I did not run the scan. ???

Thats fine, as long as you just disabled them temporarily


So go ahead and run Combofix

Hello, I ran scan and it got about 2 min. in and the blue screen popped up then pc crashed and rebooted.
Thanks

ComboFix 13-04-12.02 - ALEXIS 04/12/2013 21:40:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1098 [GMT -4:00]
Running from: c:\users\ALEXIS\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 )))))))))))))))))))))))))))))))
.
.
2013-04-13 01:56 . 2013-04-13 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-13 01:56 . 2013-04-13 01:56 -------- d-----w- c:\users\Alexis_2\AppData\Local\temp
2013-04-13 01:56 . 2013-04-13 01:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-11 00:35 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 00:24 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 00:21 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 06:20 . 2013-04-02 06:20 -------- d-----w- c:\program files (x86)\ERUNT
2013-04-02 01:47 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-04-02 01:47 . 2013-04-02 01:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-21 14:29 . 2013-03-21 14:29 0 ----a-w- c:\windows\SysWow64\sho4682.tmp
2013-03-21 04:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-21 04:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 02:19 . 2013-03-21 02:19 -------- d-----w- c:\windows\system32\drivers\NISx64
2013-03-21 02:19 . 2013-03-21 02:19 -------- d-----w- c:\program files (x86)\Norton Internet Security
2013-03-20 22:24 . 2013-03-20 22:24 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\offreg.dll
2013-03-20 18:25 . 2013-03-20 18:29 -------- d-----w- c:\users\ALEXIS\AppData\Local\Avg2013
2013-03-20 18:25 . 2013-02-19 08:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\mpengine.dll
2013-03-20 08:06 . 2013-03-20 08:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-20 03:30 . 2013-03-20 03:30 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\TuneUp Software
2013-03-20 02:35 . 2013-03-20 02:35 -------- d--h--w- c:\programdata\Common Files
2013-03-20 02:35 . 2013-03-20 18:29 -------- d-----w- c:\programdata\MFAData
2013-03-20 02:35 . 2013-03-20 02:35 -------- d-----w- c:\users\ALEXIS\AppData\Local\MFAData
2013-03-20 02:16 . 2013-03-20 02:16 -------- d-----w- c:\users\ALEXIS\AppData\Local\Google
2013-03-20 02:16 . 2013-03-21 02:17 -------- d-----w- c:\program files (x86)\Google
2013-03-20 02:08 . 2013-03-20 23:24 -------- d-----w- c:\program files (x86)\Glarysoft Toolbar
2013-03-19 19:20 . 2013-03-19 19:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-03-19 19:14 . 2013-03-19 19:20 -------- d-----w- c:\programdata\CPA_VA
2013-03-19 16:17 . 2013-03-20 19:14 -------- d-----w- c:\programdata\Comodo
2013-03-19 16:17 . 2013-03-20 01:54 -------- d-----w- c:\program files (x86)\Comodo
2013-03-19 16:17 . 2013-03-19 16:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-03-19 15:59 . 2013-04-02 04:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-19 15:59 . 2013-04-02 01:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-03-19 14:55 . 2013-03-19 14:55 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-03-19 04:56 . 2013-03-21 02:20 -------- d-----w- c:\program files\Symantec
2013-03-19 03:07 . 2013-04-02 04:21 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-03-18 19:50 . 2013-03-18 19:50 -------- d-----w- c:\users\ALEXIS\AppData\Local\CyberLink
2013-03-18 19:31 . 2013-03-18 19:31 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\Blio
2013-03-18 17:46 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-03-18 17:15 . 2013-03-19 01:46 131072 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-18 17:13 . 2013-03-18 17:13 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-03-18 17:13 . 2013-03-18 17:13 -------- d-----w- c:\windows\system32\BestPractices
2013-03-18 17:13 . 2013-03-18 17:13 -------- d-----w- C:\inetpub
2013-03-18 16:54 . 2013-03-18 16:54 -------- d-----w- c:\programdata\Symantec
2013-03-18 03:28 . 2013-03-20 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-18 03:28 . 2013-03-18 03:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-03-18 03:11 . 2013-03-18 03:11 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\Malwarebytes
2013-03-18 03:11 . 2013-03-18 03:11 -------- d-----w- c:\programdata\Malwarebytes
2013-03-18 03:11 . 2013-04-11 00:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-16 19:30 . 2013-04-02 05:51 -------- d-----w- c:\users\Public\CyberLink
2013-03-16 19:30 . 2013-03-16 19:30 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\CyberLink
2013-03-15 17:18 . 2013-03-20 08:03 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 02:44 . 2012-03-20 00:43 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-21 02:20 . 2011-10-31 16:30 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-19 02:55 . 2012-04-01 21:24 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 02:55 . 2012-04-01 21:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-19 16:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-19 16:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-19 16:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-19 16:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-19 16:30 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-19 16:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2011-10-31 18:21 273840 ----a-w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 05:25 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 05:25 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 05:25 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 05:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 05:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 05:25 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 05:25 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 05:25 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 05:25 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 05:25 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 05:25 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 05:25 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 05:25 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 05:25 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 05:25 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 05:25 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 05:25 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 05:25 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 05:25 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 05:25 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 05:25 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 05:25 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 05:25 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 05:25 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 05:25 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 05:25 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 05:25 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 05:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 05:25 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 05:25 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 05:25 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 05:25 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 05:25 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 05:25 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 05:25 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 05:25 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 05:25 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 05:25 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 05:25 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 05:25 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe" [2013-03-19 706776]
.
c:\users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [x]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2012-11-16 168096]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-14 36256]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [2011-11-17 218232]
R3 tapklink;Klink Virtual Network Adapter;c:\windows\system32\DRIVERS\tapklink.sys [2011-10-23 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-04 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130411.001\IDSvia64.sys [2013-03-20 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-09 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:55]
.
2013-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002Core.job
- c:\users\Alexis_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 17:49]
.
2013-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
- c:\users\Alexis_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 17:49]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 02:16]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 02:16]
.
2013-03-20 c:\windows\Tasks\HPCeeScheduleForALEXIS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-04-02 c:\windows\Tasks\HPCeeScheduleForALEXIS.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A7AF277D-1466-4A7B-93AF-B043984A5671} - c:\program files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll
Toolbar-{32D47EA5-9473-4CAD-805D-9999F15D5AE2} - c:\program files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-CrazyRemote - c:\program files (x86)\CrazyRemote\CrazyRemote.exe
Wow6432Node-HKCU-Run-CrazyRemoteCommand - c:\program files (x86)\CrazyRemote\CrazyRemoteCommand.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{B8E07826-0971-4F16-B133-047B88034E89}"=hex:51,66,7a,6c,4c,1d,38,12,48,7b,f3,
bc,43,47,78,0a,ce,25,47,3b,8d,5d,0a,9d
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E11DB59D-5008-42FF-9069-535843BC0BE1}"=hex:51,66,7a,6c,4c,1d,38,12,f3,b6,0e,
e5,3a,1e,91,07,ef,7f,10,18,46,e2,4f,f5
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:94,bf,45,1f,3e,16,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,96,85,16,c7,8d,bb,42,81,36,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,96,85,16,c7,8d,bb,42,81,36,f3,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-12 22:13:51
ComboFix-quarantined-files.txt 2013-04-13 02:13
.
Pre-Run: 241,587,027,968 bytes free
Post-Run: 242,476,957,696 bytes free
.
- - End Of File - - C41D084AD39BBB924124E6506E49507F

Good Morning,

Looks like CF didn't find anything bad, lets take a deeper look


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

THANKS AGIAN,

OTL logfile created on: 4/13/2013 10:45:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 7.92% Memory free
5.49 Gb Paging File | 2.64 Gb Available in Paging File | 48.02% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.05 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\eng64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S00829^us&si=COP6wqWjxq8CFQhN4AodIBwAaw&ptb=37F905BE-4526-443B-AFCB-2222DF604173&psa=&ind=2012042112&st=sb&n=77ed5380&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/20 22:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/13 22:24:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/03/19 15:10:28 | 000,446,020 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 22:21:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/20 22:19:15 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013/03/20 22:19:15 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013/03/20 22:19:15 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013/03/20 22:19:15 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013/03/20 22:19:15 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013/03/20 22:19:15 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013/03/20 22:19:15 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013/03/20 22:19:15 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403000.024
[2013/03/20 22:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/03/20 22:19:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/03/20 14:25:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Avg2013
[2013/03/20 04:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 04:06:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/19 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2013/03/19 22:35:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\MFAData
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/19 22:16:52 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Google
[2013/03/19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/19 22:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft Toolbar
[2013/03/19 15:20:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/19 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/03/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/03/19 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/03/19 12:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/03/19 12:17:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/03/19 10:55:21 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 00:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/18 23:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/03/18 15:50:29 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\CyberLink
[2013/03/18 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Documents\Blio
[2013/03/18 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/18 13:46:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/03/18 13:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/03/18 13:13:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/03/18 13:13:35 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/03/18 12:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/17 23:11:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Malwarebytes
[2013/03/17 23:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/17 23:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/16 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\CyberLink
[2013/03/15 13:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/13 22:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/13 22:53:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/13 22:28:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 22:28:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 22:20:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 22:20:34 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 22:20:31 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 22:16:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/12 21:14:26 | 001,820,129 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/02 01:13:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/25 21:18:19 | 000,001,290 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton Installation Files.lnk
[2013/03/21 09:35:08 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/21 09:35:08 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/21 09:35:08 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/20 22:20:01 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/20 22:20:01 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/20 22:20:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/20 22:19:47 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 15:11:49 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/20 13:55:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002Core.job
[2013/03/20 12:28:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS-HP$.job
[2013/03/19 15:10:28 | 000,446,020 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/19 12:54:05 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/19 12:17:44 | 000,001,069 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 12:17:22 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 10:55:21 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 01:08:16 | 002,033,827 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:55:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/18 22:55:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/18 22:38:39 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:35:02 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:48:30 | 667,746,304 | ---- | M] () -- C:\NBRT.iso
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/20 22:50:34 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013/03/20 22:20:23 | 001,820,129 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/03/20 22:19:47 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 22:19:04 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013/03/20 22:19:04 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013/03/20 22:19:04 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013/03/20 22:19:04 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013/03/20 22:19:04 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013/03/20 22:19:04 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013/03/20 22:19:04 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013/03/20 22:19:04 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013/03/20 22:19:03 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013/03/20 22:19:03 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013/03/20 22:19:03 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013/03/20 22:19:03 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013/03/20 22:19:03 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013/03/20 22:19:03 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013/03/20 22:19:03 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013/03/20 22:19:03 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013/03/20 22:19:03 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013/03/20 22:19:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013/03/20 19:34:00 | 592,407,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/20 05:42:34 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 22:17:21 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 22:17:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/19 12:21:53 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/19 12:17:44 | 000,001,069 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 01:07:50 | 002,033,827 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:38:33 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:34:58 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:47:38 | 667,746,304 | ---- | C] () -- C:\NBRT.iso
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ID Vault
[2011/12/11 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Leadertech
[2011/11/08 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ooVoo Details
[2011/10/31 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\PictureMover
[2011/10/31 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Synaptics
[2013/03/09 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Tific
[2012/10/11 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TP
[2013/03/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2012/11/26 20:07:05 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Audacity
[2011/10/31 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ID Vault
[2011/11/09 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ooVoo Details
[2011/10/31 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\PictureMover
[2012/10/18 03:50:48 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\SoftGrid Client
[2011/10/31 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Synaptics
[2012/09/29 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Unified Remote
[2011/11/20 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\WildTangent
[2011/10/31 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ID Vault
[2011/10/31 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics

========== Purity Check ==========



< End of report >

Here is the other log.

OTL Extras logfile created on: 4/13/2013 10:45:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 7.92% Memory free
5.49 Gb Paging File | 2.64 Gb Available in Paging File | 48.02% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.05 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BF1EA0-0FE6-414C-91C2-6B722950DFD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0E0DFF44-6C95-4B26-BECB-9C8CDA312741}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0E41D32C-E821-45E4-812B-7DC733AB1183}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EC747D3-20E9-43DE-9170-945ACF246FCC}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EDF7256-95C2-4CC3-8C4D-C1C8F68AB10B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FF08B4C-ACDF-4C81-9CFC-244516263129}" = lport=139 | protocol=6 | dir=in | app=system |
"{1097BA28-26C6-4B30-A271-16F761D4F6A8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B2F8F57-F3C8-429A-86FC-E7D1EAD53EC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2097C0CE-9206-41CF-B0A9-4EA1D6DC94EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{218BCB7F-1202-4D3A-A194-81D61E5E60BB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{224F20E8-5C52-4DC1-A2A0-23400A2C1241}" = rport=137 | protocol=17 | dir=out | app=system |
"{298A7A10-5F3A-4DD2-9759-DF7911A30CDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C69C168-C811-451F-93D7-A883F49E5097}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F75CE7B-4154-41C5-AB2D-496E438032A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34131AAA-7557-46B3-9380-61F755E9E618}" = lport=137 | protocol=17 | dir=in | app=system |
"{350746CB-2193-4B16-8B3F-3CFDC63B2E1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A801AE6-504D-46D9-A3A8-2509222DC100}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{5FE4215F-BC85-412C-A6A7-18828485DC1D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62A298BE-476B-4D8E-81E7-75C3A5BE481C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6552A4BC-DB2E-46E6-B6EC-CEDB5A0E0B4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7931E844-6E20-49A6-BBAE-EC21974223B5}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{85925587-3E4E-4C4E-BB9B-49DC5F5EBDAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{860F05F3-44CC-46D4-B0CA-45D9AF585857}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95A512DD-85B4-4829-A687-8767B0076CD2}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{995C4B7E-ECA4-48CF-85C4-D5F48037CE83}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BA807AE-F5A3-4AEC-81B1-50D5CD973AA0}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{A3B93A91-66E5-41F1-8543-C02920138924}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B6542D87-B214-43CA-8F84-5D366A768EE9}" = lport=138 | protocol=17 | dir=in | app=system |
"{CECE2F2F-7A9D-4D9B-9A1F-6394A45D46B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF726E9B-6FF8-474D-9B85-956AE17995A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F11A00C1-25CF-4299-8189-1F5820CDF0DC}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0341583C-9C9D-41F8-A913-A876E43334DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{062D8C0E-5374-4AAE-8B0A-444E6B789485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09A04E22-46F6-47D5-BC6C-137E1E2D29C9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0DBF634C-940A-4082-ADC6-3E9938E34529}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B4C7DBA-8224-4E10-83BE-6FE4A05C2E4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E4D25E8-4449-4B75-BB10-EB937F508E8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3411D7A2-1232-422C-B9C2-D03E55301847}" = protocol=6 | dir=out | app=system |
"{35800A37-6A87-4B9A-8E5A-85982A0B5CFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39E77B14-F7AE-4101-8387-8B7358E36333}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EA1B887-D989-40F5-B721-B28383C0F07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4088882E-1259-4E5C-8ED8-71CD274D85E1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43004E56-3E28-4866-A911-AE85767DEC15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E5737BC-BDB8-42E6-9C6A-6EB049CC2EC7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F2FA1BE-09BD-4068-A97B-58DC87E4D561}" = protocol=17 | dir=in | app=c:\program files (x86)\crazyremote\crazyremoteserver.exe |
"{5F6174C7-D84A-4BAF-A7CF-74DFBB8E3E30}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{61867C53-0F98-45A0-A9C4-365B25858AAF}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{6230BE78-4FCE-48B7-B285-C14B0EF3A4F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{661D040C-63F4-4AF6-B49F-9879A8A2A9FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6666E847-781F-4CAD-A46D-31F4EF16A3CF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{67923C34-4F64-4544-9261-8E774EEC7EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7BAFBBC1-445E-404D-91CE-A4CCB0F928D1}" = protocol=6 | dir=in | app=c:\program files (x86)\crazyremote\crazyremoteserver.exe |
"{7F5973F4-276E-4FE6-A6DD-EF4D4373E549}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80A428DD-41B4-4CC9-8FD3-5537925E05E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84E81759-DCFF-4B55-946B-157BECA75563}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{887C90B4-995B-400D-BD42-1991960B98B3}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{8AC78085-CD9E-499F-AFF3-595DBC55EA86}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9288D735-6872-42B2-836F-8A16E0C79FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{970A0EA8-48DC-4640-8D4D-F92EB4DA9E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{A22B6A9E-D5A2-4A1B-A62F-F21AF8C8A81A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADA3EC3B-17CE-48E3-935D-B20D9D13931A}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{B6C85432-69F2-4A4F-A468-C506DB44D487}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFD2CC1E-039B-49AC-A5BC-2E5259C553A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2FBBA4A-3131-4913-9400-4B35E7540374}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4800E9B-8073-4679-A08A-0E47531177A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C8F58E1F-90EF-4B3D-8FDB-58AD62C520C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF74F4B9-78F2-4D41-83DB-7B850E439731}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7BE6AAD-4E32-4F56-A451-6BE0F6D427E4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{DBC94D72-5A99-4FFE-80C1-0C652C046EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\crazyremote\crazyremoteserver.exe |
"{DE955C66-2784-42A9-AECD-33846957A1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D2E477-8524-4294-9D6A-D8481328389F}" = HP Software Framework
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
"{4913D614-14AA-4728-B32C-678467E5AD58}" = HP Documentation
"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0C0A-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Spanish) 2010
"{90140000-0017-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{F26F86C8-AC71-413C-B432-CD0007FD9C33}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.OMUI.es-es_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.es-es_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.es-es_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.OMUI.es-es_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.OMUI.es-es_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.OMUI.es-es_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.OMUI.es-es_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0C0A-0000-0000000FF1CE}" = Microsoft Office O MUI (Spanish) 2010
"{90140000-0100-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{59DDF6A6-FD7E-4A78-968A-0FDBACB8B91C}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0C0A-0000-0000000FF1CE}" = Microsoft Office X MUI (Spanish) 2010
"{90140000-0101-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{4EB53E7C-9760-4670-AEF4-797A479CC67B}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.OMUI.es-es" = Microsoft Office Language Pack 2010 - Spanish/Español
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2013 6:14:45 AM | Computer Name = ALEXIS-HP | Source = AntiSpywareService | ID = 0
Description =

Error - 3/20/2013 6:39:41 AM | Computer Name = ALEXIS-HP | Source = AntiSpywareService | ID = 0
Description =

Error - 3/20/2013 6:59:04 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x71716bf1 Faulting process id: 0x1090 Faulting application
start time: 0x01ce25571020c9a7 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 2d80da17-914d-11e2-89df-984be1a73c70

Error - 3/20/2013 7:28:01 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000029 Fault offset: 0x00013ce2 Faulting process id: 0x1a10 Faulting application
start time: 0x01ce255a691d4b1f Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 39031e6a-9151-11e2-89df-984be1a73c70

Error - 3/20/2013 7:53:08 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x9366016d Faulting process id: 0x143c Faulting application
start time: 0x01ce255e562ab021 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: babbae8a-9154-11e2-89df-984be1a73c70

Error - 3/20/2013 8:29:12 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x43316c09 Faulting process id: 0xab8 Faulting application
start time: 0x01ce2561af7b0f52 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: c4b91e4e-9159-11e2-89df-984be1a73c70

Error - 3/20/2013 9:00:06 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xc1976d7f Faulting process id: 0x1404 Faulting application
start time: 0x01ce2566e982629c Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 15ff0fc6-915e-11e2-89df-984be1a73c70

Error - 3/20/2013 10:44:07 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x001d9ab6 Faulting process
id: 0x1b2c Faulting application start time: 0x01ce256b11ceb32a Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 9dd036d6-916c-11e2-89df-984be1a73c70

Error - 3/20/2013 11:15:40 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x0041805a Faulting process
id: 0x1b64 Faulting application start time: 0x01ce2579a29859e0 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 06679595-9171-11e2-89df-984be1a73c70

Error - 3/20/2013 11:48:17 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x314dd86b Faulting process id: 0x1970 Faulting application
start time: 0x01ce257dfb6bc3da Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 94c301dd-9175-11e2-89df-984be1a73c70

Error - 3/20/2013 12:03:08 PM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x001d9ab6 Faulting process
id: 0x1cf0 Faulting application start time: 0x01ce2582b98e9bea Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: a7b72f58-9177-11e2-89df-984be1a73c70

[ Hewlett-Packard Events ]
Error - 2/25/2013 9:55:21 AM | Computer Name = ALEXIS-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/25/2013 9:56:12 AM | Computer Name = ALEXIS-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/25/2013 9:59:06 AM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 3/9/2013 10:07:30 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 3/9/2013 10:08:27 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 3/9/2013 10:09:03 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 3/18/2013 9:58:18 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 3/19/2013 6:52:58 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 4/1/2013 9:15:55 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 4/2/2013 9:23:29 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]
Error - 2/25/2013 5:18:25 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/25/2013 5:23:58 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2/25/2013 5:45:34 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2/28/2013 7:07:01 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2/28/2013 10:06:20 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/1/2013 1:18:51 AM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/7/2013 10:22:36 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/14/2013 8:07:46 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/16/2013 4:00:27 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/18/2013 12:37:16 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Spybot - Search and Destroy Events ]
Error - 4/1/2013 10:29:04 PM | Computer Name = ALEXIS-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 4/12/2013 9:16:46 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ccSet_NST

Error - 4/12/2013 9:25:11 PM | Computer Name = ALEXIS-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:22:51 PM on ?4/?12/?2013 was unexpected.

Error - 4/12/2013 9:25:27 PM | Computer Name = ALEXIS-HP | Source = BugCheck | ID = 1001
Description =

Error - 4/12/2013 9:26:49 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ccSet_NST

Error - 4/12/2013 9:27:13 PM | Computer Name = ALEXIS-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 4/12/2013 9:46:38 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/12/2013 9:59:30 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/12/2013 10:42:28 PM | Computer Name = ALEXIS-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).

Error - 4/13/2013 10:21:09 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ccSet_NST

Error - 4/13/2013 10:21:21 PM | Computer Name = ALEXIS-HP | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >

Good Morning,

Its still there :sad: Actually outside of this problem your log does not look to bad.


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)





Post the log from TDSSkiller and then run a new scan with OTL and post a new log please, there wont be any extras log on the second run so dont worry about it

Hello, One of two logs.

20:52:28.0261 7636 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:52:30.0274 7636 ============================================================
20:52:30.0274 7636 Current date / time: 2013/04/14 20:52:30.0274
20:52:30.0274 7636 SystemInfo:
20:52:30.0274 7636
20:52:30.0274 7636 OS Version: 6.1.7601 ServicePack: 1.0
20:52:30.0274 7636 Product type: Workstation
20:52:30.0274 7636 ComputerName: ALEXIS-HP
20:52:30.0274 7636 UserName: ALEXIS
20:52:30.0274 7636 Windows directory: C:\Windows
20:52:30.0274 7636 System windows directory: C:\Windows
20:52:30.0274 7636 Running under WOW64
20:52:30.0274 7636 Processor architecture: Intel x64
20:52:30.0274 7636 Number of processors: 2
20:52:30.0274 7636 Page size: 0x1000
20:52:30.0274 7636 Boot type: Normal boot
20:52:30.0274 7636 ============================================================
20:52:37.0044 7636 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:37.0075 7636 ============================================================
20:52:37.0075 7636 \Device\Harddisk0\DR0:
20:52:37.0107 7636 MBR partitions:
20:52:37.0107 7636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:52:37.0107 7636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x237A8000
20:52:37.0107 7636 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2380C000, BlocksNum 0x1BEE800
20:52:37.0107 7636 ============================================================
20:52:37.0325 7636 C: <-> \Device\Harddisk0\DR0\Partition2
20:52:37.0543 7636 D: <-> \Device\Harddisk0\DR0\Partition3
20:52:37.0871 7636 ============================================================
20:52:37.0871 7636 Initialize success
20:52:37.0871 7636 ============================================================
20:53:04.0625 3732 ============================================================
20:53:04.0625 3732 Scan started
20:53:04.0625 3732 Mode: Manual;
20:53:04.0625 3732 ============================================================
20:53:47.0432 3732 ================ Scan system memory ========================
20:53:47.0432 3732 System memory - ok
20:53:47.0447 3732 ================ Scan services =============================
20:54:03.0968 3732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:54:04.0124 3732 1394ohci - ok
20:54:04.0529 3732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:54:04.0529 3732 ACPI - ok
20:54:04.0950 3732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:54:04.0950 3732 AcpiPmi - ok
20:54:17.0056 3732 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:54:17.0103 3732 AdobeFlashPlayerUpdateSvc - ok
20:54:17.0774 3732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:54:18.0039 3732 adp94xx - ok
20:54:18.0507 3732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:54:18.0741 3732 adpahci - ok
20:54:19.0084 3732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:54:19.0146 3732 adpu320 - ok
20:54:19.0458 3732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:54:19.0770 3732 AeLookupSvc - ok
20:54:20.0550 3732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:54:20.0582 3732 AFD - ok
20:54:20.0847 3732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:54:20.0847 3732 agp440 - ok
20:54:21.0315 3732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:54:21.0330 3732 ALG - ok
20:54:21.0705 3732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:54:21.0845 3732 aliide - ok
20:54:22.0454 3732 [ 850F0C8034225FA3F50D551A905FA503 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:54:22.0547 3732 AMD External Events Utility - ok
20:54:23.0234 3732 AMD FUEL Service - ok
20:54:23.0811 3732 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:54:24.0107 3732 AMD Reservation Manager - ok
20:54:24.0450 3732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:54:24.0513 3732 amdide - ok
20:54:25.0090 3732 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
20:54:25.0168 3732 amdiox64 - ok
20:54:25.0542 3732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:54:25.0558 3732 AmdK8 - ok
20:54:34.0060 3732 [ 7979BF4A66EFDADF3D00A052409609B1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:54:34.0544 3732 amdkmdag - ok
20:54:35.0511 3732 [ 7D5CDB0161E91951D3DD99E55CEA4D01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:54:35.0698 3732 amdkmdap - ok
20:54:36.0026 3732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:54:36.0197 3732 AmdPPM - ok
20:54:36.0618 3732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:54:36.0712 3732 amdsata - ok
20:54:37.0227 3732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:54:37.0367 3732 amdsbs - ok
20:54:37.0632 3732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:54:37.0710 3732 amdxata - ok
20:54:37.0866 3732 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
20:54:37.0960 3732 amd_sata - ok
20:54:38.0085 3732 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
20:54:38.0132 3732 amd_xata - ok
20:54:38.0522 3732 [ 27466E519371C6FC3A39B1F7B8A297FC ] androidusb C:\Windows\system32\Drivers\androidusb.sys
20:54:38.0600 3732 androidusb - ok
20:54:39.0192 3732 AntiLog32 - ok
20:54:40.0050 3732 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
20:54:40.0144 3732 AntiSpywareService - ok
20:54:40.0706 3732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:54:40.0830 3732 AppID - ok
20:54:40.0940 3732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:54:41.0002 3732 AppIDSvc - ok
20:54:41.0298 3732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:54:41.0345 3732 Appinfo - ok
20:54:41.0954 3732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:54:42.0016 3732 arc - ok
20:54:42.0266 3732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:54:42.0375 3732 arcsas - ok
20:54:42.0640 3732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:42.0656 3732 AsyncMac - ok
20:54:42.0952 3732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:54:43.0014 3732 atapi - ok
20:54:43.0451 3732 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:54:43.0482 3732 AtiHdmiService - ok
20:54:43.0748 3732 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:54:43.0810 3732 AtiPcie - ok
20:54:44.0528 3732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:54:44.0559 3732 AudioEndpointBuilder - ok
20:54:45.0011 3732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:54:45.0011 3732 AudioSrv - ok
20:54:45.0947 3732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:54:46.0010 3732 AxInstSV - ok
20:54:46.0462 3732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:54:46.0524 3732 b06bdrv - ok
20:54:46.0805 3732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:54:46.0883 3732 b57nd60a - ok
20:54:48.0209 3732 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:54:48.0396 3732 BCM43XX - ok
20:54:48.0490 3732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:54:48.0584 3732 BDESVC - ok
20:54:48.0708 3732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:54:48.0786 3732 Beep - ok
20:54:49.0488 3732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:54:49.0676 3732 BFE - ok
20:54:51.0454 3732 [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
20:54:51.0657 3732 BHDrvx64 - ok
20:54:52.0390 3732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:54:53.0108 3732 BITS - ok
20:54:53.0295 3732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:53.0482 3732 blbdrive - ok
20:54:53.0747 3732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:54:53.0872 3732 bowser - ok
20:54:54.0059 3732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:54.0168 3732 BrFiltLo - ok
20:54:54.0246 3732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:54.0324 3732 BrFiltUp - ok
20:54:54.0995 3732 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:54:55.0073 3732 BridgeMP - ok
20:54:55.0354 3732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:54:55.0401 3732 Browser - ok
20:54:55.0682 3732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:54:56.0009 3732 Brserid - ok
20:54:56.0243 3732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:56.0399 3732 BrSerWdm - ok
20:54:56.0711 3732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:57.0086 3732 BrUsbMdm - ok
20:54:57.0210 3732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:57.0382 3732 BrUsbSer - ok
20:54:57.0663 3732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:57.0741 3732 BTHMODEM - ok
20:54:58.0100 3732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:54:58.0334 3732 bthserv - ok
20:54:58.0927 3732 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys
20:54:59.0036 3732 ccSet_NIS - ok
20:54:59.0301 3732 [ 0E1737A63AEC0F6DE231BB59836C0A11 ] ccSet_NOF C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys
20:54:59.0332 3732 ccSet_NOF - ok
20:54:59.0878 3732 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NST C:\Windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys
20:54:59.0972 3732 ccSet_NST - ok
20:55:00.0143 3732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:55:00.0175 3732 cdfs - ok
20:55:00.0362 3732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:55:00.0471 3732 cdrom - ok
20:55:00.0705 3732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:55:00.0736 3732 CertPropSvc - ok
20:55:00.0970 3732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:55:01.0017 3732 circlass - ok
20:55:01.0189 3732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:55:01.0204 3732 CLFS - ok
20:55:01.0688 3732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:55:02.0296 3732 clr_optimization_v2.0.50727_32 - ok
20:55:03.0887 3732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:55:05.0432 3732 clr_optimization_v2.0.50727_64 - ok
20:55:09.0191 3732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:55:10.0985 3732 clr_optimization_v4.0.30319_32 - ok
20:55:12.0826 3732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:55:13.0013 3732 clr_optimization_v4.0.30319_64 - ok
20:55:13.0481 3732 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
20:55:13.0513 3732 clwvd - ok
20:55:14.0059 3732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:55:14.0074 3732 CmBatt - ok
20:55:14.0183 3732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:55:14.0199 3732 cmdide - ok
20:55:14.0511 3732 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:55:14.0527 3732 CNG - ok
20:55:15.0338 3732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:55:15.0509 3732 Compbatt - ok
20:55:16.0383 3732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:55:16.0399 3732 CompositeBus - ok
20:55:16.0679 3732 COMSysApp - ok
20:55:17.0007 3732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:55:17.0023 3732 crcdisk - ok
20:55:17.0693 3732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:55:17.0756 3732 CryptSvc - ok
20:55:19.0565 3732 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:55:19.0690 3732 cvhsvc - ok
20:55:20.0189 3732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:55:20.0267 3732 DcomLaunch - ok
20:55:20.0720 3732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:55:20.0751 3732 defragsvc - ok
20:55:21.0032 3732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:55:21.0063 3732 DfsC - ok
20:55:21.0406 3732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:55:21.0422 3732 Dhcp - ok
20:55:21.0593 3732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:55:21.0609 3732 discache - ok
20:55:21.0718 3732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:55:21.0734 3732 Disk - ok
20:55:22.0124 3732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:55:22.0139 3732 Dnscache - ok
20:55:22.0389 3732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:55:22.0654 3732 dot3svc - ok
20:55:23.0138 3732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:55:23.0169 3732 DPS - ok
20:55:23.0294 3732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:55:23.0372 3732 drmkaud - ok
20:55:24.0121 3732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:55:24.0136 3732 DXGKrnl - ok
20:55:24.0557 3732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:55:24.0635 3732 EapHost - ok
20:55:27.0272 3732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:55:27.0599 3732 ebdrv - ok
20:55:29.0471 3732 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:55:29.0534 3732 eeCtrl - ok
20:55:29.0861 3732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:55:30.0002 3732 EFS - ok
20:55:31.0234 3732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:55:31.0655 3732 ehRecvr - ok
20:55:32.0139 3732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:55:32.0545 3732 ehSched - ok
20:55:33.0527 3732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:55:33.0917 3732 elxstor - ok
20:55:35.0321 3732 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:55:35.0633 3732 EraserUtilRebootDrv - ok
20:55:35.0883 3732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:55:36.0164 3732 ErrDev - ok
20:55:38.0051 3732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:55:38.0176 3732 EventSystem - ok
20:55:38.0379 3732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:55:38.0395 3732 exfat - ok
20:55:38.0675 3732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:55:38.0769 3732 fastfat - ok
20:55:40.0142 3732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:55:40.0189 3732 Fax - ok
20:55:40.0423 3732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:55:40.0813 3732 fdc - ok
20:55:41.0000 3732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:55:41.0015 3732 fdPHost - ok
20:55:41.0281 3732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:55:41.0296 3732 FDResPub - ok
20:55:41.0390 3732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:55:41.0639 3732 FileInfo - ok
20:55:41.0764 3732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:55:41.0842 3732 Filetrace - ok
20:55:41.0983 3732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:55:41.0983 3732 flpydisk - ok
20:55:42.0575 3732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:55:42.0653 3732 FltMgr - ok
20:55:43.0340 3732 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:55:43.0371 3732 FontCache - ok
20:55:43.0761 3732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:55:44.0104 3732 FontCache3.0.0.0 - ok
20:55:44.0198 3732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:55:44.0213 3732 FsDepends - ok
20:55:44.0525 3732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:55:44.0572 3732 Fs_Rec - ok
20:55:44.0775 3732 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:55:44.0791 3732 fvevol - ok
20:55:44.0869 3732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:55:44.0869 3732 gagp30kx - ok
20:55:45.0851 3732 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:55:46.0070 3732 GameConsoleService - ok
20:55:46.0210 3732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:55:46.0226 3732 gpsvc - ok
20:55:46.0678 3732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:55:46.0741 3732 gupdate - ok
20:55:46.0756 3732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:55:46.0756 3732 gupdatem - ok
20:55:46.0912 3732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:55:46.0943 3732 hcw85cir - ok
20:55:47.0146 3732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:55:47.0177 3732 HdAudAddService - ok
20:55:47.0318 3732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:55:47.0396 3732 HDAudBus - ok
20:55:47.0443 3732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:55:47.0458 3732 HidBatt - ok
20:55:47.0489 3732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:55:47.0521 3732 HidBth - ok
20:55:47.0583 3732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:55:47.0583 3732 HidIr - ok
20:55:47.0614 3732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:55:47.0645 3732 hidserv - ok
20:55:47.0926 3732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:55:47.0942 3732 HidUsb - ok
20:55:47.0989 3732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:55:48.0004 3732 hkmsvc - ok
20:55:48.0051 3732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:55:48.0067 3732 HomeGroupListener - ok
20:55:48.0160 3732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:55:48.0191 3732 HomeGroupProvider - ok
20:55:48.0597 3732 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:55:48.0644 3732 HP Support Assistant Service - ok
20:55:49.0252 3732 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:55:49.0252 3732 HP Wireless Assistant Service - ok
20:55:49.0408 3732 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:55:49.0517 3732 HPClientSvc - ok
20:55:49.0720 3732 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:55:49.0736 3732 HPDrvMntSvc.exe - ok
20:55:49.0861 3732 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:55:49.0892 3732 hpqwmiex - ok
20:55:49.0970 3732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:55:49.0970 3732 HpSAMD - ok
20:55:50.0173 3732 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:55:50.0173 3732 HPWMISVC - ok
20:55:50.0812 3732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:55:51.0031 3732 HTTP - ok
20:55:51.0280 3732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:55:51.0374 3732 hwpolicy - ok
20:55:51.0764 3732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:55:52.0154 3732 i8042prt - ok
20:55:52.0684 3732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:55:52.0715 3732 iaStorV - ok
20:55:53.0137 3732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:55:53.0339 3732 idsvc - ok
20:55:53.0885 3732 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSvia64.sys
20:55:54.0322 3732 IDSVia64 - ok
20:55:55.0898 3732 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:55:56.0101 3732 igfx - ok
20:55:56.0163 3732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:55:56.0163 3732 iirsp - ok
20:55:56.0475 3732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:55:56.0491 3732 IKEEXT - ok
20:55:56.0569 3732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:55:56.0584 3732 intelide - ok
20:55:56.0787 3732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:55:56.0787 3732 intelppm - ok
20:55:56.0865 3732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:55:56.0896 3732 IPBusEnum - ok
20:55:56.0959 3732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:55:57.0005 3732 IpFilterDriver - ok
20:55:57.0208 3732 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:55:57.0224 3732 iphlpsvc - ok
20:55:57.0286 3732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:55:57.0286 3732 IPMIDRV - ok
20:55:57.0395 3732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:55:57.0427 3732 IPNAT - ok
20:55:57.0551 3732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:55:57.0551 3732 IRENUM - ok
20:55:57.0629 3732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:55:57.0661 3732 isapnp - ok
20:55:57.0754 3732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:55:57.0817 3732 iScsiPrt - ok
20:55:57.0910 3732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:55:57.0910 3732 kbdclass - ok
20:55:58.0207 3732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:55:58.0207 3732 kbdhid - ok
20:55:58.0253 3732 keycrypt - ok
20:55:58.0300 3732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:55:58.0300 3732 KeyIso - ok
20:55:58.0378 3732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:55:58.0378 3732 KSecDD - ok
20:55:58.0503 3732 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:55:58.0534 3732 KSecPkg - ok
20:55:58.0753 3732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:55:58.0753 3732 ksthunk - ok
20:55:58.0955 3732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:55:58.0971 3732 KtmRm - ok
20:55:59.0127 3732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:55:59.0174 3732 LanmanServer - ok
20:55:59.0283 3732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:55:59.0377 3732 LanmanWorkstation - ok
20:55:59.0486 3732 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:55:59.0486 3732 LHidFilt - ok
20:55:59.0626 3732 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:55:59.0626 3732 LightScribeService - ok
20:55:59.0907 3732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:55:59.0923 3732 lltdio - ok
20:56:00.0219 3732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:56:00.0281 3732 lltdsvc - ok
20:56:00.0313 3732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:56:00.0344 3732 lmhosts - ok
20:56:00.0422 3732 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:56:00.0453 3732 LMouFilt - ok
20:56:00.0593 3732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:56:00.0640 3732 LSI_FC - ok
20:56:00.0718 3732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:56:00.0718 3732 LSI_SAS - ok
20:56:00.0781 3732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:56:00.0781 3732 LSI_SAS2 - ok
20:56:00.0859 3732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:56:00.0890 3732 LSI_SCSI - ok
20:56:01.0015 3732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:56:01.0030 3732 luafv - ok
20:56:01.0233 3732 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:56:01.0233 3732 MBAMProtector - ok
20:56:01.0483 3732 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:56:01.0498 3732 MBAMScheduler - ok
20:56:02.0169 3732 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:56:02.0263 3732 MBAMService - ok
20:56:02.0294 3732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:56:02.0325 3732 Mcx2Svc - ok
20:56:02.0419 3732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:56:02.0434 3732 megasas - ok
20:56:02.0575 3732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:56:02.0590 3732 MegaSR - ok
20:56:02.0731 3732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:56:02.0731 3732 MMCSS - ok
20:56:02.0793 3732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:56:02.0824 3732 Modem - ok
20:56:02.0933 3732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:56:02.0933 3732 monitor - ok
20:56:03.0245 3732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:56:03.0277 3732 mouclass - ok
20:56:03.0557 3732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:56:03.0557 3732 mouhid - ok
20:56:03.0854 3732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:56:03.0854 3732 mountmgr - ok
20:56:04.0025 3732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:56:04.0135 3732 mpio - ok
20:56:04.0213 3732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:56:04.0213 3732 mpsdrv - ok
20:56:04.0415 3732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:56:04.0447 3732 MpsSvc - ok
20:56:04.0509 3732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:56:04.0509 3732 MRxDAV - ok
20:56:04.0587 3732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:04.0587 3732 mrxsmb - ok
20:56:04.0665 3732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:04.0665 3732 mrxsmb10 - ok
20:56:04.0712 3732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:04.0727 3732 mrxsmb20 - ok
20:56:04.0790 3732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:56:04.0805 3732 msahci - ok
20:56:04.0868 3732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:56:04.0883 3732 msdsm - ok
20:56:04.0930 3732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:56:04.0930 3732 MSDTC - ok
20:56:04.0977 3732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:56:04.0977 3732 Msfs - ok
20:56:05.0024 3732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:56:05.0024 3732 mshidkmdf - ok
20:56:05.0071 3732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:56:05.0086 3732 msisadrv - ok
20:56:05.0211 3732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:56:05.0227 3732 MSiSCSI - ok
20:56:05.0227 3732 msiserver - ok
20:56:05.0305 3732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:56:05.0320 3732 MSKSSRV - ok
20:56:05.0336 3732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:05.0336 3732 MSPCLOCK - ok
20:56:05.0351 3732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:56:05.0351 3732 MSPQM - ok
20:56:05.0492 3732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:56:05.0507 3732 MsRPC - ok
20:56:05.0554 3732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:56:05.0554 3732 mssmbios - ok
20:56:05.0617 3732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:56:05.0632 3732 MSTEE - ok
20:56:05.0695 3732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:56:05.0695 3732 MTConfig - ok
20:56:05.0741 3732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:56:05.0757 3732 Mup - ok
20:56:05.0882 3732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:56:05.0897 3732 napagent - ok
20:56:06.0100 3732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:56:06.0147 3732 NativeWifiP - ok
20:56:06.0599 3732 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\ENG64.SYS
20:56:06.0599 3732 NAVENG - ok
20:56:06.0927 3732 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\EX64.SYS
20:56:07.0223 3732 NAVEX15 - ok
20:56:07.0473 3732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:56:07.0473 3732 NDIS - ok
20:56:07.0613 3732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:07.0613 3732 NdisCap - ok
20:56:07.0769 3732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:07.0801 3732 NdisTapi - ok
20:56:08.0144 3732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:08.0175 3732 Ndisuio - ok
20:56:08.0315 3732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:08.0331 3732 NdisWan - ok
20:56:08.0378 3732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:56:08.0393 3732 NDProxy - ok
20:56:08.0518 3732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:56:08.0518 3732 NetBIOS - ok
20:56:08.0596 3732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:56:08.0612 3732 NetBT - ok
20:56:08.0690 3732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:56:08.0705 3732 Netlogon - ok
20:56:08.0893 3732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:56:08.0908 3732 Netman - ok
20:56:09.0080 3732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:56:09.0095 3732 netprofm - ok
20:56:09.0236 3732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:09.0267 3732 NetTcpPortSharing - ok
20:56:10.0936 3732 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:56:11.0108 3732 netw5v64 - ok
20:56:11.0186 3732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:56:11.0201 3732 nfrd960 - ok
20:56:11.0560 3732 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
20:56:11.0576 3732 NIS - ok
20:56:11.0716 3732 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:56:11.0716 3732 NlaSvc - ok
20:56:11.0794 3732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:56:11.0825 3732 Npfs - ok
20:56:11.0903 3732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:56:11.0919 3732 nsi - ok
20:56:11.0935 3732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:56:11.0935 3732 nsiproxy - ok
20:56:12.0434 3732 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:56:12.0637 3732 Ntfs - ok
20:56:13.0183 3732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:56:13.0183 3732 Null - ok
20:56:13.0370 3732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:56:13.0385 3732 nvraid - ok
20:56:13.0619 3732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:56:13.0697 3732 nvstor - ok
20:56:13.0885 3732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:56:13.0885 3732 nv_agp - ok
20:56:14.0072 3732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:56:14.0072 3732 ohci1394 - ok
20:56:14.0275 3732 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:14.0290 3732 ose - ok
20:56:15.0616 3732 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:56:16.0006 3732 osppsvc - ok
20:56:16.0225 3732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:56:16.0225 3732 p2pimsvc - ok
20:56:16.0365 3732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:56:16.0381 3732 p2psvc - ok
20:56:16.0443 3732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:56:16.0474 3732 Parport - ok
20:56:16.0505 3732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:56:16.0505 3732 partmgr - ok
20:56:16.0568 3732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:56:16.0568 3732 PcaSvc - ok
20:56:16.0677 3732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:56:16.0693 3732 pci - ok
20:56:16.0786 3732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:56:16.0802 3732 pciide - ok
20:56:16.0911 3732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:56:16.0927 3732 pcmcia - ok
20:56:17.0020 3732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:56:17.0051 3732 pcw - ok
20:56:17.0176 3732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:56:17.0207 3732 PEAUTH - ok
20:56:18.0315 3732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:56:18.0331 3732 PerfHost - ok
20:56:19.0563 3732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:56:19.0875 3732 pla - ok
20:56:20.0499 3732 [ 25FBDEF06C4D92815B353F6E792C8129 ]



Second half on it's way.

Two of two.


PlugPlay C:\Windows\system32\umpnpmgr.dll
20:56:20.0655 3732 PlugPlay - ok
20:56:20.0873 3732 [ 8AC5649C9070674D4607301C180AB10B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
20:56:20.0889 3732 pneteth - ok
20:56:21.0029 3732 [ 06841F5CD8410B6BDC0B5A631B8F8787 ] pnetmdm C:\Windows\system32\DRIVERS\pnetmdm64.sys
20:56:21.0045 3732 pnetmdm - ok
20:56:21.0170 3732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:56:21.0201 3732 PNRPAutoReg - ok
20:56:21.0310 3732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:56:21.0341 3732 PNRPsvc - ok
20:56:21.0716 3732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:56:21.0763 3732 PolicyAgent - ok
20:56:21.0919 3732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:56:21.0950 3732 Power - ok
20:56:22.0231 3732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:56:22.0262 3732 PptpMiniport - ok
20:56:22.0340 3732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:56:22.0340 3732 Processor - ok
20:56:22.0449 3732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:56:22.0465 3732 ProfSvc - ok
20:56:22.0511 3732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:56:22.0511 3732 ProtectedStorage - ok
20:56:22.0605 3732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:56:22.0621 3732 Psched - ok
20:56:22.0730 3732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:56:22.0777 3732 ql2300 - ok
20:56:22.0839 3732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:56:22.0855 3732 ql40xx - ok
20:56:22.0964 3732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:56:22.0979 3732 QWAVE - ok
20:56:23.0057 3732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:56:23.0057 3732 QWAVEdrv - ok
20:56:23.0089 3732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:56:23.0089 3732 RasAcd - ok
20:56:23.0182 3732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:23.0182 3732 RasAgileVpn - ok
20:56:23.0213 3732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:56:23.0229 3732 RasAuto - ok
20:56:23.0276 3732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:23.0307 3732 Rasl2tp - ok
20:56:23.0463 3732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:56:23.0463 3732 RasMan - ok
20:56:23.0510 3732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:23.0619 3732 RasPppoe - ok
20:56:23.0728 3732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:56:23.0744 3732 RasSstp - ok
20:56:23.0853 3732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:56:23.0853 3732 rdbss - ok
20:56:23.0931 3732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:56:23.0947 3732 rdpbus - ok
20:56:23.0978 3732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:23.0978 3732 RDPCDD - ok
20:56:24.0025 3732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:56:24.0025 3732 RDPENCDD - ok
20:56:24.0071 3732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:56:24.0071 3732 RDPREFMP - ok
20:56:24.0274 3732 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:56:24.0274 3732 RdpVideoMiniport - ok
20:56:24.0415 3732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:56:24.0415 3732 RDPWD - ok
20:56:24.0493 3732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:56:24.0493 3732 rdyboost - ok
20:56:24.0555 3732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:56:24.0586 3732 RemoteAccess - ok
20:56:24.0695 3732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:56:24.0695 3732 RemoteRegistry - ok
20:56:24.0773 3732 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:56:24.0805 3732 ROOTMODEM - ok
20:56:25.0179 3732 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:56:25.0195 3732 RoxioNow Service - ok
20:56:25.0257 3732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:56:25.0257 3732 RpcEptMapper - ok
20:56:25.0319 3732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:56:25.0319 3732 RpcLocator - ok
20:56:25.0475 3732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:56:25.0475 3732 RpcSs - ok
20:56:25.0694 3732 [ CA327A84085F68200452E6761F943298 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
20:56:25.0694 3732 RSPCIESTOR - ok
20:56:25.0819 3732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:56:25.0834 3732 rspndr - ok
20:56:26.0068 3732 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:56:26.0084 3732 RTL8167 - ok
20:56:26.0115 3732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:56:26.0115 3732 SamSs - ok
20:56:26.0209 3732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:56:26.0224 3732 sbp2port - ok
20:56:26.0365 3732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:56:26.0380 3732 SCardSvr - ok
20:56:26.0536 3732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:56:26.0567 3732 scfilter - ok
20:56:26.0864 3732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:56:26.0879 3732 Schedule - ok
20:56:26.0957 3732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:56:26.0957 3732 SCPolicySvc - ok
20:56:27.0285 3732 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:56:27.0316 3732 sdbus - ok
20:56:27.0441 3732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:56:27.0519 3732 SDRSVC - ok
20:56:28.0096 3732 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:56:28.0190 3732 SDScannerService - ok
20:56:28.0720 3732 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:56:29.0141 3732 SDUpdateService - ok
20:56:30.0077 3732 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:56:30.0093 3732 SDWSCService - ok
20:56:30.0202 3732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:56:30.0218 3732 secdrv - ok
20:56:30.0296 3732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:56:30.0311 3732 seclogon - ok
20:56:30.0374 3732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:56:30.0389 3732 SENS - ok
20:56:30.0904 3732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:56:30.0920 3732 SensrSvc - ok
20:56:31.0091 3732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:56:31.0138 3732 Serenum - ok
20:56:31.0762 3732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:56:31.0778 3732 Serial - ok
20:56:31.0856 3732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:56:31.0871 3732 sermouse - ok
20:56:31.0949 3732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:56:31.0981 3732 SessionEnv - ok
20:56:32.0043 3732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:56:32.0074 3732 sffdisk - ok
20:56:32.0152 3732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:56:32.0183 3732 sffp_mmc - ok
20:56:32.0293 3732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:56:32.0293 3732 sffp_sd - ok
20:56:32.0386 3732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:32.0402 3732 sfloppy - ok
20:56:33.0073 3732 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:56:33.0229 3732 Sftfs - ok
20:56:33.0431 3732 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:56:33.0463 3732 sftlist - ok
20:56:33.0634 3732 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:56:33.0650 3732 Sftplay - ok
20:56:34.0258 3732 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:56:34.0274 3732 Sftredir - ok
20:56:34.0305 3732 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:56:34.0321 3732 Sftvol - ok
20:56:34.0414 3732 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:56:34.0414 3732 sftvsa - ok
20:56:34.0664 3732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:56:34.0679 3732 SharedAccess - ok
20:56:34.0851 3732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:34.0882 3732 ShellHWDetection - ok
20:56:35.0132 3732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:56:35.0132 3732 SiSRaid2 - ok
20:56:35.0288 3732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:56:35.0350 3732 SiSRaid4 - ok
20:56:35.0569 3732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:56:35.0569 3732 Smb - ok
20:56:35.0787 3732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:56:35.0787 3732 SNMPTRAP - ok
20:56:36.0489 3732 [ 3325D6E50E52CC05C5F8228288DF2A4C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:56:36.0661 3732 SNP2UVC - ok
20:56:36.0754 3732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:56:36.0770 3732 spldr - ok
20:56:36.0926 3732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:56:36.0941 3732 Spooler - ok
20:56:37.0675 3732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:56:37.0753 3732 sppsvc - ok
20:56:37.0862 3732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:56:37.0893 3732 sppuinotify - ok
20:56:38.0845 3732 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\NISx64\1403000.024\SRTSP64.SYS
20:56:38.0860 3732 SRTSP - ok
20:56:39.0344 3732 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
20:56:39.0375 3732 SRTSPX - ok
20:56:39.0874 3732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:56:40.0077 3732 srv - ok
20:56:40.0436 3732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:56:40.0654 3732 srv2 - ok
20:56:40.0732 3732 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:56:40.0904 3732 SrvHsfHDA - ok
20:56:41.0387 3732 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:56:41.0606 3732 SrvHsfV92 - ok
20:56:41.0933 3732 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:56:41.0949 3732 SrvHsfWinac - ok
20:56:42.0058 3732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:56:42.0074 3732 srvnet - ok
20:56:42.0261 3732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:56:42.0308 3732 SSDPSRV - ok
20:56:42.0495 3732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:56:42.0511 3732 SstpSvc - ok
20:56:44.0242 3732 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:56:44.0414 3732 STacSV - ok
20:56:44.0585 3732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:56:44.0617 3732 stexstor - ok
20:56:44.0975 3732 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:56:45.0007 3732 STHDA - ok
20:56:45.0287 3732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:56:45.0303 3732 stisvc - ok
20:56:45.0397 3732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:56:45.0428 3732 swenum - ok
20:56:45.0584 3732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:56:45.0615 3732 swprv - ok
20:56:46.0099 3732 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
20:56:46.0145 3732 SymDS - ok
20:56:47.0035 3732 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
20:56:47.0081 3732 SymEFA - ok
20:56:47.0627 3732 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:56:47.0643 3732 SymEvent - ok
20:56:47.0908 3732 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS
20:56:47.0924 3732 SymIRON - ok
20:56:48.0314 3732 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NISx64\1403000.024\SYMNETS.SYS
20:56:48.0329 3732 SymNetS - ok
20:56:48.0579 3732 [ C21550B1D42A39B3A6D128729A9EBDD6 ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS
20:56:48.0626 3732 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
20:56:49.0359 3732 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:56:49.0390 3732 SynTP - ok
20:56:49.0905 3732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:56:50.0030 3732 SysMain - ok
20:56:50.0108 3732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:50.0139 3732 TabletInputService - ok
20:56:50.0311 3732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:56:50.0311 3732 TapiSrv - ok
20:56:50.0825 3732 [ 9C9C8BBCB6E6E1CBDAA10A5EAEA9FEAC ] tapklink C:\Windows\system32\DRIVERS\tapklink.sys
20:56:50.0825 3732 tapklink - ok
20:56:50.0966 3732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:56:50.0981 3732 TBS - ok
20:56:51.0699 3732 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:56:51.0839 3732 Tcpip - ok
20:56:52.0588 3732 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:56:52.0651 3732 TCPIP6 - ok
20:56:52.0807 3732 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:56:52.0822 3732 tcpipreg - ok
20:56:53.0556 3732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:56:53.0946 3732 TDPIPE - ok
20:56:54.0070 3732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:56:54.0304 3732 TDTCP - ok
20:56:54.0367 3732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:56:54.0398 3732 tdx - ok
20:56:54.0507 3732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:56:54.0523 3732 TermDD - ok
20:56:54.0710 3732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:56:54.0788 3732 TermService - ok
20:56:54.0897 3732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:56:54.0913 3732 Themes - ok
20:56:55.0006 3732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:56:55.0006 3732 THREADORDER - ok
20:56:55.0069 3732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:56:55.0084 3732 TrkWks - ok
20:56:55.0287 3732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:55.0287 3732 TrustedInstaller - ok
20:56:55.0412 3732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:55.0443 3732 tssecsrv - ok
20:56:55.0771 3732 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:56:55.0786 3732 TsUsbFlt - ok
20:56:56.0223 3732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:56:56.0254 3732 tunnel - ok
20:56:56.0426 3732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:56:56.0426 3732 uagp35 - ok
20:56:56.0738 3732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:56:57.0019 3732 udfs - ok
20:56:57.0549 3732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:56:57.0721 3732 UI0Detect - ok
20:56:58.0033 3732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:56:58.0314 3732 uliagpkx - ok
20:56:58.0470 3732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:56:58.0485 3732 umbus - ok
20:56:58.0797 3732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:56:58.0797 3732 UmPass - ok
20:56:58.0984 3732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:56:58.0984 3732 upnphost - ok
20:56:59.0094 3732 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:56:59.0109 3732 USBAAPL64 - ok
20:56:59.0328 3732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:59.0359 3732 usbccgp - ok
20:56:59.0437 3732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:56:59.0452 3732 usbcir - ok
20:56:59.0499 3732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:56:59.0515 3732 usbehci - ok
20:56:59.0624 3732 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:56:59.0655 3732 usbfilter - ok
20:56:59.0842 3732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:56:59.0858 3732 usbhub - ok
20:56:59.0889 3732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:56:59.0920 3732 usbohci - ok
20:57:00.0045 3732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:57:00.0061 3732 usbprint - ok
20:57:00.0186 3732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:57:00.0201 3732 USBSTOR - ok
20:57:00.0232 3732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:57:00.0295 3732 usbuhci - ok
20:57:00.0529 3732 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:57:00.0544 3732 usbvideo - ok
20:57:00.0685 3732 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
20:57:00.0700 3732 usb_rndisx - ok
20:57:00.0747 3732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:57:00.0747 3732 UxSms - ok
20:57:00.0825 3732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:57:00.0841 3732 VaultSvc - ok
20:57:00.0934 3732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:57:00.0981 3732 vdrvroot - ok
20:57:01.0200 3732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:57:01.0215 3732 vds - ok
20:57:01.0340 3732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:57:01.0356 3732 vga - ok
20:57:01.0371 3732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:57:01.0387 3732 VgaSave - ok
20:57:01.0480 3732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:57:01.0496 3732 vhdmp - ok
20:57:01.0574 3732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:57:01.0605 3732 viaide - ok
20:57:01.0683 3732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:57:01.0699 3732 volmgr - ok
20:57:01.0824 3732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:57:01.0839 3732 volmgrx - ok
20:57:01.0917 3732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:57:01.0917 3732 volsnap - ok
20:57:01.0980 3732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:57:01.0980 3732 vsmraid - ok
20:57:02.0354 3732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:57:02.0650 3732 VSS - ok
20:57:02.0728 3732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:57:02.0744 3732 vwifibus - ok
20:57:02.0838 3732 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:02.0838 3732 vwififlt - ok
20:57:02.0931 3732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:57:02.0931 3732 W32Time - ok
20:57:02.0994 3732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:57:03.0009 3732 WacomPen - ok
20:57:03.0181 3732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:57:03.0196 3732 WANARP - ok
20:57:03.0274 3732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:57:03.0274 3732 Wanarpv6 - ok
20:57:03.0540 3732 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:57:03.0586 3732 WatAdminSvc - ok
20:57:03.0836 3732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:57:03.0867 3732 wbengine - ok
20:57:04.0132 3732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:57:04.0210 3732 WbioSrvc - ok
20:57:04.0351 3732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:57:04.0366 3732 wcncsvc - ok
20:57:04.0444 3732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:04.0444 3732 WcsPlugInService - ok
20:57:04.0538 3732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:57:04.0538 3732 Wd - ok
20:57:04.0912 3732 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:57:04.0959 3732 Wdf01000 - ok
20:57:05.0068 3732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:57:05.0100 3732 WdiServiceHost - ok
20:57:05.0209 3732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:57:05.0209 3732 WdiSystemHost - ok
20:57:05.0505 3732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:57:05.0724 3732 WebClient - ok
20:57:06.0004 3732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:57:06.0145 3732 Wecsvc - ok
20:57:06.0254 3732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:57:06.0285 3732 wercplsupport - ok
20:57:06.0379 3732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:57:06.0394 3732 WerSvc - ok
20:57:06.0457 3732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:57:06.0457 3732 WfpLwf - ok
20:57:06.0566 3732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:57:06.0769 3732 WIMMount - ok
20:57:06.0862 3732 WinDefend - ok
20:57:06.0878 3732 WinHttpAutoProxySvc - ok
20:57:08.0142 3732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:57:08.0204 3732 Winmgmt - ok
20:57:08.0516 3732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:57:08.0610 3732 WinRM - ok
20:57:08.0797 3732 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:57:08.0812 3732 WinUSB - ok
20:57:09.0093 3732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:57:09.0109 3732 Wlansvc - ok
20:57:09.0826 3732 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:57:10.0201 3732 wlcrasvc - ok
20:57:10.0638 3732 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:57:10.0716 3732 wlidsvc - ok
20:57:10.0794 3732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:57:10.0809 3732 WmiAcpi - ok
20:57:10.0903 3732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:10.0918 3732 wmiApSrv - ok
20:57:10.0996 3732 WMPNetworkSvc - ok
20:57:11.0074 3732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:11.0090 3732 WPCSvc - ok
20:57:11.0137 3732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:11.0152 3732 WPDBusEnum - ok
20:57:11.0184 3732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:11.0184 3732 ws2ifsl - ok
20:57:11.0293 3732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:57:11.0308 3732 wscsvc - ok
20:57:11.0308 3732 WSearch - ok
20:57:11.0558 3732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:11.0589 3732 wuauserv - ok
20:57:11.0652 3732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:11.0667 3732 WudfPf - ok
20:57:11.0823 3732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:11.0839 3732 WUDFRd - ok
20:57:12.0026 3732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:12.0026 3732 wudfsvc - ok
20:57:12.0198 3732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:57:12.0213 3732 WwanSvc - ok
20:57:12.0369 3732 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:57:12.0385 3732 yukonw7 - ok
20:57:12.0634 3732 ================ Scan global ===============================
20:57:12.0728 3732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:57:12.0822 3732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:57:12.0884 3732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:57:12.0978 3732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:57:13.0134 3732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:57:13.0149 3732 [Global] - ok
20:57:13.0165 3732 ================ Scan MBR ==================================
20:57:13.0258 3732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:57:13.0258 3732 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:57:13.0648 3732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:57:13.0648 3732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:57:13.0648 3732 ================ Scan VBR ==================================
20:57:13.0742 3732 [ D7572535D4725395E3EF8EEF0F0964DD ] \Device\Harddisk0\DR0\Partition1
20:57:13.0867 3732 \Device\Harddisk0\DR0\Partition1 - ok
20:57:13.0914 3732 [ 08B31C7E7CF98CDE03C14911633E764D ] \Device\Harddisk0\DR0\Partition2
20:57:14.0038 3732 \Device\Harddisk0\DR0\Partition2 - ok
20:57:14.0070 3732 [ B984C6CCB404CF333A1F8A8ABF596C36 ] \Device\Harddisk0\DR0\Partition3
20:57:14.0101 3732 \Device\Harddisk0\DR0\Partition3 - ok
20:57:14.0116 3732 ============================================================
20:57:14.0116 3732 Scan finished
20:57:14.0116 3732 ============================================================
20:57:14.0148 2560 Detected object count: 1
20:57:14.0148 2560 Actual detected object count: 1
20:59:29.0977 2560 \Device\Harddisk0\DR0\# - copied to quarantine
20:59:29.0977 2560 \Device\Harddisk0\DR0 - copied to quarantine
20:59:31.0428 2560 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:59:31.0537 2560 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:59:31.0615 2560 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:59:31.0646 2560 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:59:31.0662 2560 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:59:31.0740 2560 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:59:31.0740 2560 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:59:31.0833 2560 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:59:31.0880 2560 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:59:31.0880 2560 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:59:31.0896 2560 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:59:31.0896 2560 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:59:31.0927 2560 \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
20:59:31.0927 2560 \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
20:59:31.0989 2560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:59:32.0192 2560 \Device\Harddisk0\DR0 - ok
20:59:35.0203 2560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:00:14.0051 7140 Deinitialize success

;) I think I did it. ;)

OTL by OldTimer
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



OTL logfile created on: 4/14/2013 9:28:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 49.29% Memory free
5.49 Gb Paging File | 3.93 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 225.69 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (EraserSvc11220) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130414.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130414.006\eng64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S00829^us&si=COP6wqWjxq8CFQhN4AodIBwAaw&ptb=37F905BE-4526-443B-AFCB-2222DF604173&psa=&ind=2012042112&st=sb&n=77ed5380&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/20 22:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/14 21:06:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/03/19 15:10:28 | 000,446,020 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck msln)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 21:10:06 | 000,067,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\msln.exe
[2013/04/14 20:59:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/14 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\tdsskiller
[2013/04/13 22:21:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/20 22:19:15 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013/03/20 22:19:15 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013/03/20 22:19:15 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013/03/20 22:19:15 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013/03/20 22:19:15 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013/03/20 22:19:15 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013/03/20 22:19:15 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013/03/20 22:19:15 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403000.024
[2013/03/20 22:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/03/20 22:19:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/03/20 14:25:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Avg2013
[2013/03/20 04:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 04:06:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/19 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2013/03/19 22:35:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\MFAData
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/19 22:16:52 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Google
[2013/03/19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/19 22:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft Toolbar
[2013/03/19 15:20:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/19 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/03/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/03/19 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/03/19 12:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/03/19 12:17:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/03/19 10:55:21 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 00:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/18 23:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/03/18 15:50:29 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\CyberLink
[2013/03/18 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Documents\Blio
[2013/03/18 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/18 13:46:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/03/18 13:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/03/18 13:13:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/03/18 13:13:35 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/03/18 12:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/17 23:11:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Malwarebytes
[2013/03/17 23:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/17 23:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/16 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\CyberLink
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/14 21:16:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 21:11:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 21:11:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 21:10:06 | 000,067,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\msln.exe
[2013/04/14 21:04:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 21:03:27 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/14 21:03:21 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 20:55:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 20:50:43 | 002,218,636 | ---- | M] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/12 21:14:26 | 001,820,129 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/02 01:13:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/25 21:18:19 | 000,001,290 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton Installation Files.lnk
[2013/03/21 09:35:08 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/21 09:35:08 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/21 09:35:08 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/20 22:20:01 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/20 22:20:01 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/20 22:20:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/20 22:19:47 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 15:11:49 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/20 13:55:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002Core.job
[2013/03/20 12:28:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS-HP$.job
[2013/03/19 15:10:28 | 000,446,020 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/19 12:54:05 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/19 12:17:44 | 000,001,069 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 12:17:22 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 10:55:21 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 01:08:16 | 002,033,827 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:55:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/18 22:55:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/18 22:38:39 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:35:02 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:48:30 | 667,746,304 | ---- | M] () -- C:\NBRT.iso
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/14 20:48:13 | 002,218,636 | ---- | C] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/20 22:50:34 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013/03/20 22:20:23 | 001,820,129 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/03/20 22:19:47 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 22:19:04 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013/03/20 22:19:04 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013/03/20 22:19:04 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013/03/20 22:19:04 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013/03/20 22:19:04 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013/03/20 22:19:04 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013/03/20 22:19:04 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013/03/20 22:19:04 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013/03/20 22:19:03 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013/03/20 22:19:03 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013/03/20 22:19:03 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013/03/20 22:19:03 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013/03/20 22:19:03 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013/03/20 22:19:03 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013/03/20 22:19:03 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013/03/20 22:19:03 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013/03/20 22:19:03 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013/03/20 22:19:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013/03/20 19:34:00 | 592,407,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/20 05:42:34 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 22:17:21 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 22:17:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/19 12:21:53 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/19 12:17:44 | 000,001,069 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 01:07:50 | 002,033,827 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:38:33 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:34:58 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:47:38 | 667,746,304 | ---- | C] () -- C:\NBRT.iso
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ID Vault
[2011/12/11 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Leadertech
[2011/11/08 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ooVoo Details
[2011/10/31 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\PictureMover
[2011/10/31 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Synaptics
[2013/03/09 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Tific
[2012/10/11 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TP
[2013/03/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2012/11/26 20:07:05 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Audacity
[2011/10/31 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ID Vault
[2011/11/09 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ooVoo Details
[2011/10/31 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\PictureMover
[2012/10/18 03:50:48 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\SoftGrid Client
[2011/10/31 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Synaptics
[2012/09/29 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Unified Remote
[2011/11/20 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\WildTangent
[2011/10/31 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ID Vault
[2011/10/31 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics

========== Purity Check ==========



< End of report >
:bigthumb:

Looks like I need to scrap Norton!!!!!!!!!!!!!!:surrender:

Good Morning,

Looking so much better, the svchost thing is gone, your where infected by the TDSS rootkit.

I am looking at the ASK Toolbar installed , if you want to remove it it can be uninstalled via Programs and Features in the Control Panel, not malicious but has some adware functionality along with altering your browsers search setting, you also have my websearch which is bad and needs to be removed.

Uninstall ASK , then run a new scan with OTL and we can remove leftovers along with mywebsearch. Also see if you can run aswMBR again and post that log

As far as Norton, your call to remove it but it has to be done problerly, I removed it on 3 of my systems not because of it detecting poorly but it was a system degrad issue. I switched to Microsoft Security Essentials which is free and more than adequate. Let me know if you decide to do this and I will link you to the Norton Removal tool along with the link for Microsofts program

Hello Ken545,
I do not see that toolbar.:confused:
Yes I am willing to remove Norton. Can you explain to me how to correctly maintain the PC ? Is Spybot something I should incorporate into a routine along with Windows security? Is there anything else you could recommend? If you have time could you comment on the backing up the pc.
I am happy, grateful and appreciate all you have done.:bigthumb:
THANK YOU
MIKE P.

Hello again,
See the snap shot of the uninstall page.

Hi, I was poking around and just realized Norton search engine is powered by Ask. On the results web page it says powered by Ask. ???? I am all yours.Your wish is my command.

Good Morning Mike,

One reason for getting all these toolbars most times is not reading what your installing, you need to read carefully through the install procedure before clicking on next. The way these viruses are written no matter what anti virus program you use sometimes one can slip by, the weakest link in the chain is you, you just need to be real careful what you download, links you click on, dont ever open any spam email, most of them are a hot bed of infection.

It looks like you also have already downloaded the Norton Removal Tool, not sure which one you have so you can remove it from your desktop and here is a link for the one i used over the weekend and it worked quite well. Also some people think having more than one AV will make them more secure when actually it dont, you need one AV, keep it updated and run frequent scans.

https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us



Hang off on removing Norton and lets get rid of some of the junk on your system first

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S00829^us&si=COP6wqWjxq8CFQhN4AodIBwAaw&ptb=37F905BE-4526-443B-AFCB-2222DF604173&psa=&ind=2012042112&st=sb&n=77ed5380&searchfor={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found


:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Glarysoft Toolbar


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Hello Again Ken545,
Prompted me to download that removal tool and reinstall the program.
When PC started to act up Norton . Okay here is the log.

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALEXIS\Downloads\cmd.bat deleted successfully.
C:\Users\ALEXIS\Downloads\cmd.txt deleted successfully.
C:\Program Files (x86)\Glarysoft Toolbar\toolbar folder moved successfully.
C:\Program Files (x86)\Glarysoft Toolbar folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 4666142 bytes
->Temporary Internet Files folder emptied: 19516667 bytes
->Java cache emptied: 99449 bytes
->Flash cache emptied: 122282 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154847142 bytes
->Java cache emptied: 233416 bytes
->Flash cache emptied: 113645 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18649425 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72290015 bytes
RecycleBin emptied: 251459 bytes

Total Files Cleaned = 258.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04162013_190029


Thank You
Mike

Ken545,

What I wanted to say was.

When the PC started to act up Norton prompted me to download that removal tool and reinstall the program.

Mike

Did you download the proper tool for your version of Norton, when you run it from the desktop you need to right click the icon and select RUN AS ADMINISTRATOR . It should automatically start the uninstall process

Hello Ken ,
I am not sure what removal tool I need . I tried the one on my desktop. When I tried to run as you said, a window pops up . See att. So i went to the programs install/uninstall, and removed thr only synmatic program there. Then I tried the removal tool again and got the same screen pop up. ????

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALEXIS\Downloads\cmd.bat deleted successfully.
C:\Users\ALEXIS\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\Glarysoft Toolbar not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 5085822 bytes
->Temporary Internet Files folder emptied: 6993845 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13450280 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04172013_235627

Files\Folders moved on Reboot...
File\Folder C:\Users\ALEXIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV8NNRTU\showthread[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ALEXIS :: ALEXIS-HP [administrator]

Protection: Enabled

4/18/2013 12:15:05 AM
mbam-log-2013-04-18 (00-15-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264554
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Ken

How do we know if norton has been removed correctly? If not , now what?
Please note: I am trying to do what you want me to do.
THANKS FOR YOUR PATIENTS
Mike

I can not see any (my websearch ) or the ask toolbar. I do see Norton in the All Programs but not in the Programs uninstall.

:confused:

Have a good day or night.
Mike

Note: I did go to your norton link and checked the removal tool.It was same as on the desktop.

Mike,

The tool your running is for Winfax Pro, you need the tool for Norton Internet Security, drag the one you have now on your desktop to the trash and download this one

https://support.norton.com/sp/en/us/home/current/solutions/kb20080828154508EN_EndUserProfile_en_us?

Ken ,

I did what you said. moved all Norton removal tools on the desktop to the trash. double clicked on your link. I ran that removal tool and got the same popup window.

Mike

Good Morning Mike,

Go ahead and uninstall Norton Antivirus via Programs and Features in the Control Panel. Do you use WinFaxPro, if not remove it also. Then run the removal tool . If this fails then I will link you to the Norton forum where you can get help with there products

Hello Ken,
I removed Norton from the control panel . I never installed WinfaxPro.
I did a search from Start, search programs & file of Norton and Winfaxpro and the only thing that shows is the Norton removal tool. If I run the Norton removal tool from your link I get that window with the winfax pro. ????????

Hello Ken,
I found this on the Norton forum. Do you think I should do it , and how?

Try this first Mike

https://support.norton.com/sp/en/us/home/current/solutions/kb20090526171553EN_EndUserProfile_en_us


Then if a no go do this

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe




REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Delrina]
[-HKEY_CURRENT_USER\Software\Delrina]
[-HKEY_USERS\.DEFAULT\Software\Delrina]




Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg



Then reboot and give the Removal Tool another shot

Ken ,
The Regfix on my desktop looks like the one you posted. I ran the Norton Tool again and got the same results.
Thanks
Mike

Hi,

You need to be more specific , did you run the regfix ? Lets do a new scan with OTL and post the log and lets see if we can get rid of it that way

Hello Ken,

Yes, I did run the Regfix as you said . I then did a reboot and ran the removal tool.

OTL logfile created on: 4/22/2013 9:46:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.41% Memory free
5.49 Gb Paging File | 4.11 Gb Available in Paging File | 74.81% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.78 Gb Free Space | 79.90% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\


O1 HOSTS File: ([2013/04/17 23:56:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 16:34:47 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\erunt
[2013/04/16 19:00:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/15 23:01:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Windows Live Writer
[2013/04/15 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Windows Live Writer
[2013/04/14 20:59:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/14 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\tdsskiller
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:23:48 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 20:23:48 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 20:23:48 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 20:23:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 20:23:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 20:23:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

========== Files - Modified Within 30 Days ==========

[2013/04/22 21:44:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 21:44:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 21:37:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 21:37:20 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 21:37:14 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/21 16:59:03 | 002,351,000 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/21 16:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/21 16:42:24 | 000,000,134 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:14 | 000,513,320 | ---- | M] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/19 22:16:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/18 22:56:34 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/18 00:13:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 23:56:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/17 23:15:24 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:48 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:50:43 | 002,218,636 | ---- | M] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/02 01:13:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

========== Files Created - No Company Name ==========

[2013/04/21 16:59:03 | 002,351,000 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:42:24 | 000,000,134 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:12 | 000,513,320 | ---- | C] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/18 22:56:34 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/17 23:15:24 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:47 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:48:13 | 002,218,636 | ---- | C] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ID Vault
[2011/12/11 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Leadertech
[2011/11/08 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ooVoo Details
[2011/10/31 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\PictureMover
[2011/10/31 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Synaptics
[2013/03/09 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Tific
[2012/10/11 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TP
[2013/03/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2013/04/15 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


Good night Ken

Good Morning,

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces






You will need the 64 bit version of this tool

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
Norton
:filefind
Norton
:regfind
Norton

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Hello
Here we go Ken,

All processes killed
========== PROCESSES ==========
========== OTL ==========
Service ccSet_NST stopped successfully!
Service ccSet_NST deleted successfully!
C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys moved successfully.
Service SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} stopped successfully!
Service SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} deleted successfully!
C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys moved successfully.
Error: Unable to stop service ccSet_NOF!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSet_NOF deleted successfully.
C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}\ not found.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\content folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\components folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\chrome\skin folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\chrome folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F04D2D30-776C-4d02-8627-8E4385ECA58D}\ not found.
File C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALEXIS\Downloads\cmd.bat deleted successfully.
C:\Users\ALEXIS\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 2417173 bytes
->Temporary Internet Files folder emptied: 27542623 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 720 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13468468 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2606621 bytes

Total Files Cleaned = 44.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04232013_224534

Files\Folders moved on Reboot...
C:\Users\ALEXIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9F20L4N\showthread[2].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



One of two
Mike

Two of Two


SystemLook 30.07.11 by jpshortstuff
Log created at 23:03 on 23/04/2013 by ALEXIS
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Norton"
C:\ProgramData\Norton d------ [09:06 18/02/2011]
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton d------ [03:45 10/03/2013]
C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton d------ [17:14 31/10/2011]
C:\Users\All Users\Norton d------ [09:06 18/02/2011]
C:\Users\All Users\NortonInstaller\Settings\Norton Security Suite\Norton d------ [03:45 10/03/2013]
C:\Users\Public\Downloads\Norton d------ [16:23 31/10/2011]
C:\_OTL\MovedFiles\04232013_224534\C_ProgramData\Norton d------ [02:46 24/04/2013]

========== filefind ==========

Searching for "Norton"
No files found.

========== regfind ==========

Searching for "Norton"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"DisplayName"="Norton Safe Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"URL"="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"FaviconPath"="C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\images\misc\Norton.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Norton]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AIM\Plugins\{6E6F3147-4D57-6A74-534C-396F426C6A6A}]
"Name"="Norton Safety Minder Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AIM\Plugins\{6E6F3147-4D57-6A74-534C-396F426C6A6A}]
"VendorUrl"="http://OnlineFamily.norton.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mbkkogpfmmfmppkbopdikooeibnjhfpi]
"path"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\Extensions\Chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9}]
"AppPath"="C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{535ED076-0FCD-4901-BB34-00073729D973}]
"AppPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"AppPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"APPDATA"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"BASEDIR"="C:\Program Files (x86)\Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"INSTALLDIR"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"PRODUCTNAME"="Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"NSM_BASEDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"NSM_INSTALLDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"NSM_PRODUCTNAME"="Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework]
"CoreFwPath"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework\FeaturePlugIns\WDBrPlgn]
"Path"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\WDBrPlgn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework\FF]
"EXTENSIONCONTRACTID"="@symantec.com/coSxSToolbar/NortonConfidentialSxS;2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework\FF]
"EXTENSIONNAME"="Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client]
"CCROOTx64"="C:\Program Files (x86)\Norton Online\Engine64\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client]
"CCROOT"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccJobMgr\DataPaths]
"Norton Online"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\Jobs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccJobMgr\DataPaths]
"Norton Safety Minder"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\Jobs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccService\Services\UserSession\ccJobMgr]
"ModulePath"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccJobMgr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccService\Services\UserSession\TrayIcon.dll]
"ModulePath"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\TrayIcon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccService\Services\UserSession\UserCtxt.dll]
"ModulePath"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\UserCtxt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"INSTALLDIR"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"INSTALLCACHEDIR"="C:\Program Files (x86)\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF\LicenseType\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"APPDATA"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"APPDATABASE"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"INSTALLDIR64"="C:\Program Files (x86)\Norton Online\Engine64\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"BRANDINGDIR"="C:\Program Files (x86)\Norton Online\Branding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"MUIDIR"="C:\Program Files (x86)\Norton Online\MUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"BASEDIR"="C:\Program Files (x86)\Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"LOGDIR"="C:\ProgramData\NortonInstaller\Logs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"CUSTOMSTARTMENU"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"APPDATAEXTENSION"="Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"SYMTEMP"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Temp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_SIGNATURESDIR"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\Signatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_APPDATA"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_INSTALLDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_INSTALLDIR64"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine64\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_INSTALLCACHEDIR"="C:\Program Files (x86)\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\AddOns\NSM\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_MUIDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\MUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_BASEDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_CUSTOMSTARTMENU"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DataStoreMgr\DSMount\NOF]
"FolderPath"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Framework"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DataStoreMgr\DSMount\NSM]
"FolderPath"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\Framework"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DING\PatchTracker\Norton Online]
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DING\PatchTracker\Norton Safety Minder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\OBJID\{524C9637-DD17-4569-A8B9-6ACCC42A5B16}]
"InProc32"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\TrayIcon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\OBJID\{542BA7AF-8EB9-449b-B094-B89E0D9407B5}]
"InProc32"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\TrayIcon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\OBJID\{88B9CFF7-C2E1-4984-9A11-81860B992E48}]
"InProc32"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\ntwc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"APPDATA"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"BASEDIR"="C:\Program Files (x86)\Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"INSTALLDIR"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"PRODUCTNAME"="Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework]
"CoreFwPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\coIDSafe]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIDSafe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\coSfShre]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coSfShre.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\SafeBrowse]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coWPPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\UIController]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coUICtlr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\WCID]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coWPPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FF]
"EXTENSIONCONTRACTID"="@symantec.com/coToolbar/NortonConfidential;5.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FF]
"EXTENSIONNAME"="Norton Identity Safe Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\IE]
"BHODISPLAYNAME"="Norton Identity Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\IE]
"TOOLBARDISPLAYNAME"="Norton Identity Safe Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client]
"CCROOT"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client]
"CCROOTx64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccGenericEvent\Global\Loggers]
"Norton Identity Safe"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccGEvt\Global\LM.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccGenericLog\Logs]
"Norton Identity Safe"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccGLog\ccGLog.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccJobMgr\DataPaths]
"Norton Identity Safe"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\Jobs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\ccJobMgr]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccJobMgr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\NCO Browser Settings Setup]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coDataPr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\NCO NEW Identity Safe Service]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coActMgr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\Symantec Alerting Application]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\cltAlDis.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\Symantec Integrity Monitor Application]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\cltPE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\UserCtxt.dll]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\UserCtxt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccSubSDK]
"ConfigPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CmnClnt\ccSubSDK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\Debug\CrashHandler]
"CallbackPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\Debug\ErrorClient]
"LogicalFailureCallback"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\Debug\ErrorClient]
"ProductName"="Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPID"="Symantec.Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPDATA"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPDATABASE"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"INSTALLDIR"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"INSTALLDIR64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"INSTALLCACHEDIR"="C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"BRANDINGDIR"="C:\Program Files (x86)\Norton Identity Safe\Branding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"MUIDIR"="C:\Program Files (x86)\Norton Identity Safe\MUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"BASEDIR"="C:\Program Files (x86)\Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"LOGDIR"="C:\ProgramData\NortonInstaller\Logs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"CUSTOMSTARTMENU"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPDATAEXTENSION"="Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"SYMTEMP"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\Temp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"CLMSTORAGE"="C:\ProgramData\Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\DataStoreMgr\DSMount\NCO]
"FolderPath"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\Framework"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\DING\Ping\Install]
"{C606BE13-9847-4DE3-95FE-4F35D43CD4D7}"="?module=9000&error=0&MID=5BFD73EF-03F2-11E1-AB28-984BE1A73C70&build=42573F3A8C874693BD730E5CDA3B2B0E&d=0&f=6.1.7601.1.0.1&g=5BFD73EF-03F2-11E1-AB28-984BE1A73C70&h=64000&i=0&l=0&language=09.01&product=Norton%20Identity%20Safe&q=IDSSLB&t=0&u=00000001&upgrade=0&v=8.3.0.58&version=2013.3.0.26&w=0&x=0&z=0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{26394572-A7A7-4b7c-AEE3-D4887A362675}]
"Inproc32"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{26394572-A7A7-4b7c-AEE3-D4887A362675}]
"Inproc64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{39AC6042-D137-4aa1-90BC-DC8AF1AEF700}]
"Inproc32"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{39AC6042-D137-4aa1-90BC-DC8AF1AEF700}]
"Inproc64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{4CC64CC5-0FA0-4816-AE3B-AEB6D2F4D0E4}]
"Inproc32"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diMaster.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{4CC64CC5-0FA0-4816-AE3B-AEB6D2F4D0E4}]
"Inproc64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26\diMaster.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{7B15AE53-35D6-4d48-819D-543F10A4695B}]
"Inproc32"="C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26\Engine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{9A25AE12-1C6B-48b9-95F5-EFCCF30488DC}]
"Inproc32"="C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26\Engine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Security History\Providers]
"{E6C17D69-A7BA-4b73-A13A-C42041B61F66}"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coMCPlug.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"NortonOnline"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"NortonOnlineData"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Product"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"Norton Safety Minder"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"DisplayName"="Norton Safe Search"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"URL"="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"FaviconPath"="C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\images\misc\Norton.ico"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Norton]
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe"="Norton Internet Security"

-= EOF =-



Thanks
Good Night
Mike

Hello Mike,

I guess you can see how the windows uninstaller leaves a bunch of leftovers


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses


:OTL

:Services

:Reg
[-HKEY_LOCAL_MACHINE\Software\Norton]
[-HKEY_CURRENT_USER\Software\Norton]

:Files
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\Users\All Users\Norton
C:\Users\All Users\NortonInstaller

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )





Then run another scan with SystemLook


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
Norton
:regfind
Norton

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Hello Ken,

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Norton\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Norton\ deleted successfully.
========== FILES ==========
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\A7CF412459E502F30CC44C40CB39F897 folder moved successfully.
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\4F6562674C3CDFBF77E9AB23D464A72D folder moved successfully.
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D} folder moved successfully.
C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB} folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\Signatures folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\nsm folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\itbNSMLUReg folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38 folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Lue\Logs folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Lue\Downloads folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Lue folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\itbLUReg folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Framework folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\diStRptr folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\diMaster folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Connections folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccSetMgr folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccJobMgr folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccGLog folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccGEvt\Global folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccGEvt folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26 folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} folder moved successfully.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\_lck folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton\LocalDumps folder moved successfully.
C:\ProgramData\Norton\00000083\00000033\1122 folder moved successfully.
C:\ProgramData\Norton\00000083\00000033 folder moved successfully.
C:\ProgramData\Norton\00000083 folder moved successfully.
C:\ProgramData\Norton\00000082\0000012c\00000663 folder moved successfully.
C:\ProgramData\Norton\00000082\0000012c folder moved successfully.
C:\ProgramData\Norton\00000082\00000114\000004e8 folder moved successfully.
C:\ProgramData\Norton\00000082\00000114 folder moved successfully.
C:\ProgramData\Norton\00000082 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton\ErrorManagement folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\N360_Norton\Product\SettingsMigration folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\N360_Norton\Product folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\N360_Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Exported folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Internet Security folder moved successfully.
C:\ProgramData\NortonInstaller\Settings folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-04-17-23h06m45s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-04-16-18h52m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-04-15-23h04m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
File\Folder C:\Users\All Users\Norton not found.
File\Folder C:\Users\All Users\NortonInstaller not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4939093 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13447160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04242013_222814

Files\Folders moved on Reboot...
C:\Users\ALEXIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCOLZN6K\showthread[3].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL logfile created on: 4/24/2013 10:36:13 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 51.66% Memory free
5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.03 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2013/04/23 22:46:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 16:34:47 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\erunt
[2013/04/16 19:00:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/15 23:01:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Windows Live Writer
[2013/04/15 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Windows Live Writer
[2013/04/14 20:59:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/14 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\tdsskiller
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:23:48 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 20:23:48 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 20:23:48 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 20:23:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 20:23:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 20:23:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

========== Files - Modified Within 30 Days ==========

[2013/04/24 22:38:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 22:38:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 22:31:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/24 22:30:55 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/24 22:30:51 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/23 23:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 23:00:48 | 000,139,264 | ---- | M] () -- C:\Users\ALEXIS\Desktop\SystemLook.exe
[2013/04/23 22:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/23 22:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/23 22:48:51 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/23 22:46:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/21 16:59:03 | 002,351,000 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:42:24 | 000,000,134 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:14 | 000,513,320 | ---- | M] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/18 22:56:34 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/18 00:13:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 23:15:24 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:48 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:50:43 | 002,218,636 | ---- | M] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

========== Files Created - No Company Name ==========

[2013/04/23 23:00:47 | 000,139,264 | ---- | C] () -- C:\Users\ALEXIS\Desktop\SystemLook.exe
[2013/04/21 16:59:03 | 002,351,000 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:42:24 | 000,000,134 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:12 | 000,513,320 | ---- | C] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/18 22:56:34 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/17 23:15:24 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:47 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:48:13 | 002,218,636 | ---- | C] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



One of Two

Two of Two


SystemLook 30.07.11 by jpshortstuff
Log created at 22:47 on 24/04/2013 by ALEXIS
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Norton"
C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton d------ [17:14 31/10/2011]
C:\Users\Public\Downloads\Norton d------ [16:23 31/10/2011]
C:\_OTL\MovedFiles\04232013_224534\C_ProgramData\Norton d------ [02:46 24/04/2013]
C:\_OTL\MovedFiles\04242013_222814\C_ProgramData\Norton d------ [09:06 18/02/2011]
C:\_OTL\MovedFiles\04242013_222814\C_ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton d------ [03:45 10/03/2013]

========== regfind ==========

Searching for "Norton"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"DisplayName"="Norton Safe Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"URL"="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"FaviconPath"="C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\images\misc\Norton.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AIM\Plugins\{6E6F3147-4D57-6A74-534C-396F426C6A6A}]
"Name"="Norton Safety Minder Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AIM\Plugins\{6E6F3147-4D57-6A74-534C-396F426C6A6A}]
"VendorUrl"="http://OnlineFamily.norton.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mbkkogpfmmfmppkbopdikooeibnjhfpi]
"path"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\Extensions\Chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9}]
"AppPath"="C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{535ED076-0FCD-4901-BB34-00073729D973}]
"AppPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"AppPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"NortonOnline"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"NortonOnlineData"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Product"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"Norton Safety Minder"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"DisplayName"="Norton Safe Search"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"URL"="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"FaviconPath"="C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\images\misc\Norton.ico"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe"="Norton Internet Security"

-= EOF =-


Thanks Again , KEN
Have a good night
Mike

Mike,

These are all harmless entries, try running the removal tool again.

Then you can try running this one and let it remove the registry entries, you just need the trial version

http://www.revouninstaller.com/


How is your system behaving now ?

Hello Ken,
I ran the Norton Removal Tool and i got the same window popped up .
I downloaded the revouninstaller but I cannot figure out how to use it.
Sorry about that.
Mike

Ken , I don't know if this will help.

Good Morning Mike,

Norton is gone, no folders or files that run it are left on your system, just some harmless leftover registry entries.

How is your system running now, are you ready to install Anti Virus on your system ?

Try this free one from Microsoft, I like it myself and have it on 2 of my systems

http://www.microsoft.com/en-us/download/details.aspx?id=5201

Hello Ken,
Yes I am ready. My pc boots very fast and it hasn't crashed lately.
The link gave me two choices I chose this ENUS\amd64\MSEInstall.exe .
I downloaded the program , it updated and ran a scan.

Is there anything else I need to do ? Can you give me any advice?
Best browser ?
This is my 16 year old daughter's pc and has been locked down the whole time . She asked me one time to download a program to control the pc from her Iphone and this is what happened. What Luck.

I have two other laptop pc's with the same Norton program with no apparent problems, that I know about. Can you help me clean them as this pc is now?

One other thing , I have a moble phone ( Samsung Galaxy S3 ) Can you recommend any kind of maintenance routine?

Thanks You Have Been A Big Help !!!
Mike

Hello Mike,

I have the Samsung Galaxy S3 as well, the best phone I have ever had, I'm partial to Droid and always have been. You can go to the Play Store and download and install Webroots Spysweeper ( Secure Anywhere Mobile ) it periodically scans your system for viruses and such, has a lot of features and one of them I like is that you can add phone calls and text messages you dont want to a blocked list.


It can get pretty confusing working more than one computer in a thread like this so why dont you do this, run this cleaner on the other computers and then start a new thread for each one , also run a scan with Spybot and post that log if it finds anything ( one at a time, may want to list it as my second computer ) run DDS and aswMBR and post the logs, if I miss it we have a great staff and someone else will pick it up, if Malwarebytes finds anything post that log as well, if it does not than let them know that you ran it and no threats where found.

Run this system cleaner, its free and yours to keep, the reason we didnt run it on this computer is because when we ran a fix with OTL i had it clean out all the temp files and other garbage that this program will do.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean



As far as browsers, never been a big fan of IE, its most times less secure than other browsers, used to be a Firefox faithful but lately I have really been loving Google Chrome, whatever rolls your socks.



We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 21, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Hello Ken,
Java is updated.
System restore point has been created and I ran the cleaner.
It will take some time to read everything from the links.
I learned a lot from you and thanks for all the maintenance / scan links.

Does Windows defender come into play with all this?


You said to run this cleaner (the TFC ? ) on the other computers and then start a new thread for each one with the DDS and aswMBR scans .

I will get to the second pc by Monday. If you could keep your eye out for it.

Thanks for the tip on the cell phone.
G s3 is a nice upgrade from HTC EVO.

I think ALL MY QUESTIONS HAVE BEEN ANSWERED ! :)

I do appliance repair , heating and A.C. and it rewarding to help other people in need. I am sure you must feel the same.


Thanks

Ken,
I did forget to ask you about a ( How to ) ( BACK-UP ) plan. :rolleyes:
Mike

Mike,

As far as Windows Defender, its ok to keep it, you can have 2 or 3 antimalware programs but when it comes to antivirus programs you only need one, more than one is overkill and can actually slow your system down and cause other problems, just use one, keep it updated and run regular scans.


Backups, depending on what you want to do, if its just a few pictures and documents you can just copy and paste them to a usb thumb drive, if your constantly adding to them and want to do regular backups I would suggest getting external hard drive, I am partial to Seagate and they have them at Costco for around $50, it comes with back up software that you can set to do regular backups of what ever folder or folders you want backed up and can also do a complete system backup as well.


Ken :)

Okay Ken,
I will give all the info you gave to my daguhter so we have another informed consumer.
Thanks for the help. I will now start on computer #2.
Is there anything else ? If not , Thanks :D:
I hope to work with you again.
Have a nice day!
Mike.

Your welcome Mike,

I will keep an eye out for you but remember when our helpers look for logs to work they take the oldest ones first, only fair way to do it.

Ken :)

Hello Ken , I understand.

OK Mike, I'll keep and eye