The infection prevents me from running aswMBR

**polij79** · 2013-04-02, 10:33

Please help, my child said " downloaded app for remote control of the pc from I phone 5. Since then pc flashes a blue screen and reboots. Also the infection prevents me from running aswMBR. I scaned with spybot 1.6 and it found some kind of trojan file but was unable to remove it. Thanks

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by ALEXIS at 2:33:30 on 2013-04-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.502 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uWindow Title = Internet explorer 10
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome&d=y
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TBSB05810 Class: {A7AF277D-1466-4A7B-93AF-B043984A5671} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Glarysoft Toolbar: {32D47EA5-9473-4CAD-805D-9999F15D5AE2} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll
uRun: [CrazyRemote] C:\Program Files (x86)\CrazyRemote\CrazyRemote.exe
uRun: [CrazyRemoteCommand] C:\Program Files (x86)\CrazyRemote\CrazyRemoteCommand.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\ALEXIS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\05F4C495A4739313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\07F6C697A6739313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\07F6C697A67393F5568747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\84F445D24555E414 : DHCPNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\84F445D24555E414F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{EC3332F1-66CF-436A-A22A-6B9189C30622} : DHCPNameServer = 192.168.1.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-15 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-15 28800]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403000.024\SymDS64.sys [2013-3-20 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403000.024\SymEFA64.sys [2013-3-20 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403000.024\ccSetx64.sys [2013-3-20 168096]
R1 ccSet_NOF;Norton Online Settings Manager;C:\Windows\System32\drivers\NOFx64\0203000.007\ccsetx64.sys [2012-2-9 167048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130330.001\IDSviA64.sys [2013-4-1 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403000.024\Ironx64.sys [2013-3-20 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys [2013-3-20 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-10 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2013-3-20 144520]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-1 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-1 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-18 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-20 138912]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-18 329832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-18 349800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-18 38528]
S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2013-3-10 168096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2011-10-31 36256]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-10-31 15360]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-10-31 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-28 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;C:\Windows\System32\drivers\NSMx64\0203000.011\symrdrs.sys [2012-2-9 218232]
S3 tapklink;Klink Virtual Network Adapter;C:\Windows\System32\drivers\tapklink.sys [2011-10-23 31232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-28 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-02 01:47:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-02 01:47:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-21 14:29:14 0 ----a-w- C:\Windows\SysWow64\sho4682.tmp
2013-03-21 04:18:17 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys
2013-03-21 04:18:17 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-21 02:19:15 796248 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\srtsp64.sys
2013-03-21 02:19:15 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\SymDS64.sys
2013-03-21 02:19:15 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys
2013-03-21 02:19:15 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\srtspx64.sys
2013-03-21 02:19:15 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\SymELAM.sys
2013-03-21 02:19:15 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\Ironx64.sys
2013-03-21 02:19:15 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\ccSetx64.sys
2013-03-21 02:19:15 1139800 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\SymEFA64.sys
2013-03-21 02:19:03 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403000.024
2013-03-21 02:19:03 -------- d-----w- C:\Windows\System32\drivers\NISx64
2013-03-21 02:19:01 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-03-20 22:24:55 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\offreg.dll
2013-03-20 18:25:57 -------- d-----w- C:\Users\ALEXIS\AppData\Local\Avg2013
2013-03-20 18:25:23 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\mpengine.dll
2013-03-20 08:06:07 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-03-20 03:30:39 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
2013-03-20 02:35:04 -------- d--h--w- C:\ProgramData\Common Files
2013-03-20 02:35:00 -------- d-----w- C:\Users\ALEXIS\AppData\Local\MFAData
2013-03-20 02:35:00 -------- d-----w- C:\ProgramData\MFAData
2013-03-20 02:16:52 -------- d-----w- C:\Users\ALEXIS\AppData\Local\Google
2013-03-20 02:08:53 -------- d-----w- C:\Program Files (x86)\Glarysoft Toolbar
2013-03-19 19:20:00 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-03-19 19:14:41 -------- d-----w- C:\ProgramData\CPA_VA
2013-03-19 17:00:57 20480 ----a-w- C:\Windows\svchost.exe
2013-03-19 16:17:44 -------- d-----w- C:\ProgramData\Comodo
2013-03-19 16:17:28 -------- d-----w- C:\Program Files (x86)\Comodo
2013-03-19 16:17:22 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-03-19 15:59:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-19 15:59:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-03-19 14:55:21 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS
2013-03-19 04:56:05 -------- d-----w- C:\Program Files\Symantec
2013-03-19 03:07:56 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-03-18 19:50:29 -------- d-----w- C:\Users\ALEXIS\AppData\Local\CyberLink
2013-03-18 19:31:24 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\Blio
2013-03-18 17:46:47 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2013-03-18 17:13:39 -------- d-----w- C:\Windows\SysWow64\BestPractices
2013-03-18 17:13:38 -------- d-----w- C:\Windows\System32\BestPractices
2013-03-18 17:13:35 -------- d-----w- C:\inetpub
2013-03-18 16:54:47 -------- d-----w- C:\ProgramData\Symantec
2013-03-18 03:28:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-03-18 03:28:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-03-18 03:11:36 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\Malwarebytes
2013-03-18 03:11:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-18 03:11:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-10 08:14:53 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys
2013-03-10 08:14:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD03000.01A
2013-03-10 08:14:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2013-03-10 08:14:18 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2013-03-10 05:00:31 -------- d-----w- C:\Program Files (x86)\MSECache
2013-03-10 04:50:24 -------- d-----w- C:\Windows\CheckSur
2013-03-10 03:15:39 -------- d-----w- C:\Users\ALEXIS\AppData\Local\Symantec
2013-03-10 02:47:24 -------- d-----w- C:\Users\ALEXIS\AppData\Local\NPE
2013-03-10 02:39:06 -------- d-----w- C:\Users\ALEXIS\AppData\Roaming\Tific
2013-03-08 03:35:46 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2013-03-21 02:20:01 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-03-19 02:55:16 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 02:55:16 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-30 10:53:22 273840 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 2:36:43.40 ===============

**ken545** · 2013-04-10, 00:55

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

**polij79** · 2013-04-11, 02:52

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.10.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ALEXIS :: ALEXIS-HP [administrator]

Protection: Enabled

4/10/2013 8:27:56 PM
mbam-log-2013-04-10 (20-27-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264911
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4396 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

**ken545** · 2013-04-11, 09:59

Good Morning,

svchost.exe <-- This is a legit windows file BUT, its home is in the system32 folder, this file was in the windows folder and is a virus, Malwarebytes removed it but it has a way of returning, so lets run another program and see what turns up

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**polij79** · 2013-04-12, 05:48

Hello, Thanks for taking the time to help me. I am unable to disable Norton as the Combfix states. I did right click on the system tray and disable the Norton Smart firewall & Anitvirus Auto-Protect. If I go to Norton in the system tray it now shows Enable Smart Firewall & Enable Antivirus Auto-Protect. I did not run the scan. ???

**ken545** · 2013-04-12, 11:09

Thats fine, as long as you just disabled them temporarily

So go ahead and run Combofix

**polij79** · 2013-04-13, 04:33

Hello, I ran scan and it got about 2 min. in and the blue screen popped up then pc crashed and rebooted.
Thanks

ComboFix 13-04-12.02 - ALEXIS 04/12/2013 21:40:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1098 [GMT -4:00]
Running from: c:\users\ALEXIS\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 )))))))))))))))))))))))))))))))
.
.
2013-04-13 01:56 . 2013-04-13 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-13 01:56 . 2013-04-13 01:56 -------- d-----w- c:\users\Alexis_2\AppData\Local\temp
2013-04-13 01:56 . 2013-04-13 01:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-11 00:35 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 00:24 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 00:21 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 06:20 . 2013-04-02 06:20 -------- d-----w- c:\program files (x86)\ERUNT
2013-04-02 01:47 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-04-02 01:47 . 2013-04-02 01:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-21 14:29 . 2013-03-21 14:29 0 ----a-w- c:\windows\SysWow64\sho4682.tmp
2013-03-21 04:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-21 04:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 02:19 . 2013-03-21 02:19 -------- d-----w- c:\windows\system32\drivers\NISx64
2013-03-21 02:19 . 2013-03-21 02:19 -------- d-----w- c:\program files (x86)\Norton Internet Security
2013-03-20 22:24 . 2013-03-20 22:24 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\offreg.dll
2013-03-20 18:25 . 2013-03-20 18:29 -------- d-----w- c:\users\ALEXIS\AppData\Local\Avg2013
2013-03-20 18:25 . 2013-02-19 08:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65A6DE65-75DF-4AAC-841E-72219CAD9C3F}\mpengine.dll
2013-03-20 08:06 . 2013-03-20 08:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-20 03:30 . 2013-03-20 03:30 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\TuneUp Software
2013-03-20 02:35 . 2013-03-20 02:35 -------- d--h--w- c:\programdata\Common Files
2013-03-20 02:35 . 2013-03-20 18:29 -------- d-----w- c:\programdata\MFAData
2013-03-20 02:35 . 2013-03-20 02:35 -------- d-----w- c:\users\ALEXIS\AppData\Local\MFAData
2013-03-20 02:16 . 2013-03-20 02:16 -------- d-----w- c:\users\ALEXIS\AppData\Local\Google
2013-03-20 02:16 . 2013-03-21 02:17 -------- d-----w- c:\program files (x86)\Google
2013-03-20 02:08 . 2013-03-20 23:24 -------- d-----w- c:\program files (x86)\Glarysoft Toolbar
2013-03-19 19:20 . 2013-03-19 19:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-03-19 19:14 . 2013-03-19 19:20 -------- d-----w- c:\programdata\CPA_VA
2013-03-19 16:17 . 2013-03-20 19:14 -------- d-----w- c:\programdata\Comodo
2013-03-19 16:17 . 2013-03-20 01:54 -------- d-----w- c:\program files (x86)\Comodo
2013-03-19 16:17 . 2013-03-19 16:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-03-19 15:59 . 2013-04-02 04:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-19 15:59 . 2013-04-02 01:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-03-19 14:55 . 2013-03-19 14:55 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-03-19 04:56 . 2013-03-21 02:20 -------- d-----w- c:\program files\Symantec
2013-03-19 03:07 . 2013-04-02 04:21 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-03-18 19:50 . 2013-03-18 19:50 -------- d-----w- c:\users\ALEXIS\AppData\Local\CyberLink
2013-03-18 19:31 . 2013-03-18 19:31 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\Blio
2013-03-18 17:46 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-03-18 17:15 . 2013-03-19 01:46 131072 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-18 17:13 . 2013-03-18 17:13 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-03-18 17:13 . 2013-03-18 17:13 -------- d-----w- c:\windows\system32\BestPractices
2013-03-18 17:13 . 2013-03-18 17:13 -------- d-----w- C:\inetpub
2013-03-18 16:54 . 2013-03-18 16:54 -------- d-----w- c:\programdata\Symantec
2013-03-18 03:28 . 2013-03-20 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-18 03:28 . 2013-03-18 03:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-03-18 03:11 . 2013-03-18 03:11 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\Malwarebytes
2013-03-18 03:11 . 2013-03-18 03:11 -------- d-----w- c:\programdata\Malwarebytes
2013-03-18 03:11 . 2013-04-11 00:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-16 19:30 . 2013-04-02 05:51 -------- d-----w- c:\users\Public\CyberLink
2013-03-16 19:30 . 2013-03-16 19:30 -------- d-----w- c:\users\ALEXIS\AppData\Roaming\CyberLink
2013-03-15 17:18 . 2013-03-20 08:03 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 02:44 . 2012-03-20 00:43 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-21 02:20 . 2011-10-31 16:30 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-19 02:55 . 2012-04-01 21:24 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 02:55 . 2012-04-01 21:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-19 16:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-19 16:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-19 16:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-19 16:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-19 16:30 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-19 16:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2011-10-31 18:21 273840 ----a-w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 05:25 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 05:25 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 05:25 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 05:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 05:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 05:25 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 05:25 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 05:25 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 05:25 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 05:25 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 05:25 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 05:25 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 05:25 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 05:25 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 05:25 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 05:25 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 05:25 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 05:25 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 05:25 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 05:25 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 05:25 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 05:25 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 05:25 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 05:25 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 05:25 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 05:25 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 05:25 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 05:25 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 05:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 05:25 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 05:25 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 05:25 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 05:25 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 05:25 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 05:25 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 05:25 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 05:25 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 05:25 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 05:25 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 05:25 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 05:25 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe" [2013-03-19 706776]
.
c:\users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [x]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2012-11-16 168096]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-14 36256]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [2011-11-17 218232]
R3 tapklink;Klink Virtual Network Adapter;c:\windows\system32\DRIVERS\tapklink.sys [2011-10-23 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-04 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130411.001\IDSvia64.sys [2013-03-20 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-09 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:55]
.
2013-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002Core.job
- c:\users\Alexis_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 17:49]
.
2013-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
- c:\users\Alexis_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 17:49]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 02:16]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 02:16]
.
2013-03-20 c:\windows\Tasks\HPCeeScheduleForALEXIS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-04-02 c:\windows\Tasks\HPCeeScheduleForALEXIS.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome&d=y
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A7AF277D-1466-4A7B-93AF-B043984A5671} - c:\program files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll
Toolbar-{32D47EA5-9473-4CAD-805D-9999F15D5AE2} - c:\program files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-CrazyRemote - c:\program files (x86)\CrazyRemote\CrazyRemote.exe
Wow6432Node-HKCU-Run-CrazyRemoteCommand - c:\program files (x86)\CrazyRemote\CrazyRemoteCommand.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{B8E07826-0971-4F16-B133-047B88034E89}"=hex:51,66,7a,6c,4c,1d,38,12,48,7b,f3,
bc,43,47,78,0a,ce,25,47,3b,8d,5d,0a,9d
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E11DB59D-5008-42FF-9069-535843BC0BE1}"=hex:51,66,7a,6c,4c,1d,38,12,f3,b6,0e,
e5,3a,1e,91,07,ef,7f,10,18,46,e2,4f,f5
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:94,bf,45,1f,3e,16,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,96,85,16,c7,8d,bb,42,81,36,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,96,85,16,c7,8d,bb,42,81,36,f3,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-12 22:13:51
ComboFix-quarantined-files.txt 2013-04-13 02:13
.
Pre-Run: 241,587,027,968 bytes free
Post-Run: 242,476,957,696 bytes free
.
- - End Of File - - C41D084AD39BBB924124E6506E49507F

**ken545** · 2013-04-13, 11:29

Good Morning,

Looks like CF didn't find anything bad, lets take a deeper look

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**polij79** · 2013-04-14, 05:20

THANKS AGIAN,

OTL logfile created on: 4/13/2013 10:45:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 7.92% Memory free
5.49 Gb Paging File | 2.64 Gb Available in Paging File | 48.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.05 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\eng64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S00829^us&si=COP6wqWjxq8CFQhN4AodIBwAaw&ptb=37F905BE-4526-443B-AFCB-2222DF604173&psa=&ind=2012042112&st=sb&n=77ed5380&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/20 22:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/13 22:24:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2013/03/19 15:10:28 | 000,446,020 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 22:21:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/20 22:19:15 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013/03/20 22:19:15 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013/03/20 22:19:15 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013/03/20 22:19:15 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013/03/20 22:19:15 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013/03/20 22:19:15 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013/03/20 22:19:15 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013/03/20 22:19:15 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403000.024
[2013/03/20 22:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/03/20 22:19:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/03/20 14:25:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Avg2013
[2013/03/20 04:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 04:06:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/19 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2013/03/19 22:35:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\MFAData
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/19 22:16:52 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Google
[2013/03/19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/19 22:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft Toolbar
[2013/03/19 15:20:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/19 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/03/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/03/19 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/03/19 12:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/03/19 12:17:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/03/19 10:55:21 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 00:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/18 23:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/03/18 15:50:29 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\CyberLink
[2013/03/18 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Documents\Blio
[2013/03/18 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/18 13:46:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/03/18 13:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/03/18 13:13:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/03/18 13:13:35 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/03/18 12:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/17 23:11:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Malwarebytes
[2013/03/17 23:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/17 23:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/16 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\CyberLink
[2013/03/15 13:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/13 22:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/13 22:53:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/13 22:28:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 22:28:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 22:20:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 22:20:34 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 22:20:31 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 22:16:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/12 21:14:26 | 001,820,129 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/02 01:13:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/25 21:18:19 | 000,001,290 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton Installation Files.lnk
[2013/03/21 09:35:08 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/21 09:35:08 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/21 09:35:08 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/20 22:20:01 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/20 22:20:01 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/20 22:20:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/20 22:19:47 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 15:11:49 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/20 13:55:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002Core.job
[2013/03/20 12:28:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS-HP$.job
[2013/03/19 15:10:28 | 000,446,020 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/19 12:54:05 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/19 12:17:44 | 000,001,069 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 12:17:22 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 10:55:21 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 01:08:16 | 002,033,827 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:55:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/18 22:55:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/18 22:38:39 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:35:02 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:48:30 | 667,746,304 | ---- | M] () -- C:\NBRT.iso
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/20 22:50:34 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013/03/20 22:20:23 | 001,820,129 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/03/20 22:19:47 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 22:19:04 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013/03/20 22:19:04 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013/03/20 22:19:04 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013/03/20 22:19:04 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013/03/20 22:19:04 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013/03/20 22:19:04 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013/03/20 22:19:04 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013/03/20 22:19:04 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013/03/20 22:19:03 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013/03/20 22:19:03 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013/03/20 22:19:03 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013/03/20 22:19:03 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013/03/20 22:19:03 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013/03/20 22:19:03 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013/03/20 22:19:03 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013/03/20 22:19:03 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013/03/20 22:19:03 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013/03/20 22:19:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013/03/20 19:34:00 | 592,407,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/20 05:42:34 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 22:17:21 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 22:17:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/19 12:21:53 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/19 12:17:44 | 000,001,069 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 01:07:50 | 002,033,827 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:38:33 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:34:58 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:47:38 | 667,746,304 | ---- | C] () -- C:\NBRT.iso
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ID Vault
[2011/12/11 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Leadertech
[2011/11/08 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ooVoo Details
[2011/10/31 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\PictureMover
[2011/10/31 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Synaptics
[2013/03/09 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Tific
[2012/10/11 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TP
[2013/03/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2012/11/26 20:07:05 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Audacity
[2011/10/31 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ID Vault
[2011/11/09 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ooVoo Details
[2011/10/31 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\PictureMover
[2012/10/18 03:50:48 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\SoftGrid Client
[2011/10/31 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Synaptics
[2012/09/29 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Unified Remote
[2011/11/20 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\WildTangent
[2011/10/31 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ID Vault
[2011/10/31 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics

========== Purity Check ==========

< End of report >

**polij79** · 2013-04-14, 05:25

Here is the other log.

OTL Extras logfile created on: 4/13/2013 10:45:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 7.92% Memory free
5.49 Gb Paging File | 2.64 Gb Available in Paging File | 48.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.05 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BF1EA0-0FE6-414C-91C2-6B722950DFD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0E0DFF44-6C95-4B26-BECB-9C8CDA312741}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0E41D32C-E821-45E4-812B-7DC733AB1183}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EC747D3-20E9-43DE-9170-945ACF246FCC}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EDF7256-95C2-4CC3-8C4D-C1C8F68AB10B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FF08B4C-ACDF-4C81-9CFC-244516263129}" = lport=139 | protocol=6 | dir=in | app=system |
"{1097BA28-26C6-4B30-A271-16F761D4F6A8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B2F8F57-F3C8-429A-86FC-E7D1EAD53EC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2097C0CE-9206-41CF-B0A9-4EA1D6DC94EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{218BCB7F-1202-4D3A-A194-81D61E5E60BB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{224F20E8-5C52-4DC1-A2A0-23400A2C1241}" = rport=137 | protocol=17 | dir=out | app=system |
"{298A7A10-5F3A-4DD2-9759-DF7911A30CDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C69C168-C811-451F-93D7-A883F49E5097}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F75CE7B-4154-41C5-AB2D-496E438032A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34131AAA-7557-46B3-9380-61F755E9E618}" = lport=137 | protocol=17 | dir=in | app=system |
"{350746CB-2193-4B16-8B3F-3CFDC63B2E1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A801AE6-504D-46D9-A3A8-2509222DC100}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{5FE4215F-BC85-412C-A6A7-18828485DC1D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62A298BE-476B-4D8E-81E7-75C3A5BE481C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6552A4BC-DB2E-46E6-B6EC-CEDB5A0E0B4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7931E844-6E20-49A6-BBAE-EC21974223B5}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{85925587-3E4E-4C4E-BB9B-49DC5F5EBDAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{860F05F3-44CC-46D4-B0CA-45D9AF585857}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95A512DD-85B4-4829-A687-8767B0076CD2}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{995C4B7E-ECA4-48CF-85C4-D5F48037CE83}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BA807AE-F5A3-4AEC-81B1-50D5CD973AA0}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{A3B93A91-66E5-41F1-8543-C02920138924}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B6542D87-B214-43CA-8F84-5D366A768EE9}" = lport=138 | protocol=17 | dir=in | app=system |
"{CECE2F2F-7A9D-4D9B-9A1F-6394A45D46B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF726E9B-6FF8-474D-9B85-956AE17995A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F11A00C1-25CF-4299-8189-1F5820CDF0DC}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0341583C-9C9D-41F8-A913-A876E43334DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{062D8C0E-5374-4AAE-8B0A-444E6B789485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09A04E22-46F6-47D5-BC6C-137E1E2D29C9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0DBF634C-940A-4082-ADC6-3E9938E34529}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B4C7DBA-8224-4E10-83BE-6FE4A05C2E4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E4D25E8-4449-4B75-BB10-EB937F508E8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3411D7A2-1232-422C-B9C2-D03E55301847}" = protocol=6 | dir=out | app=system |
"{35800A37-6A87-4B9A-8E5A-85982A0B5CFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39E77B14-F7AE-4101-8387-8B7358E36333}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EA1B887-D989-40F5-B721-B28383C0F07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4088882E-1259-4E5C-8ED8-71CD274D85E1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43004E56-3E28-4866-A911-AE85767DEC15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E5737BC-BDB8-42E6-9C6A-6EB049CC2EC7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F2FA1BE-09BD-4068-A97B-58DC87E4D561}" = protocol=17 | dir=in | app=c:\program files (x86)\crazyremote\crazyremoteserver.exe |
"{5F6174C7-D84A-4BAF-A7CF-74DFBB8E3E30}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{61867C53-0F98-45A0-A9C4-365B25858AAF}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{6230BE78-4FCE-48B7-B285-C14B0EF3A4F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{661D040C-63F4-4AF6-B49F-9879A8A2A9FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6666E847-781F-4CAD-A46D-31F4EF16A3CF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{67923C34-4F64-4544-9261-8E774EEC7EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7BAFBBC1-445E-404D-91CE-A4CCB0F928D1}" = protocol=6 | dir=in | app=c:\program files (x86)\crazyremote\crazyremoteserver.exe |
"{7F5973F4-276E-4FE6-A6DD-EF4D4373E549}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80A428DD-41B4-4CC9-8FD3-5537925E05E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84E81759-DCFF-4B55-946B-157BECA75563}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{887C90B4-995B-400D-BD42-1991960B98B3}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{8AC78085-CD9E-499F-AFF3-595DBC55EA86}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9288D735-6872-42B2-836F-8A16E0C79FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{970A0EA8-48DC-4640-8D4D-F92EB4DA9E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{A22B6A9E-D5A2-4A1B-A62F-F21AF8C8A81A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADA3EC3B-17CE-48E3-935D-B20D9D13931A}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{B6C85432-69F2-4A4F-A468-C506DB44D487}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFD2CC1E-039B-49AC-A5BC-2E5259C553A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2FBBA4A-3131-4913-9400-4B35E7540374}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4800E9B-8073-4679-A08A-0E47531177A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C8F58E1F-90EF-4B3D-8FDB-58AD62C520C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF74F4B9-78F2-4D41-83DB-7B850E439731}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7BE6AAD-4E32-4F56-A451-6BE0F6D427E4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{DBC94D72-5A99-4FFE-80C1-0C652C046EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\crazyremote\crazyremoteserver.exe |
"{DE955C66-2784-42A9-AECD-33846957A1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D2E477-8524-4294-9D6A-D8481328389F}" = HP Software Framework
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
"{4913D614-14AA-4728-B32C-678467E5AD58}" = HP Documentation
"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0C0A-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Spanish) 2010
"{90140000-0017-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{F26F86C8-AC71-413C-B432-CD0007FD9C33}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.OMUI.es-es_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.es-es_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.es-es_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.OMUI.es-es_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.OMUI.es-es_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.OMUI.es-es_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.OMUI.es-es_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0C0A-0000-0000000FF1CE}" = Microsoft Office O MUI (Spanish) 2010
"{90140000-0100-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{59DDF6A6-FD7E-4A78-968A-0FDBACB8B91C}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0C0A-0000-0000000FF1CE}" = Microsoft Office X MUI (Spanish) 2010
"{90140000-0101-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{4EB53E7C-9760-4670-AEF4-797A479CC67B}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.OMUI.es-es" = Microsoft Office Language Pack 2010 - Spanish/Español
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2013 6:14:45 AM | Computer Name = ALEXIS-HP | Source = AntiSpywareService | ID = 0
Description =

Error - 3/20/2013 6:39:41 AM | Computer Name = ALEXIS-HP | Source = AntiSpywareService | ID = 0
Description =

Error - 3/20/2013 6:59:04 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x71716bf1 Faulting process id: 0x1090 Faulting application
start time: 0x01ce25571020c9a7 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 2d80da17-914d-11e2-89df-984be1a73c70

Error - 3/20/2013 7:28:01 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000029 Fault offset: 0x00013ce2 Faulting process id: 0x1a10 Faulting application
start time: 0x01ce255a691d4b1f Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 39031e6a-9151-11e2-89df-984be1a73c70

Error - 3/20/2013 7:53:08 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x9366016d Faulting process id: 0x143c Faulting application
start time: 0x01ce255e562ab021 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: babbae8a-9154-11e2-89df-984be1a73c70

Error - 3/20/2013 8:29:12 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x43316c09 Faulting process id: 0xab8 Faulting application
start time: 0x01ce2561af7b0f52 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: c4b91e4e-9159-11e2-89df-984be1a73c70

Error - 3/20/2013 9:00:06 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xc1976d7f Faulting process id: 0x1404 Faulting application
start time: 0x01ce2566e982629c Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 15ff0fc6-915e-11e2-89df-984be1a73c70

Error - 3/20/2013 10:44:07 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x001d9ab6 Faulting process
id: 0x1b2c Faulting application start time: 0x01ce256b11ceb32a Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 9dd036d6-916c-11e2-89df-984be1a73c70

Error - 3/20/2013 11:15:40 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x0041805a Faulting process
id: 0x1b64 Faulting application start time: 0x01ce2579a29859e0 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 06679595-9171-11e2-89df-984be1a73c70

Error - 3/20/2013 11:48:17 AM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x314dd86b Faulting process id: 0x1970 Faulting application
start time: 0x01ce257dfb6bc3da Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 94c301dd-9175-11e2-89df-984be1a73c70

Error - 3/20/2013 12:03:08 PM | Computer Name = ALEXIS-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x001d9ab6 Faulting process
id: 0x1cf0 Faulting application start time: 0x01ce2582b98e9bea Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: a7b72f58-9177-11e2-89df-984be1a73c70

[ Hewlett-Packard Events ]
Error - 2/25/2013 9:55:21 AM | Computer Name = ALEXIS-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/25/2013 9:56:12 AM | Computer Name = ALEXIS-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/25/2013 9:59:06 AM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 3/9/2013 10:07:30 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 3/9/2013 10:08:27 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 3/9/2013 10:09:03 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 3/18/2013 9:58:18 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 3/19/2013 6:52:58 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 4/1/2013 9:15:55 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 4/2/2013 9:23:29 PM | Computer Name = ALEXIS-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]
Error - 2/25/2013 5:18:25 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/25/2013 5:23:58 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2/25/2013 5:45:34 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2/28/2013 7:07:01 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2/28/2013 10:06:20 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/1/2013 1:18:51 AM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/7/2013 10:22:36 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/14/2013 8:07:46 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/16/2013 4:00:27 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/18/2013 12:37:16 PM | Computer Name = ALEXIS-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Spybot - Search and Destroy Events ]
Error - 4/1/2013 10:29:04 PM | Computer Name = ALEXIS-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 4/12/2013 9:16:46 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ccSet_NST

Error - 4/12/2013 9:25:11 PM | Computer Name = ALEXIS-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:22:51 PM on ?4/?12/?2013 was unexpected.

Error - 4/12/2013 9:25:27 PM | Computer Name = ALEXIS-HP | Source = BugCheck | ID = 1001
Description =

Error - 4/12/2013 9:26:49 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ccSet_NST

Error - 4/12/2013 9:27:13 PM | Computer Name = ALEXIS-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 4/12/2013 9:46:38 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/12/2013 9:59:30 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/12/2013 10:42:28 PM | Computer Name = ALEXIS-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).

Error - 4/13/2013 10:21:09 PM | Computer Name = ALEXIS-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ccSet_NST

Error - 4/13/2013 10:21:21 PM | Computer Name = ALEXIS-HP | Source = WMPNetworkSvc | ID = 866300
Description =

< End of report >

Thread: The infection prevents me from running aswMBR

Thread Tools

Display

The infection prevents me from running aswMBR

Posting Permissions