The infection prevents me from running aswMBR

[polij79]

Hello Again Ken545,
Prompted me to download that removal tool and reinstall the program.
When PC started to act up Norton . Okay here is the log.

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALEXIS\Downloads\cmd.bat deleted successfully.
C:\Users\ALEXIS\Downloads\cmd.txt deleted successfully.
C:\Program Files (x86)\Glarysoft Toolbar\toolbar folder moved successfully.
C:\Program Files (x86)\Glarysoft Toolbar folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 4666142 bytes
->Temporary Internet Files folder emptied: 19516667 bytes
->Java cache emptied: 99449 bytes
->Flash cache emptied: 122282 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154847142 bytes
->Java cache emptied: 233416 bytes
->Flash cache emptied: 113645 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18649425 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72290015 bytes
RecycleBin emptied: 251459 bytes

Total Files Cleaned = 258.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04162013_190029


Thank You
Mike

 

[polij79]

Ken545,

What I wanted to say was.

When the PC started to act up Norton prompted me to download that removal tool and reinstall the program.

Mike

 

[ken545]

Did you download the proper tool for your version of Norton, when you run it from the desktop you need to right click the icon and select RUN AS ADMINISTRATOR . It should automatically start the uninstall process

 

[polij79]

Hello Ken ,
I am not sure what removal tool I need . I tried the one on my desktop. When I tried to run as you said, a window pops up . See att. So i went to the programs install/uninstall, and removed thr only synmatic program there. Then I tried the removal tool again and got the same screen pop up. ????

 

[polij79]

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALEXIS\Downloads\cmd.bat deleted successfully.
C:\Users\ALEXIS\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\Glarysoft Toolbar not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 5085822 bytes
->Temporary Internet Files folder emptied: 6993845 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13450280 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04172013_235627

Files\Folders moved on Reboot...
File\Folder C:\Users\ALEXIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV8NNRTU\showthread[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[polij79]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ALEXIS :: ALEXIS-HP [administrator]

Protection: Enabled

4/18/2013 12:15:05 AM
mbam-log-2013-04-18 (00-15-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264554
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Ken

How do we know if norton has been removed correctly? If not , now what?
Please note: I am trying to do what you want me to do.
THANKS FOR YOUR PATIENTS
Mike

 

[polij79]

I can not see any (my websearch ) or the ask toolbar. I do see Norton in the All Programs but not in the Programs uninstall.



Have a good day or night.
Mike

 

[polij79]

Note: I did go to your norton link and checked the removal tool.It was same as on the desktop.

 

[ken545]

Mike,

The tool your running is for Winfax Pro, you need the tool for Norton Internet Security, drag the one you have now on your desktop to the trash and download this one

https://support.norton.com/sp/en/us/home/current/solutions/kb20080828154508EN_EndUserProfile_en_us?

 

[polij79]

Ken ,

I did what you said. moved all Norton removal tools on the desktop to the trash. double clicked on your link. I ran that removal tool and got the same popup window.

Mike

 

[ken545]

Good Morning Mike,

Go ahead and uninstall Norton Antivirus via Programs and Features in the Control Panel. Do you use WinFaxPro, if not remove it also. Then run the removal tool . If this fails then I will link you to the Norton forum where you can get help with there products

 

[polij79]

Hello Ken,
I removed Norton from the control panel . I never installed WinfaxPro.
I did a search from Start, search programs & file of Norton and Winfaxpro and the only thing that shows is the Norton removal tool. If I run the Norton removal tool from your link I get that window with the winfax pro. ????????

 

[polij79]

Hello Ken,
I found this on the Norton forum. Do you think I should do it , and how?

 

[ken545]

Try this first Mike

https://support.norton.com/sp/en/us/home/current/solutions/kb20090526171553EN_EndUserProfile_en_us


Then if a no go do this

Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Delrina]
[-HKEY_CURRENT_USER\Software\Delrina]
[-HKEY_USERS\.DEFAULT\Software\Delrina]

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

Then reboot and give the Removal Tool another shot

 

[polij79]

Ken ,
The Regfix on my desktop looks like the one you posted. I ran the Norton Tool again and got the same results.
Thanks
Mike

 

[ken545]

Hi,

You need to be more specific , did you run the regfix ? Lets do a new scan with OTL and post the log and lets see if we can get rid of it that way

 

[polij79]

Hello Ken,

Yes, I did run the Regfix as you said . I then did a reboot and ran the removal tool.

OTL logfile created on: 4/22/2013 9:46:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.41% Memory free
5.49 Gb Paging File | 4.11 Gb Available in Paging File | 74.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.78 Gb Free Space | 79.90% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\


O1 HOSTS File: ([2013/04/17 23:56:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 16:34:47 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\erunt
[2013/04/16 19:00:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/15 23:01:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Windows Live Writer
[2013/04/15 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Windows Live Writer
[2013/04/14 20:59:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/14 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\tdsskiller
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:23:48 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 20:23:48 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 20:23:48 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 20:23:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 20:23:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 20:23:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

========== Files - Modified Within 30 Days ==========

[2013/04/22 21:44:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 21:44:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 21:37:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 21:37:20 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 21:37:14 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/21 16:59:03 | 002,351,000 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/21 16:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/21 16:42:24 | 000,000,134 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:14 | 000,513,320 | ---- | M] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/19 22:16:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/18 22:56:34 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/18 00:13:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 23:56:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/17 23:15:24 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:48 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:50:43 | 002,218,636 | ---- | M] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/02 01:13:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

========== Files Created - No Company Name ==========

[2013/04/21 16:59:03 | 002,351,000 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:42:24 | 000,000,134 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:12 | 000,513,320 | ---- | C] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/18 22:56:34 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/17 23:15:24 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:47 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:48:13 | 002,218,636 | ---- | C] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ID Vault
[2011/12/11 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Leadertech
[2011/11/08 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ooVoo Details
[2011/10/31 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\PictureMover
[2011/10/31 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Synaptics
[2013/03/09 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Tific
[2012/10/11 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TP
[2013/03/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2013/04/15 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


Good night Ken

 

[ken545]

Good Morning,

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
  DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
  DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

You will need the 64 bit version of this tool

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :folderfind
  Norton
  :filefind
  Norton
  :regfind
  Norton

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[polij79]

Hello
Here we go Ken,

All processes killed
========== PROCESSES ==========
========== OTL ==========
Service ccSet_NST stopped successfully!
Service ccSet_NST deleted successfully!
C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys moved successfully.
Service SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} stopped successfully!
Service SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} deleted successfully!
C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys moved successfully.
Error: Unable to stop service ccSet_NOF!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSet_NOF deleted successfully.
C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}\ not found.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\content folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\components folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\chrome\skin folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\chrome folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F04D2D30-776C-4d02-8627-8E4385ECA58D}\ not found.
File C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALEXIS\Downloads\cmd.bat deleted successfully.
C:\Users\ALEXIS\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ALEXIS
->Temp folder emptied: 2417173 bytes
->Temporary Internet Files folder emptied: 27542623 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 720 bytes

User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13468468 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2606621 bytes

Total Files Cleaned = 44.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04232013_224534

Files\Folders moved on Reboot...
C:\Users\ALEXIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9F20L4N\showthread[2].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



One of two
Mike

 

[polij79]

Two of Two


SystemLook 30.07.11 by jpshortstuff
Log created at 23:03 on 23/04/2013 by ALEXIS
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Norton"
C:\ProgramData\Norton d------ [09:06 18/02/2011]
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton d------ [03:45 10/03/2013]
C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton d------ [17:14 31/10/2011]
C:\Users\All Users\Norton d------ [09:06 18/02/2011]
C:\Users\All Users\NortonInstaller\Settings\Norton Security Suite\Norton d------ [03:45 10/03/2013]
C:\Users\Public\Downloads\Norton d------ [16:23 31/10/2011]
C:\_OTL\MovedFiles\04232013_224534\C_ProgramData\Norton d------ [02:46 24/04/2013]

========== filefind ==========

Searching for "Norton"
No files found.

========== regfind ==========

Searching for "Norton"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"DisplayName"="Norton Safe Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"URL"="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"FaviconPath"="C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\images\misc\Norton.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Norton]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AIM\Plugins\{6E6F3147-4D57-6A74-534C-396F426C6A6A}]
"Name"="Norton Safety Minder Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AIM\Plugins\{6E6F3147-4D57-6A74-534C-396F426C6A6A}]
"VendorUrl"="http://OnlineFamily.norton.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mbkkogpfmmfmppkbopdikooeibnjhfpi]
"path"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\Extensions\Chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9}]
"AppPath"="C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{535ED076-0FCD-4901-BB34-00073729D973}]
"AppPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"AppPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"APPDATA"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"BASEDIR"="C:\Program Files (x86)\Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"INSTALLDIR"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"PRODUCTNAME"="Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"NSM_BASEDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"NSM_INSTALLDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}]
"NSM_PRODUCTNAME"="Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework]
"CoreFwPath"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework\FeaturePlugIns\WDBrPlgn]
"Path"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\WDBrPlgn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework\FF]
"EXTENSIONCONTRACTID"="@symantec.com/coSxSToolbar/NortonConfidentialSxS;2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Browser Framework\FF]
"EXTENSIONNAME"="Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client]
"CCROOTx64"="C:\Program Files (x86)\Norton Online\Engine64\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client]
"CCROOT"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccJobMgr\DataPaths]
"Norton Online"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\Jobs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccJobMgr\DataPaths]
"Norton Safety Minder"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\Jobs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccService\Services\UserSession\ccJobMgr]
"ModulePath"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccJobMgr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccService\Services\UserSession\TrayIcon.dll]
"ModulePath"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\TrayIcon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\ccService\Services\UserSession\UserCtxt.dll]
"ModulePath"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\UserCtxt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"INSTALLDIR"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"INSTALLCACHEDIR"="C:\Program Files (x86)\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF\LicenseType\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"APPDATA"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"APPDATABASE"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"INSTALLDIR64"="C:\Program Files (x86)\Norton Online\Engine64\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"BRANDINGDIR"="C:\Program Files (x86)\Norton Online\Branding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"MUIDIR"="C:\Program Files (x86)\Norton Online\MUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"BASEDIR"="C:\Program Files (x86)\Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"LOGDIR"="C:\ProgramData\NortonInstaller\Logs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"CUSTOMSTARTMENU"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"APPDATAEXTENSION"="Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"SYMTEMP"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Temp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_SIGNATURESDIR"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\Signatures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_APPDATA"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_INSTALLDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_INSTALLDIR64"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine64\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_INSTALLCACHEDIR"="C:\Program Files (x86)\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\AddOns\NSM\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_MUIDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\MUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_BASEDIR"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\Common Client\PathExpansionMap]
"NSM_CUSTOMSTARTMENU"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Safety Minder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DataStoreMgr\DSMount\NOF]
"FolderPath"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Framework"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DataStoreMgr\DSMount\NSM]
"FolderPath"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\Framework"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DING\PatchTracker\Norton Online]
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\DING\PatchTracker\Norton Safety Minder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\OBJID\{524C9637-DD17-4569-A8B9-6ACCC42A5B16}]
"InProc32"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\TrayIcon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\OBJID\{542BA7AF-8EB9-449b-B094-B89E0D9407B5}]
"InProc32"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\TrayIcon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\OBJID\{88B9CFF7-C2E1-4984-9A11-81860B992E48}]
"InProc32"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\ntwc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"APPDATA"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"BASEDIR"="C:\Program Files (x86)\Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"INSTALLDIR"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}]
"PRODUCTNAME"="Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework]
"CoreFwPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\coIDSafe]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIDSafe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\coSfShre]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coSfShre.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\SafeBrowse]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coWPPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\UIController]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coUICtlr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FeaturePlugIns\WCID]
"Path"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coWPPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FF]
"EXTENSIONCONTRACTID"="@symantec.com/coToolbar/NortonConfidential;5.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\FF]
"EXTENSIONNAME"="Norton Identity Safe Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\IE]
"BHODISPLAYNAME"="Norton Identity Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Browser Framework\IE]
"TOOLBARDISPLAYNAME"="Norton Identity Safe Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client]
"CCROOT"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client]
"CCROOTx64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccGenericEvent\Global\Loggers]
"Norton Identity Safe"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccGEvt\Global\LM.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccGenericLog\Logs]
"Norton Identity Safe"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccGLog\ccGLog.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccJobMgr\DataPaths]
"Norton Identity Safe"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\Jobs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\ccJobMgr]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccJobMgr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\NCO Browser Settings Setup]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coDataPr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\NCO NEW Identity Safe Service]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coActMgr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\Symantec Alerting Application]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\cltAlDis.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\Symantec Integrity Monitor Application]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\cltPE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccService\Services\UserSession\UserCtxt.dll]
"ModulePath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\UserCtxt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\ccSubSDK]
"ConfigPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CmnClnt\ccSubSDK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\Debug\CrashHandler]
"CallbackPath"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\Debug\ErrorClient]
"LogicalFailureCallback"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\Debug\ErrorClient]
"ProductName"="Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPID"="Symantec.Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPDATA"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPDATABASE"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"INSTALLDIR"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"INSTALLDIR64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"INSTALLCACHEDIR"="C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"BRANDINGDIR"="C:\Program Files (x86)\Norton Identity Safe\Branding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"MUIDIR"="C:\Program Files (x86)\Norton Identity Safe\MUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"BASEDIR"="C:\Program Files (x86)\Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"LOGDIR"="C:\ProgramData\NortonInstaller\Logs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"CUSTOMSTARTMENU"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"APPDATAEXTENSION"="Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"SYMTEMP"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\Temp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Common Client\PathExpansionMap]
"CLMSTORAGE"="C:\ProgramData\Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\DataStoreMgr\DSMount\NCO]
"FolderPath"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\Framework"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\DING\Ping\Install]
"{C606BE13-9847-4DE3-95FE-4F35D43CD4D7}"="?module=9000&error=0&MID=5BFD73EF-03F2-11E1-AB28-984BE1A73C70&build=42573F3A8C874693BD730E5CDA3B2B0E&d=0&f=6.1.7601.1.0.1&g=5BFD73EF-03F2-11E1-AB28-984BE1A73C70&h=64000&i=0&l=0&language=09.01&product=Norton%20Identity%20Safe&q=IDSSLB&t=0&u=00000001&upgrade=0&v=8.3.0.58&version=2013.3.0.26&w=0&x=0&z=0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{26394572-A7A7-4b7c-AEE3-D4887A362675}]
"Inproc32"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{26394572-A7A7-4b7c-AEE3-D4887A362675}]
"Inproc64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{39AC6042-D137-4aa1-90BC-DC8AF1AEF700}]
"Inproc32"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{39AC6042-D137-4aa1-90BC-DC8AF1AEF700}]
"Inproc64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26\diStRptr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{4CC64CC5-0FA0-4816-AE3B-AEB6D2F4D0E4}]
"Inproc32"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diMaster.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{4CC64CC5-0FA0-4816-AE3B-AEB6D2F4D0E4}]
"Inproc64"="C:\Program Files (x86)\Norton Identity Safe\Engine64\2013.3.0.26\diMaster.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{7B15AE53-35D6-4d48-819D-543F10A4695B}]
"Inproc32"="C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26\Engine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\OBJID\{9A25AE12-1C6B-48b9-95F5-EFCCF30488DC}]
"Inproc32"="C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26\Engine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\Security History\Providers]
"{E6C17D69-A7BA-4b73-A13A-C42041B61F66}"="C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coMCPlug.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"NortonOnline"="C:\Program Files (x86)\Norton Online\Engine\2.3.0.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"NortonOnlineData"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Product"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"Norton Safety Minder"="C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSET_NOF\0000]
"DeviceDesc"="Norton Online Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ccCommon]
"EventMessageFile"="C:\Program Files (x86)\Norton Internet Security\MUI\20.3.0.36\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29EB8256-343B-48E0-8B1A-73DBB5B93E2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ABD96EC3-17D7-4D62-85EF-C8BA87672DA1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFA64.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE0F23B5-D15C-4D9A-8369-971FBAB48ADB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48B682DF-BB81-4E49-B294-BF34EF370346}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSB7D9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E100F30-740A-4A79-9301-027DFB8E23FE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DAA91AC8-1302-4637-84D1-B08BF9F920AE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSE8E7.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{491C7221-1F16-4D26-BCBC-2E7FA18FA719}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6FEF81-B4D3-43F9-9E1F-A1E14B05DA66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS3A22.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75E8614B-61CB-4FFD-9490-7D3DB30CB497}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CF226B8C-9CBF-404F-82A8-9C491DF61172}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSFDEE.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD5D8734-2510-4326-B01B-1E96DA516934}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D7FF4-B1BF-4406-9285-FBCE0223B88F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS6BFC.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5B470E0-1E9D-4AE1-A319-AEE0F35A1EC6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B98081CD-EE0A-46F3-BAD0-232D53ABA2BC}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF21B.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CD8E2C-D1B8-4D48-B3F1-BBBE5F64B95C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E592D12A-FD73-40E1-BB43-325C27166714}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS1CD3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5929215C-144A-461F-9CF5-F349A84ADD58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F472164F-A684-4B99-BF23-DB8A3D95AB56}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF5B3.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499C8DA0-7171-44C9-96EB-EB17617BCAD0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3167D1FA-6476-4F74-B321-D87D2667EC5B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS7AE9.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC7D5074-5499-41CB-8AB2-3AA6F7325289}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F651F87F-4EC7-4896-BB0A-B1D84EBC4E78}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF621.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{494DBC85-8C3A-40F4-AF26-6D845E3618C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A5448E3-D3F0-41CB-B5C5-FDB4B7FC9BC8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS4125.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F52AE247-BF2A-46D0-9CCC-EBD6129C800C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E672ECF-8850-439F-8E65-460A45858D1E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zSF68E.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343306A2-18AE-4131-9205-65C1FE0BCFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93CF3530-D3E6-4687-A4BA-A992077DECDB}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ALEXIS\AppData\Local\Temp\7zS46CF.tmp\SymNRT.exe|Name=Norton Removal Tool|"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"DisplayName"="Norton Safe Search"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"URL"="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
"FaviconPath"="C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\images\misc\Norton.ico"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Norton]
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-21-4121414387-752882849-3289732955-1001_Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-104"="LiveUpdate"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102"="Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-118"="Norton Recovery Tools"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-108"="Get Support"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\Program Files (x86)\Norton Internet Security\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\254\52C64B7E]
"@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-123"="Uninstall Norton Internet Security"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe"="Norton Security Suite"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MuiCache]
"C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe"="Norton Internet Security"

-= EOF =-



Thanks
Good Night
Mike