Hello Ken,
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Norton\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Norton\ deleted successfully.
========== FILES ==========
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\A7CF412459E502F30CC44C40CB39F897 folder moved successfully.
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\4F6562674C3CDFBF77E9AB23D464A72D folder moved successfully.
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D} folder moved successfully.
C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB} folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\Signatures folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\nsm folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\itbNSMLUReg folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38 folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Lue\Logs folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Lue\Downloads folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Lue folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\itbLUReg folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Framework folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\diStRptr folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\diMaster folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\Connections folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccSetMgr folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccJobMgr folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccGLog folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccGEvt\Global folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt\ccGEvt folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26\CmnClnt folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_2.2.0.26 folder moved successfully.
C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} folder moved successfully.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\_lck folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton\LocalDumps folder moved successfully.
C:\ProgramData\Norton\00000083\00000033\1122 folder moved successfully.
C:\ProgramData\Norton\00000083\00000033 folder moved successfully.
C:\ProgramData\Norton\00000083 folder moved successfully.
C:\ProgramData\Norton\00000082\0000012c\00000663 folder moved successfully.
C:\ProgramData\Norton\00000082\0000012c folder moved successfully.
C:\ProgramData\Norton\00000082\00000114\000004e8 folder moved successfully.
C:\ProgramData\Norton\00000082\00000114 folder moved successfully.
C:\ProgramData\Norton\00000082 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton\ErrorManagement folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\N360_Norton\Product\SettingsMigration folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\N360_Norton\Product folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\N360_Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite\Exported folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Security Suite folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton Internet Security folder moved successfully.
C:\ProgramData\NortonInstaller\Settings folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-04-17-23h06m45s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-04-16-18h52m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-04-15-23h04m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
File\Folder C:\Users\All Users\Norton not found.
File\Folder C:\Users\All Users\NortonInstaller not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: ALEXIS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4939093 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Alexis_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13447160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04242013_222814
Files\Folders moved on Reboot...
C:\Users\ALEXIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ALEXIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCOLZN6K\showthread[3].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 4/24/2013 10:36:13 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 51.66% Memory free
5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 226.03 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
========== Services (SafeList) ==========
SRV:
64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:
64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:
64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:
64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:
64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:
64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:
64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:
64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:
64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:
64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:
64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:
64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:
64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:
64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:
64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:
64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:
64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:
64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:
64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:
64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:
64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:
64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:
64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:
64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:
64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:
64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:
64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:
64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:
64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:
64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:
64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:
64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:
64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:
64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:
64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:
64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:
64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:
64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:
64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:
64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:
64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:
64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:
64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:
64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:
64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:
64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:
64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:
64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:
64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:
64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:
64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:
64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:
64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:
64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:
64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPNOT/1
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:
64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:
64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:
64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:
64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/04/23 22:46:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:
64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/21 16:34:47 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\erunt
[2013/04/16 19:00:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/15 23:01:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Windows Live Writer
[2013/04/15 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Windows Live Writer
[2013/04/14 20:59:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/14 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\tdsskiller
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:23:48 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 20:23:48 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 20:23:48 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 20:23:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 20:23:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 20:23:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
========== Files - Modified Within 30 Days ==========
[2013/04/24 22:38:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 22:38:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 22:31:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/24 22:30:55 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/24 22:30:51 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/23 23:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 23:00:48 | 000,139,264 | ---- | M] () -- C:\Users\ALEXIS\Desktop\SystemLook.exe
[2013/04/23 22:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/23 22:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/23 22:48:51 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/23 22:46:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/21 16:59:03 | 002,351,000 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:42:24 | 000,000,134 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:14 | 000,513,320 | ---- | M] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | M] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/18 22:56:34 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/18 00:13:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 23:15:24 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:48 | 001,329,497 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:50:43 | 002,218,636 | ---- | M] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
========== Files Created - No Company Name ==========
[2013/04/23 23:00:47 | 000,139,264 | ---- | C] () -- C:\Users\ALEXIS\Desktop\SystemLook.exe
[2013/04/21 16:59:03 | 002,351,000 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture desktop.PNG
[2013/04/21 16:42:24 | 000,000,134 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Regfix.reg
[2013/04/21 16:33:12 | 000,513,320 | ---- | C] () -- C:\Users\ALEXIS\Desktop\erunt.zip
[2013/04/19 22:22:47 | 000,213,405 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 3.PNG
[2013/04/19 22:20:51 | 000,209,591 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 2.PNG
[2013/04/19 22:17:55 | 000,183,236 | ---- | C] () -- C:\Users\ALEXIS\Desktop\norton winfax 1.PNG
[2013/04/18 22:56:34 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/04/17 23:15:24 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG symantrec win fax pro.PNG
[2013/04/17 23:12:47 | 001,329,497 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG manual app removal screen.PNG
[2013/04/15 23:45:09 | 000,261,356 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG ONE OF THREE.PNG
[2013/04/15 23:42:01 | 000,203,299 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL THREE OF THREE.PNG
[2013/04/15 23:40:55 | 000,248,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG PROGRAM UNINSTALL TWO OF THREE.PNG
[2013/04/14 20:48:13 | 002,218,636 | ---- | C] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
One of Two
: