Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Proxy Setting Auto-Enable [Solved]

Started by TheMattVid , Feb 20 2014 10:23 PM

  • This topic is locked This topic is locked

#31
TheMattVid
Posted 13 March 2014 - 04:16 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL logfile created on: 3/13/2014 6:05:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.58 Gb Available Physical Memory | 60.18% Memory free
11.90 Gb Paging File | 9.40 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 240.19 Gb Free Space | 52.94% Space Free | Partition Type: NTFS

Computer Name: TMV-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/10 21:17:42 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/10 21:17:42 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/20 23:27:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/12/18 14:23:04 | 000,920,872 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/12/18 14:21:30 | 001,802,024 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/12/18 14:17:48 | 000,555,304 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/11/05 20:34:10 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013/10/16 19:01:36 | 004,624,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013/09/25 05:13:20 | 000,815,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2013/06/05 15:18:06 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/18 10:01:24 | 001,515,520 | ---- | M] (Freebird (http://www.voiceemotion.com)) -- C:\Program Files (x86)\freebird\vEmotion\VEmotion.exe
PRC - [2010/12/25 20:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe
PRC - [2010/10/06 01:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 01:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/10 21:17:43 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/03/01 22:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 22:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 22:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 22:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 22:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 22:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2013/12/18 14:11:08 | 000,908,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/10/17 17:45:58 | 032,726,528 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2013/10/16 19:01:36 | 004,624,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/07 15:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2013/06/05 15:21:18 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/03/02 16:43:20 | 000,202,240 | ---- | M] () -- C:\Program Files (x86)\freebird\vEmotion\mpeg_encoder.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/10 21:17:42 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 06:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/07 18:35:38 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/02/27 15:15:36 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/02/27 15:09:36 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/01/05 17:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 17:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 17:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/25 00:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/09 21:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/11/16 14:18:12 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2014/03/12 22:00:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 14:23:04 | 000,920,872 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/12/18 14:17:48 | 000,555,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/12/17 17:16:04 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/12/03 22:51:18 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/29 18:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/06 01:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 01:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/10 21:17:44 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/10 21:17:44 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/03/10 21:17:44 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/10 21:17:44 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/10 21:17:44 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/03/10 21:17:44 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/10 21:17:44 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/12/17 17:11:50 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/06/20 21:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/04/15 15:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/24 10:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 10:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 16:42:12 | 000,174,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/02/17 16:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/02/17 16:42:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 15:29:00 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/18 18:45:46 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/12/17 22:20:18 | 000,331,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/16 22:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/10 17:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 17:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 17:26:44 | 001,566,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 16:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 13:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/17 15:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\..\SearchScopes,DefaultScope = {0163BC13-B614-4616-B2E7-2E541CC2DC4B}
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\..\SearchScopes\{0163BC13-B614-4616-B2E7-2E541CC2DC4B}: "URL" = http://www.google.co...1I7TSNJ_enUS510
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: avast! Online Security = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/03/13 17:58:24 | 000,000,021 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000..\Run: [vEmotion] C:\Program Files (x86)\freebird\vEmotion\vEmotion.exe (Freebird (http://www.voiceemotion.com))
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3481235227-1550051340-2648058792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1253A9FD-872D-43AC-80EB-D1ED38F86E0A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/10 21:18:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVAST Software
[2014/03/10 21:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/03/10 21:17:47 | 001,038,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/03/10 21:17:47 | 000,421,704 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/03/10 21:17:47 | 000,092,544 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/03/10 21:17:47 | 000,080,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014/03/10 21:17:47 | 000,078,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/03/10 21:17:46 | 000,334,136 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/03/10 21:17:44 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/03/10 21:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/10 21:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/03/04 23:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/03 22:46:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/03 20:19:30 | 000,409,600 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FSS.exe
[2014/03/03 20:13:23 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\windows\SysWow64\frapsvid.dll
[2014/03/03 20:11:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/02/27 15:56:07 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/02/26 17:11:45 | 000,000,000 | ---D | C] -- C:\windows\temp
[2014/02/26 17:02:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/02/26 17:02:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/02/26 17:02:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/26 17:02:35 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/02/26 16:55:01 | 005,186,474 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2014/02/24 22:08:22 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/24 22:04:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswmbr.exe
[2014/02/24 22:03:29 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/24 22:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/24 22:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/24 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Minecraft
[2014/02/24 21:18:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live
[2014/02/24 21:18:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E59F3C3-1DE5-41FF-B925-7FA1E7F55192}
[2014/02/20 19:26:43 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2014/02/20 19:26:37 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2014/02/20 19:26:37 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2014/02/20 19:26:37 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2014/02/20 19:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/20 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2014/02/15 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ColorNinjas
[2014/02/14 00:48:41 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/02/14 00:48:09 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/02/14 00:48:09 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/02/14 00:48:09 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/02/14 00:48:09 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/02/14 00:48:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/02/14 00:48:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/02/14 00:48:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/02/14 00:48:07 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/02/14 00:48:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/02/14 00:48:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/02/14 00:48:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/02/14 00:48:07 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/02/14 00:48:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/02/14 00:48:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/02/14 00:48:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/02/14 00:48:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/02/14 00:48:06 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/02/14 00:48:06 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/02/14 00:48:06 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/02/14 00:48:06 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/02/14 00:48:05 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/02/14 00:48:05 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/02/14 00:48:03 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/02/13 12:26:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2014/02/13 12:26:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2014/02/13 12:26:15 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_isv.exe
[2014/02/13 12:26:15 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate.exe
[2014/02/13 12:26:15 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_isv.exe
[2014/02/13 12:26:15 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate.exe
[2014/02/13 12:26:14 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp.exe
[2014/02/13 12:26:14 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 12:26:14 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll
[2014/02/13 12:26:14 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 12:26:14 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 12:26:14 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc.dll
[2014/02/13 12:26:14 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_isv.dll
[2014/02/13 12:26:14 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc.dll
[2014/02/13 12:26:14 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_isv.dll
[2014/02/13 12:26:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 12:26:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp.dll
[2014/02/13 12:26:14 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 12:26:14 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp.dll
[2014/02/13 12:26:10 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2014/02/13 12:26:10 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/13 18:06:25 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/13 18:06:25 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/13 18:00:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/13 17:59:32 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/13 17:59:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/13 17:58:58 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/13 17:58:24 | 000,000,021 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/03/13 17:55:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/12 22:00:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/12 22:00:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/11 20:13:57 | 000,781,790 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/11 20:13:57 | 000,662,310 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/11 20:13:57 | 000,122,146 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/10 21:18:09 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/10 21:17:44 | 001,038,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/03/10 21:17:44 | 000,421,704 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2014/03/10 21:17:44 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/03/10 21:17:44 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/03/10 21:17:44 | 000,092,544 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/03/10 21:17:44 | 000,080,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014/03/10 21:17:44 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/03/10 21:17:44 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/03/10 21:17:44 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/03/10 20:18:56 | 001,338,040 | ---- | M] () -- C:\Users\User\Documents\WeatherMap.png
[2014/03/09 22:45:19 | 000,002,048 | -H-- | M] () -- C:\Users\User\Documents\Default.rdp
[2014/03/08 14:46:01 | 008,120,025 | ---- | M] () -- C:\Users\User\Documents\UnitedStates.jpg
[2014/03/03 20:19:30 | 000,409,600 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FSS.exe
[2014/03/03 20:11:44 | 005,186,474 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2014/03/01 01:44:35 | 000,774,280 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/02/27 18:32:11 | 000,269,642 | ---- | M] () -- C:\Users\User\Documents\WWIII.PNG
[2014/02/24 22:07:33 | 000,000,512 | ---- | M] () -- C:\Users\User\Documents\MBR.dat
[2014/02/24 22:04:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswmbr.exe
[2014/02/24 22:04:00 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-TMV-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 22:01:51 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/20 19:26:34 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2014/02/20 19:26:34 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2014/02/20 19:26:34 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2014/02/20 19:26:34 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2014/02/17 13:38:42 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2014/02/13 20:26:07 | 000,450,883 | ---- | M] () -- C:\Users\User\Documents\Counties.png
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/10 21:18:09 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/10 21:17:47 | 000,207,904 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/03/10 21:17:47 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/03/10 20:18:56 | 001,338,040 | ---- | C] () -- C:\Users\User\Documents\WeatherMap.png
[2014/03/08 14:45:57 | 008,120,025 | ---- | C] () -- C:\Users\User\Documents\UnitedStates.jpg
[2014/02/27 18:25:19 | 000,269,642 | ---- | C] () -- C:\Users\User\Documents\WWIII.PNG
[2014/02/27 15:57:25 | 000,774,280 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/02/26 17:02:51 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/02/26 17:02:51 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/02/26 17:02:51 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/02/26 17:02:51 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/02/26 17:02:51 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/02/24 22:07:33 | 000,000,512 | ---- | C] () -- C:\Users\User\Documents\MBR.dat
[2014/02/24 22:04:00 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-TMV-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 22:01:51 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/17 13:38:42 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2014/02/13 13:16:50 | 000,450,883 | ---- | C] () -- C:\Users\User\Documents\Counties.png
[2013/11/17 14:42:59 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/07/24 22:15:44 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2013/05/23 22:10:15 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2012/11/13 10:29:19 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %systemdrive%\*.exe >

< C:\program files (x86)\Google\Desktop >

< C:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is TI106167W0C
Volume Serial Number is 0AFE-1F6C
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser
08/26/2013 01:27 PM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Roaming]
08/26/2013 01:27 PM <JUNCTION> Cookies [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Cookies]
08/26/2013 01:27 PM <JUNCTION> Local Settings [C:\Users\fbwuser\AppData\Local]
08/26/2013 01:27 PM <JUNCTION> My Documents [C:\Users\fbwuser\Documents]
08/26/2013 01:27 PM <JUNCTION> NetHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/26/2013 01:27 PM <JUNCTION> PrintHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/26/2013 01:27 PM <JUNCTION> Recent [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Recent]
08/26/2013 01:27 PM <JUNCTION> SendTo [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo]
08/26/2013 01:27 PM <JUNCTION> Start Menu [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu]
08/26/2013 01:27 PM <JUNCTION> Templates [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\AppData\Local
08/26/2013 01:27 PM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Local]
08/26/2013 01:27 PM <JUNCTION> History [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\History]
08/26/2013 01:27 PM <JUNCTION> Temporary Internet Files [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\Documents
08/26/2013 01:27 PM <JUNCTION> My Music [C:\Users\fbwuser\Music]
08/26/2013 01:27 PM <JUNCTION> My Pictures [C:\Users\fbwuser\Pictures]
08/26/2013 01:27 PM <JUNCTION> My Videos [C:\Users\fbwuser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\User
11/13/2012 12:14 PM <JUNCTION> Application Data [C:\Users\User\AppData\Roaming]
11/13/2012 12:14 PM <JUNCTION> Cookies [C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies]
11/13/2012 12:14 PM <JUNCTION> Local Settings [C:\Users\User\AppData\Local]
11/13/2012 12:14 PM <JUNCTION> My Documents [C:\Users\User\Documents]
11/13/2012 12:14 PM <JUNCTION> NetHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/13/2012 12:14 PM <JUNCTION> PrintHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/13/2012 12:14 PM <JUNCTION> Recent [C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent]
11/13/2012 12:14 PM <JUNCTION> SendTo [C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo]
11/13/2012 12:14 PM <JUNCTION> Start Menu [C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu]
11/13/2012 12:14 PM <JUNCTION> Templates [C:\Users\User\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\User\AppData\Local
11/13/2012 12:14 PM <JUNCTION> Application Data [C:\Users\User\AppData\Local]
11/13/2012 12:14 PM <JUNCTION> History [C:\Users\User\AppData\Local\Microsoft\Windows\History]
11/13/2012 12:14 PM <JUNCTION> Temporary Internet Files [C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\User\Documents
11/13/2012 12:14 PM <JUNCTION> My Music [C:\Users\User\Music]
11/13/2012 12:14 PM <JUNCTION> My Pictures [C:\Users\User\Pictures]
11/13/2012 12:14 PM <JUNCTION> My Videos [C:\Users\User\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
04/30/2011 10:02 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/30/2011 10:02 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
04/30/2011 10:02 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
04/30/2011 10:02 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/30/2011 10:02 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/30/2011 10:02 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
04/30/2011 10:02 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
04/30/2011 10:02 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
04/30/2011 10:02 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
04/30/2011 10:02 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/30/2011 10:02 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/30/2011 10:02 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
04/30/2011 10:02 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
04/30/2011 10:02 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
04/30/2011 10:02 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
04/30/2011 10:02 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/30/2011 10:02 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
04/30/2011 10:02 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
04/30/2011 10:02 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/30/2011 10:02 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/30/2011 10:02 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
04/30/2011 10:02 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
04/30/2011 10:02 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
04/30/2011 10:02 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
04/30/2011 10:02 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/30/2011 10:02 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/30/2011 10:02 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
04/30/2011 10:02 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
04/30/2011 10:02 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
04/30/2011 10:02 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
95 Dir(s) 257,635,303,424 bytes free

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/02/06 18:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2014/02/06 18:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/02/06 06:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/02/06 06:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/02/06 06:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/02/06 18:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2014/02/06 18:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation)

< HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s >
"IE5_UA_Backup_Flag" = 5.0
"User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName" = User@
"PrivDiscUiShown" = 1
"EnableHttp1_1" = 1
"WarnOnIntranet" = 1
"MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy" = wininet.dll -- [2014/02/06 04:41:35 | 001,820,160 | ---- | M] (Microsoft Corporation)
"UseSchannelDirectly" = 01 00 00 00 [binary data]
"WarnOnPost" = 01 00 00 00 [binary data]
"UrlEncoding" = 0
"SecureProtocols" = 2720
"PrivacyAdvanced" = 0
"ZonesSecurityUpgrade" = EB E6 6F 7C DC F8 CE 01 [binary data]
"DisableCachingOfSSLPages" = 0
"WarnonZoneCrossing" = 1
"EnableNegotiate" = 1
"MigrateProxy" = 1
"ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
"EnableAutodial" = 0
"NoNetAutodial" = 0
"ProxyEnable" = 0
"WarnonBadCertRecving" = 1
"WarnOnPostRedirect" = 0
"WarnOnHTTPSToHTTPRedirect" = 1
"MaxConnectionsPerServer" = 16
"MaxConnectionsPer1_0Server" = 16
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
"Signature" = Client UrlCache MMF Ver 5.2
"ContentLimit" = 250
"TotalContentLimit" = 0
"AppContainerTotalContentLimit" = 1000
"AppContainerContentLimit" = 50
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" =
"CacheLimit" = 256000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = Cookie:
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DNTException]
"CachePrefix" = DNTException:
"CachePath" = %APPDATA%\Microsoft\Windows\DNTException -- [2013/12/14 23:58:38 | 000,000,000 | -HSD | M]
"CacheOptions" = 768
"CacheRepair" = 0
"CacheLimit" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore]
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore -- [2013/05/22 22:11:25 | 000,000,000 | -HSD | M]
"CachePrefix" = DOMStore
"CacheLimit" = 1000
"CacheOptions" = 8
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat]
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Feeds Cache -- [2013/05/22 22:11:25 | 000,000,000 | -HSD | M]
"CachePrefix" = feedplat:
"CacheLimit" = 8192
"CacheOptions" = 0
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat]
"CachePrefix" = iecompat:
"CachePath" = %APPDATA%\Microsoft\Windows\IECompatCache -- [2013/05/22 22:13:15 | 000,000,000 | -HSD | M]
"CacheOptions" = 777
"CacheRepair" = 0
"CacheLimit" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompatua]
"CachePrefix" = iecompatua:
"CachePath" = %APPDATA%\Microsoft\Windows\iecompatuaCache -- [2013/05/22 22:13:15 | 000,000,000 | -HSD | M]
"CacheOptions" = 777
"CacheRepair" = 0
"CacheLimit" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iedownload]
"CachePrefix" = iedownload:
"CachePath" = %APPDATA%\Microsoft\Windows\IEDownloadHistory -- [2013/05/23 18:28:18 | 000,000,000 | -HSD | M]
"CacheOptions" = 9
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld]
"CachePath" = %APPDATA%\Microsoft\Windows\IETldCache -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = ietld:
"CacheLimit" = 8192
"CacheOptions" = 9
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014021720140224]
"CachePrefix" = :2014021720140224:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014021720140224 -- [2014/02/24 16:06:09 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014022420140303]
"CachePrefix" = :2014022420140303:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014022420140303 -- [2014/03/03 18:13:34 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030320140310]
"CachePrefix" = :2014030320140310:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014030320140310 -- [2014/03/10 17:33:08 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031020140311]
"CachePrefix" = :2014031020140311:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014031020140311 -- [2014/03/10 17:33:08 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031120140312]
"CachePrefix" = :2014031120140312:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014031120140312 -- [2014/03/11 17:14:16 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031220140313]
"CachePrefix" = :2014031220140313:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014031220140313 -- [2014/03/12 16:48:21 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031320140314]
"CachePrefix" = :2014031320140314:
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014031320140314 -- [2014/03/13 14:52:39 | 000,000,000 | -HSD | M]
"CacheOptions" = 11
"CacheRepair" = 0
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:]
"CachePath" = %APPDATA%\Microsoft\Windows\PrivacIE -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = PrivacIE:
"CacheLimit" = 1024
"CacheOptions" = 9
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = Visited:
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache]
"Signature" = Client UrlCache MMF Ver 5.2
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content]
"CachePrefix" =
"CacheLimit" = 256000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies]
"CachePrefix" = Cookie:
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\DOMStore]
"CachePath" = %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = DOMStore
"CacheLimit" = 1000
"CacheOptions" = 8
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\iecompat]
"CachePrefix" = iecompat:
"CachePath" = %APPDATA%\Microsoft\Windows\IECompatCache\Low -- [2013/05/23 18:28:03 | 000,000,000 | -HSD | M]
"CacheOptions" = 777
"CacheRepair" = 0
"CacheLimit" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\iecompatua]
"CachePrefix" = iecompatua:
"CachePath" = %APPDATA%\Microsoft\Windows\iecompatuaCache\Low -- [2013/05/23 18:28:03 | 000,000,000 | -HSD | M]
"CacheOptions" = 777
"CacheRepair" = 0
"CacheLimit" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\ietld]
"CachePath" = %APPDATA%\Microsoft\Windows\IETldCache\Low -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = ietld:
"CacheLimit" = 8192
"CacheOptions" = 9
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012013041520130422]
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013041520130422 -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = :2013041520130422:
"CacheLimit" = 8192
"CacheOptions" = 11
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012013042220130429]
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013042220130429 -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = :2013042220130429:
"CacheLimit" = 8192
"CacheOptions" = 11
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012013050520130506]
"CachePath" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013050520130506 -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = :2013050520130506:
"CacheLimit" = 8192
"CacheOptions" = 11
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\PrivacIE:]
"CachePath" = %APPDATA%\Microsoft\Windows\PrivacIE\Low -- [2013/05/22 22:11:26 | 000,000,000 | -HSD | M]
"CachePrefix" = PrivacIE:
"CacheLimit" = 1024
"CacheOptions" = 9
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData]
"CachePath" = %APPDATA%\Microsoft\Internet Explorer\UserData\Low -- [2013/05/22 22:11:27 | 000,000,000 | -HSD | M]
"CachePrefix" = UserData
"CacheLimit" = 1000
"CacheOptions" = 8
"CacheRepair" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History]
"CachePrefix" = Visited:
"CacheLimit" = 8192
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE]
"Persistent" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = 46 00 00 00 60 42 00 00 01 00 00 00 00 00 00 00 45 00 00 00 3C 6C 6F 63 61 6C 3E 31 32 37 2E 30 2E 30 2E 31 3B 6C 6F 63 61 6C 68 6F 73 74 3B 31 30 2E 2A 3B 31 39 32 2E 31 36 38 2E 2A 3B 31 32 37 2E 30 2E 30 2E 31 3A 38 39 35 3B 31 32 37 2E 30 2E 30 2E 31 3A 38 39 36 00 00 00 00 01 00 00 00 00 00 00 00 60 76 BF 1D 20 57 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A BD 2C 7D 11 FE 9F 1F 1F 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 E2 96 00 00 01 00 00 00 00 00 00 00 45 00 00 00 3C 6C 6F 63 61 6C 3E 31 32 37 2E 30 2E 30 2E 31 3B 6C 6F 63 61 6C 68 6F 73 74 3B 31 30 2E 2A 3B 31 39 32 2E 31 36 38 2E 2A 3B 31 32 37 2E 30 2E 30 2E 31 3A 38 39 35 3B 31 32 37 2E 30 2E 30 2E 31 3A 38 39 36 00 00 00 00 01 00 00 00 00 00 00 00 60 76 BF 1D 20 57 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A BD 2C 7D 11 FE 9F 1F 1F 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"" =
"DisplayName" = Computer
"PMDisplayName" = Computer [Protected Mode]
"Description" = Your computer
"Icon" = shell32.dll#0016 -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005422 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 0
"Flags" = 33
"1200" = 3
"1400" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"" =
"DisplayName" = Local intranet
"PMDisplayName" = Local intranet [Protected Mode]
"Description" = This zone contains all Web sites that are on your organization's intranet.
"Icon" = shell32.dll#0018 -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005423 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 0
"Flags" = 219
"1200" = 3
"1400" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"" =
"DisplayName" = Trusted sites
"PMDisplayName" = Trusted sites [Protected Mode]
"Description" = This zone contains Web sites that you trust not to damage your computer or data.
"Icon" = inetcpl.cpl#00004480 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005424 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 0
"Flags" = 33
"1200" = 3
"1400" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"" =
"DisplayName" = Internet
"PMDisplayName" = Internet [Protected Mode]
"Description" = This zone contains all Web sites you haven't placed in other zones
"Icon" = inetcpl.cpl#001313 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005425 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 0
"Flags" = 33
"1200" = 3
"1400" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"" =
"DisplayName" = Restricted sites
"PMDisplayName" = Restricted sites [Protected Mode]
"Description" = This zone contains Web sites that could potentially damage your computer or data.
"Icon" = inetcpl.cpl#00004481 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005426 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 0
"Flags" = 33
"1200" = 3
"1400" = 3
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
"NumRegistrationRuns" = 6
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High]
"1400" = 3
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = {4B949941-58C3-4058-A178-2474CC0E826B}_{A862E7C5-89A9-4AE0-8C9E-98128D6FA667}
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-62-32-f2-dc]
"WpadDecisionReason" = 1
"WpadDecisionTime" = BF D9 18 31 07 3F CF 01 [binary data]
"WpadDecision" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-62-32-f2-dc_7a-79-19-00-00-01]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 81 06 34 51 88 65 CE 01 [binary data]
"WpadDecision" = 0
"WpadDetectedUrl" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-26-b8-61-85-f0]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 30 E8 D1 0C B3 C2 CD 01 [binary data]
"WpadDecision" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0c-d5-02-95-54-34]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 9F DF 9F 69 8D 79 CE 01 [binary data]
"WpadDecision" = 0
"WpadDetectedUrl" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\20-e5-2a-1e-c6-c7]
"WpadDecisionReason" = 1
"WpadDecisionTime" = C7 01 2A 67 9A A7 CE 01 [binary data]
"WpadDecision" = 0
"WpadDetectedUrl" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\20-e5-2a-1e-c6-c7_7a-79-19-00-00-01]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 9F 33 7B 48 89 65 CE 01 [binary data]
"WpadDecision" = 0
"WpadDetectedUrl" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-79-19-00-00-01]
"WpadDecisionReason" = 1
"WpadDecisionTime" = B5 B5 E1 3A 89 65 CE 01 [binary data]
"WpadDecision" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = B5 B5 E1 3A 89 65 CE 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = Network
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}\7a-79-19-00-00-01]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}_{6DF536E5-64B7-4AEF-8372-2E432D9C7E6B}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 9F 33 7B 48 89 65 CE 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = Network
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}_{6DF536E5-64B7-4AEF-8372-2E432D9C7E6B}\20-e5-2a-1e-c6-c7_7a-79-19-00-00-01]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}_{A862E7C5-89A9-4AE0-8C9E-98128D6FA667}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 81 06 34 51 88 65 CE 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = Network
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}_{A862E7C5-89A9-4AE0-8C9E-98128D6FA667}\00-26-62-32-f2-dc_7a-79-19-00-00-01]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{4B949941-58C3-4058-A178-2474CC0E826B}_{A862E7C5-89A9-4AE0-8C9E-98128D6FA667}\7a-79-19-00-00-01]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5629EB69-8E7A-4F2A-83CB-9B5DA1168724}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 9F DF 9F 69 8D 79 CE 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = xyz2
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5629EB69-8E7A-4F2A-83CB-9B5DA1168724}\0c-d5-02-95-54-34]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6DF536E5-64B7-4AEF-8372-2E432D9C7E6B}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = C7 01 2A 67 9A A7 CE 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = NETGEAR-Guest
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6DF536E5-64B7-4AEF-8372-2E432D9C7E6B}\00-26-62-32-f2-dc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6DF536E5-64B7-4AEF-8372-2E432D9C7E6B}\20-e5-2a-1e-c6-c7]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DC65B4D-69B7-460B-BB32-4C6E39649B87}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 30 E8 D1 0C B3 C2 CD 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = ZM33C
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8DC65B4D-69B7-460B-BB32-4C6E39649B87}\00-26-b8-61-85-f0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A862E7C5-89A9-4AE0-8C9E-98128D6FA667}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = BF D9 18 31 07 3F CF 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = 8DKZ1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A862E7C5-89A9-4AE0-8C9E-98128D6FA667}\00-26-62-32-f2-dc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C613CC72-F21F-4684-BCFE-F80C7073EF93}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 9B E3 65 FC 79 6D CE 01 [binary data]
"WpadDecision" = 0
"WpadNetworkName" = Unidentified network
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C613CC72-F21F-4684-BCFE-F80C7073EF93}\20-e5-2a-1e-c6-c7]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DE11B672-5F70-41B8-BEC0-716A2DF83CA1}]
"WpadDecisionReason" = 1
"WpadDecisionTime" = 50 FC 4F 7B EC F9 CD 01 [binary data]
"WpadDecision" = 3
"WpadNetworkName" = Unidentified network
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = 0
"AutoDetect" = 1
"" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
"" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\*.update]
"http" = 2
"https" = 2
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"" =
"http" = 3
"https" = 3
"ftp" = 3
"file" = 3
"@ivt" = 1
"shell" = 0
"knownfolder" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
"" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
"" =
"SecuritySafe" = 1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"2004" = 3
"2001" = 3
"" =
"DisplayName" = Computer
"PMDisplayName" = Computer [Protected Mode]
"Description" = Your computer
"Icon" = shell32.dll#0016 -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005422 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 0
"Flags" = 33
"1200" = 0
"1400" = 0
"2007" = 3
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"2004" = 0
"2001" = 0
"" =
"DisplayName" = Local intranet
"PMDisplayName" = Local intranet [Protected Mode]
"Description" = This zone contains all Web sites that are on your organization's intranet.
"Icon" = shell32.dll#0018 -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005423 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 66816
"Flags" = 323
"1200" = 0
"1400" = 0
"2500" = 3
"2007" = 65536
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"2001" = 0
"2004" = 0
"" =
"DisplayName" = Trusted sites
"PMDisplayName" = Trusted sites [Protected Mode]
"Description" = This zone contains Web sites that you trust not to damage your computer or data.
"Icon" = inetcpl.cpl#00004480 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005424 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 69632
"Flags" = 71
"1200" = 0
"1400" = 0
"1001" = 1
"1004" = 3
"1201" = 3
"1206" = 3
"1207" = 0
"1208" = 0
"1209" = 3
"120A" = 3
"1402" = 0
"1405" = 0
"1406" = 3
"1407" = 1
"1408" = 0
"1409" = 0
"1601" = 0
"1604" = 0
"1605" = 0
"1606" = 0
"1607" = 3
"1608" = 0
"1609" = 1
"160A" = 0
"1800" = 1
"1802" = 0
"1803" = 0
"1804" = 1
"1809" = 0
"1A00" = 131072
"1A02" = 0
"1A03" = 0
"1A04" = 3
"1A05" = 1
"1A06" = 0
"1C00" = 65536
"2000" = 0
"2005" = 0
"2100" = 0
"2101" = 0
"2102" = 3
"2103" = 0
"2104" = 0
"2105" = 0
"2106" = 0
"2200" = 3
"2201" = 3
"2300" = 1
"2301" = 0
"2400" = 0
"2401" = 0
"2402" = 0
"2600" = 0
"2700" = 3
"2007" = 65536
"2107" = 0
"2708" = 3
"2709" = 3
"1812" = 0
"140A" = 0
"2302" = 3
"270B" = 0
"160B" = 0
"2701" = 0
"2702" = 0
"2703" = 0
"2704" = 0
"2108" = 3
"120B" = 0
"270C" = 3
"270D" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"2004" = 0
"2001" = 0
"{AEBA21FA-782A-4A90-978D-B72164C80120}" = 1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 1E 28 1A 04 1B 0C 3B C2 21 27 53 0D 36 05 2C 05 04 3D 4F 3A 4A 44 33 3A 0A 06 12 68 53 7C 20 13 35 5D 4C 10 27 01 56 7A 2D 3F 38 4F 79 0F 16 26 75 53 1C 31 00 56 7A 3E 32 24 4F 79 1B 00 33 71 4D 23 32 29 7C 6A 35 31 34 40 72 3B 01 2E 5D 4C 2A 07 15 48 72 38 12 00 56 7A 3E 16 3C 71 4D 24 33 35 7C 72 35 0E 3C 1A 41 44 19 0F 31 3A 56 7A 2E 3E 31 0C 7C 6A 10 27 0C 05 5D 4C 39 19 12 15 61 54 2E 00 33 32 40 52 03 25 1F 05 5D 4C 2C 0C 0A 15 61 54 1A 26 1F 05 5D 4C 10 21 1D 1B 71 4D 3B 24 3A 21 6D 72 24 16 3C 32 40 72 21 0F 3A 1A 41 44 1B 1E 01 01 71 4D 32 23 30 27 6D 4D 1F 28 10 3C 56 7A 2F 2E 32 16 7C 6A 3A 12 3B 28 75 53 0B 3F 12 01 71 4D 23 32 29 27 75 53 12 30 32 1E 4F 79 12 38 17 01 71 4D 30 3E 37 27 6D 72 38 12 3F 04 41 44 0A 0E 32 28 49 5F 1C 24 0B 1B 36 21 41 7B 5B 24 39 31 7C 6A 2B 0E 25 75 53 1A 2E 26 41 72 34 16 26 71 4D 30 30 3A 7C 6A 07 33 1A 56 7A 3A 00 33 71 4D 23 32 29 7C 6A 1A 26 1A 40 52 24 3F 1A 6D 4D 1C 22 28 75 53 13 25 20 41 44 0A 0E 32 75 53 08 07 20 71 4D 10 27 0D 05 5D 4C 24 1A 1E 1B 71 4D 3F 20 3F 21 6D 4D 10 27 0C 05 5D 4C 39 19 12 3A 56 7A 3A 20 2C 0C 7C 6A 3E 0C 37 07 75 53 12 30 32 3A 56 7A 25 2D 23 0C 7C 6A 2B 08 21 3A 56 7A 22 3A 32 3A 56 72 24 1E 26 1A 41 44 07 1F 03 1B 75 53 1C 31 01 01 71 4D 32 23 30 27 6D 72 34 1E 30 04 41 44 1B 1E 3B 28 49 5F 07 33 12 1B 5D 4C 35 0B 0A 1F 75 53 0B 00 34 28 40 72 3B 01 2D 04 41 44 01 05 34 28 40 52 22 36 04 34 48 72 38 12 3F 04 41 44 0A 0E 1F 01 71 4D 24 33 35 27 06 1C 68 53 49 14 21 01 40 52 10 27 0D 40 52 2C 29 05 6D 4D 1F 28 05 56 7A 2F 2E 32 75 53 07 33 12 40 52 3F 3A 19 6D 72 20 00 34 71 4D 1A 26 1A 40 52 24 3F 1A 6D 72 35 08 38 5D 4C 2D 01 18 48 7A 27 23 1F 56 7A 3B 2F 3F 4F 79 08 39 01 1B 71 72 33 1F 39 3A 56 7A 2E 3E 31 0C 7C 72 35 0E 3F 1A 41 44 0A 0A 35 3A 56 7A 3A 20 2C 0C 7C 6A 03 25 1F 05 5D 4C 2C 0C 0A 15 61 54 27 05 34 32 40 52 10 21 09 05 5D 4C 2D 01 18 15 61 54 07 37 17 05 5D 4C 1C 24 03 1B 71 4D 30 30 3B 27 6D 72 33 17 3F 28 40 72 34 1E 30 04 41 44 1B 1E 00 01 71 4D 2F 2C 2C 27 6D 4D 0B 26 3F 3C 56 7A 3A 20 23 16 7C 6A 35 05 33 28 75 53 12 30 17 01 71 4D 30 3E 37 27 75 53 13 25 20 1E 4F 79 1F 29 1F 01 71 4D 24 33 35 27 06 21 41 7B 5B 3D 24 37 7C 6A 2B 0E 25 40 72 33 1F 39 5D 72 34 1E 30 5D 4C 2A 0D 18 48 7A 27 12 3B 71 4D 23 32 12 56 72 20 0C 2E 5D 4C 2C 0C 0A 75 53 1A 26 1F 40 72 35 08 38 5D 4C 2D 01 18 75 53 0F 21 27 41 44 07 1F 3E 61 54 3D 06 22 32 40 52 2C 29 05 32 48 72 34 1E 05 1B 71 4D 10 27 0C 05 5D 4C 39 19 1A 1B 71 4D 23 32 24 21 6D 4D 03 25 1F 05 5D 4C 2C 0C 0A 3A 56 7A 25 2D 23 0C 7C 6A 2B 08 21 07 75 53 13 25 20 3A 56 7A 3E 3E 3B 0C 7C 6A 3F 0F 23 3A 56 7A 2F 2E 3D 3C 56 72 33 1F 39 04 41 44 1A 0E 05 01 75 53 1C 31 00 01 71 4D 2F 2C 2C 27 6D 72 20 0C 2D 04 41 44 06 18 2A 28 49 5F 1A 26 1A 1B 5D 4C 2C 0C 0F 1F 75 53 1C 1C 3E 28 40 72 38 12 3F 04 41 44 0A 16 3C 28 40 52 3E 39 06 34 21 21 41 7B 5B 23 27 3C 7C 6A 17 37 17 40 52 32 24 05 6D 4D 0E 21 2C 75 53 0B 31 31 75 53 08 3E 21 41 44 07 1E 3C 61 54 17 37 17 05 5D 4C 00 33 1E 1B 71 4D 2E 39 3B 21 6D 72 20 06 32 32 40 72 21 0F 3C 1A 41 44 1A 0E 1F 01 71 4D 20 2C 30 27 6D 4D 0E 21 2C 3C 56 7A 3A 2E 2D 16 7C 6A 3F 07 22 28 6E 02 68 4A 7C 21 09 26 5D 4C 29 1D 1F 56 7A 3F 32 38 4F 79 1E 30 01 56 7A 3A 2E 2D 4F 79 14 07 22 71 4D 24 30 3B 7C 6A 2A 1E 2F 07 75 53 0C 2D 26 3A 56 7A 31 25 3D 0C 7C 6A 3E 0E 35 3A 56 7A 3B 2F 3D 3A 56 72 34 1E 26 04 41 44 0B 0A 1E 01 75 53 0E 38 01 01 71 4D 23 30 2B 27 6D 72 21 0F 3C 04 28 1B 67 6B 5F 00 22 10 75 53 1F 21 27 41 44 0B 0A 31 75 53 0E 1D 22 71 4D 03 27 1D 40 52 3E 39 08 75 53 08 31 21 41 44 1A 0E 32 3A 56 7A 3F 32 38 0C 7C 6A 06 3E 0D 05 5D 4C 35 0D 09 15 61 54 29 07 22 32 40 52 17 37 17 1B 5D 4C 3A 19 16 1F 61 54 06 3E 0D 1B 5D 4C 03 27 11 01 71 4D 24 33 3B 27 06 21 41 73 41 11 25 1D 56 7A 2E 3E 3B 4F 79 18 12 3F 71 4D 2E 39 3B 7C 6A 3E 0E 35 40 72 21 0F 3C 5D 4C 36 0D 19 48 72 34 1E 1F 1B 71 4D 00 33 16 05 5D 4C 38 04 01 1B 71 4D 23 30 2B 21 6D 4D 1C 24 0D 05 5D 4C 29 1D 17 3C 56 7A 3F 32 38 16 7C 6A 39 09 25 09 75 53 0B 31 31 3C 56 7A 3B 2F 3D 16 15 39 5F 7B 42 03 38 02 40 20 2C 1E 4F 37 41 7B 5B 23 27 3C 7C 14 07 22 6E 14 68 4A 7C 20 13 35 5D 30 37 08 06 37 41 7B 5B 23 27 3C 7C 1B 39 1D 30 02 7C 50 68 3A 3B 34 4F 1B 1E 3B 6E 14 68 73 41 0B 22 0A 56 12 30 32 28 09 67 73 41 0B 22 2A 41 2C 0C 0F 21 37 41 7B 5B 23 27 3C 7C 08 1C 3E 66 0E 44 4F 56 06 13 05 61 27 23 1F 4F 3F 5B 53 7C 20 13 35 5D 3E 39 06 06 0A 68 53 7C 21 09 26 5D 32 12 3F 6E 14 68 4A 44 3E 37 02 6D 1C 24 01 4F 3F 5B 73 41 08 38 27 41 38 04 19 6E 14 68 4A 44 3E 37 02 6D 3E 0E 35 3B 37 41 7B 5B 24 39 31 7C 08 39 00 4F 3F 7C 50 68 3B 1D 3C 71 25 2D 2C 20 3A 7C 50 68 3B 25 3B 4F 01 1D 2A 6E 14 68 4A 44 3E 37 02 6D 10 21 09 29 1F 5E 45 67 14 30 07 49 12 16 3C 66 0E 44 73 41 08 38 27 41 36 0A 1B 21 3F 42 73 41 10 3B 2D 41 00 33 1E 4F 3F 5B 53 5E 2E 07 1D 75 21 07 22 66 0E 7C 50 68 23 24 31 4F 0D 15 01 4F 3F 5B 53 5E 2E 07 1D 48 0B 18 3C 6E 14 68 4A 44 26 36 0C 6D 2B 06 25 66 37 41 7B 5B 14 21 01 40 3A 31 24 15 37 41 7B 5B 3C 3E 3F 7C 12 38 17 4F 3F 5B 53 5E 2E 07 1D 75 35 08 38 36 03 56 76 74 37 08 19 40 07 37 17 29 1F 7C 50 68 23 24 31 4F 07 1F 3E 16 17 7C 50 68 20 3A 39 75 25 12 3F 66 0E 44 4F 56 1C 12 1D 56 1C 24 0D 29 37 41 7B 5B 3D 24 37 7C 1E 1D 22 66 0E 44 4F 56 1C 12 30 61 23 13 11 4F 3F 5B 53 5E 2F 01 15 48 10 27 0C 6E 14 68 4A 7C 36 12 38 5D 24 3F 19 6E 14 68 4A 44 21 2C 04 6D 35 05 34 66 0E 44 4F 56 1C 12 1D 56 1C 3B 25 28 09 67 6B 5F 01 2C 28 75 24 1E 26 36 37 41 7B 5B 3D 24 37 7C 14 3A 0B 30 37 41 7B 5B 36 0C 7C [Binary data over 200 bytes]
"1A10" = 1
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}" = 1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 1E 28 1A 04 1B 0C 3B C2 21 2D 53 49 07 25 0F 29 01 7C 50 68 3A 3B 34 4F 79 08 39 0D 49 72 33 1F 39 5D 4C 17 37 05 56 7A 2F 2E 32 4F 79 1F 12 3B 75 53 0B 3F 12 56 7A 3A 20 23 4F 79 12 05 33 71 4D 3A 31 29 7C 6A 2B 08 21 40 72 38 12 3F 5D 4C 39 1D 17 48 72 21 0F 03 56 7A 2F 06 22 32 40 52 2C 29 05 3A 56 7A 2E 3E 31 0C 7C 6A 2B 06 25 32 40 52 33 24 01 32 75 53 0B 3F 32 04 4F 79 1B 3B 1F 0C 40 72 3B 01 2D 1A 75 53 12 30 3F 04 4F 79 08 3F 09 0C 75 53 13 25 20 04 75 53 07 37 17 05 5D 4C 36 0A 1B 3A 56 72 35 0E 3C 3C 56 7A 2D 3F 38 16 7C 6A 17 37 01 1B 5D 4C 2A 0D 18 1F 61 54 12 12 3B 28 40 52 3F 3A 19 34 48 72 20 0C 17 01 71 4D 1A 26 1A 1B 5D 4C 2C 0C 17 01 71 4D 30 3E 37 27 6D 4D 1B 3B 0C 1B 5D 4C 39 1D 17 3C 56 7A 3B 2F 3F 16 15 39 5F 7B 42 29 1D 3C 71 4D 30 06 22 71 4D 32 23 30 7C 6A 2A 1E 19 75 53 1C 31 20 41 72 24 12 3B 71 4D 23 32 24 7C 6A 03 25 17 56 7A 25 05 33 71 4D 3A 31 29 7C 6A 10 21 09 40 52 27 2C 0B 6D 4D 0F 28 2A 75 53 08 3E 23 41 44 1B 1E 3C 3A 56 7A 12 34 16 05 75 53 1F 21 2D 04 4F 79 10 27 0C 05 5D 4C 39 19 12 15 75 53 0B 3F 32 04 4F 79 1B 00 34 32 40 52 24 3F 19 32 48 7A 2C 10 17 1B 71 4D 30 1C 3E 32 40 52 27 2C 0B 32 48 7A 27 16 3C 32 40 52 3E 07 20 3A 56 7A 2F 2E 3D 16 7C 6A 12 34 1E 01 71 4D 17 37 01 1B 5D 4C 2A 0D 18 3C 56 7A 3E 32 24 16 7C 6A 3E 0C 34 09 75 53 0B 3F 3F 1E 4F 79 12 38 12 01 71 72 3B 01 2E 3C 56 7A 2F 24 39 16 7C 72 38 12 3F 04 41 44 0A 0E 32 3C 56 7A 3B 2F 3F 16 15 39 7C 50 68 23 24 31 4F 79 08 39 0D 49 5F 12 34 16 40 52 17 37 01 40 52 22 38 0B 6D 4D 0F 34 1A 56 7A 3A 20 2C 75 53 03 25 1F 40 52 24 3F 19 6D 72 3B 05 34 71 4D 10 21 09 40 52 27 2C 0B 6D 72 24 1E 26 5D 4C 36 0A 1B 48 7A 36 13 01 1B 71 4D 32 23 30 21 6D 4D 17 37 01 3A 56 7A 2F 06 25 32 40 52 33 24 01 3A 56 7A 3A 20 2C 0C 7C 6A 3E 00 34 32 40 52 24 3F 19 32 75 53 12 30 3F 04 4F 79 08 3F 09 0C 40 72 38 12 3F 1A 75 53 0F 21 27 04 4F 79 14 3A 0B 0C 75 53 1C 31 21 1E 75 53 12 34 16 1B 5D 4C 29 1D 1D 3C 56 72 35 0E 3F 3C 56 7A 3E 32 24 16 7C 6A 03 25 1A 1B 5D 4C 35 0B 0F 1F 61 54 27 05 33 28 40 52 24 3F 1A 34 48 72 35 08 1D 01 71 4D 1B 3B 0C 1B 5D 4C 39 1D 1F 01 71 4D 24 33 35 27 06 1C 7C 50 68 20 3A 39 4F 79 08 06 22 71 4D 32 23 30 7C 6A 2A 1E 19 40 72 35 0E 3F 5D 72 24 1A 25 5D 4C 35 0B 0A 48 7A 23 00 34 71 4D 3A 31 12 56 72 3B 01 2E 5D 4C 2A 07 15 75 53 1B 3B 0C 40 72 24 1E 26 5D 4C 36 0A 1B 75 53 1C 31 21 04 4F 79 0A 2A 06 0C 40 72 34 1E 30 1A 41 44 1B 1E 3B 3A 56 7A 07 33 12 05 75 53 0B 3F 32 04 4F 79 03 25 1F 05 5D 4C 2C 0C 0A 15 75 53 12 30 3F 04 4F 79 08 1C 3E 32 40 52 27 2C 0B 32 48 7A 27 23 1F 1B 71 4D 24 07 20 32 40 52 22 38 08 34 48 7A 34 17 3F 28 40 52 23 16 26 3C 56 7A 2F 2E 32 16 7C 6A 07 33 1A 01 71 4D 03 25 1A 1B 5D 4C 35 0B 0F 3C 56 7A 25 2D 2C 16 7C 6A 35 31 37 09 75 53 1C 3B 25 1E 4F 79 13 35 00 01 71 72 24 1E 26 3C 56 7A 3B 2F 3F 16 15 21 41 7B 5B 23 27 3C 7C 6A 2A 16 3C 71 4D 20 2C 30 7C 6A 06 3E 0D 40 52 3F 38 18 6D 4D 08 27 2C 75 53 08 31 21 75 53 1F 21 27 04 4F 79 18 2D 06 0C 75 53 0E 38 21 04 75 53 03 27 1D 05 5D 4C 36 0A 19 3A 56 72 34 1E 26 3C 56 7A 3F 32 38 16 7C 6A 06 3E 0D 1B 5D 4C 35 0D 09 1F 61 54 29 07 22 28 29 01 5E 45 67 14 30 1F 56 7A 17 37 17 40 72 25 1A 39 5D 4C 38 04 01 56 7A 3A 2E 2D 4F 79 14 3A 01 56 7A 3B 2E 3D 4F 79 0F 16 3C 32 40 52 32 24 05 32 48 7A 18 28 01 1B 71 4D 23 06 32 32 40 52 3E 39 08 32 48 7A 37 16 3C 28 40 52 32 12 3F 3C 56 7A 31 25 3D 16 7C 6A 03 27 11 01 71 4D 1C 24 0D 1B 36 1D 56 76 74 14 21 01 40 52 23 28 02 6D 4D 0C 34 2B 75 53 0E 38 21 41 44 06 1E 2C 75 53 08 07 22 71 4D 1C 27 0D 40 52 23 28 02 3A 56 7A 3F 32 38 0C 7C 6A 39 1D 22 32 40 52 3F 38 18 32 75 53 08 3E 21 04 4F 79 0F 29 07 02 40 72 25 1A 39 04 75 53 0E 38 21 1E 4F 79 1B 39 1D 02 75 53 08 3E 21 1E 6E 02 7C 50 68 20 3A 39 4F 79 0F 16 3C 75 53 0C 2D 1E 56 7A 31 25 3D 4F 79 1B 06 32 71 4D 24 33 3B 7C 6A 3F 0E 25 40 72 34 1E 26 1A 41 44 0B 0A 31 3A 56 7A 06 3E 0D 05 75 53 0B 31 31 04 4F 79 1C 24 0D 05 5D 4C 29 1D 17 1F 75 53 0C 2D 26 1E 4F 79 1E 1D 22 28 40 52 3F 38 18 34 48 7A 22 12 01 01 66 1C 44 73 41 0B 22 2A 41 3A 19 16 21 2D 42 73 41 0B 22 2A 41 1C 24 01 4F 2D 5B 53 5E 35 1E 22 75 27 1D 22 66 1C 7C 50 68 3A 3B 34 4F 06 1E 11 4F 2D 5B 53 5E 35 1E 22 48 1C 18 2D 6E 02 68 4A 44 3F 2D 31 6D 35 05 33 66 21 41 7B 5B 03 38 02 40 3A 31 29 15 21 41 7B 5B 23 27 3C 7C 08 3F 1D 4F 2D 5B 53 5E 35 1E 22 75 24 1E 26 36 1D 56 76 74 3E 03 1C 40 1C 24 0B 29 01 7C 50 68 3B 25 3B 4F 0B 0A 31 16 05 7C 50 68 3B 25 3B 75 21 07 22 66 1C 44 4F 56 07 15 1F 56 06 3E 0D 29 21 41 7B 5B 24 39 31 7C 1B 06 32 66 1C 44 4F 56 07 15 32 61 36 13 00 4F 2D 5B 53 5E 36 04 17 48 1A 26 1A 6E 02 68 4A 7C 21 09 26 5D 24 3F 1A 6E 02 68 4A 44 3E 37 02 6D 2B 1C 3E 66 1C 44 4F 56 07 15 1F 56 0F 21 27 28 1B 67 6B 5F 08 21 2A 75 21 0F 3A 36 21 41 7B 5B 3C 3E 3F 7C 18 2D 06 30 21 41 7B 5B 3C 3E 05 56 1C 24 0D 29 01 5E 45 67 0C 1C 26 75 27 09 3C 6E 02 68 4A 44 26 36 0C 6D 03 27 1D 29 01 5E 45 67 0C 3F 31 49 3D 06 25 66 1C 44 4F 56 1F 14 38 75 3B 01 12 4F 2D 5B 73 41 10 3B 2D 41 2C 0C 17 4F 2D 5B 53 5E 2E 07 1D 48 10 21 09 29 01 5E 45 67 0C 1C 26 71 3E 3E 3B 20 28 74 4E 68 2A 29 05 56 08 3E 23 6E 02 68 4A 44 21 2C 04 6D 3B 1A 20 6E 02 68 4A 44 21 1A 3E 75 21 0F 3C 36 1D 56 76 74 15 3B 1D 56 0E 38 01 4F 2D 5B 53 5E 2F 01 15 75 20 0E 2C 36 1D 56 76 74 28 02 21 40 10 27 0C 29 01 5E 45 67 0D 35 1D 56 12 05 33 66 1C 7C 50 68 20 3A 39 4F 01 05 34 66 1C 44 4F 56 1C 12 30 75 35 08 38 36 1D 56 76 74 15 3B 09 40 2F 20 31 15 39 5F 7B 42 20 1A 3E 71 3B 2F 03 4F 2D 5B 53 5E 20 39 74 [Binary data over 200 bytes]
"" =
"DisplayName" = Internet
"PMDisplayName" = Internet [Protected Mode]
"Description" = This zone contains all Web sites you haven't placed in other zones
"Icon" = inetcpl.cpl#001313 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005425 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 70912
"Flags" = 1
"1200" = 0
"1400" = 0
"1001" = 1
"1004" = 3
"1201" = 3
"1206" = 3
"1207" = 3
"1208" = 3
"1209" = 3
"120A" = 3
"1402" = 0
"1405" = 0
"1406" = 3
"1407" = 1
"1408" = 3
"1409" = 0
"1601" = 0
"1604" = 0
"1605" = 0
"1606" = 0
"1607" = 3
"1608" = 0
"1609" = 1
"160A" = 3
"1800" = 1
"1802" = 0
"1803" = 0
"1804" = 1
"1809" = 0
"1A00" = 131072
"1A02" = 0
"1A03" = 0
"1A04" = 3
"1A05" = 1
"1A06" = 0
"1C00" = 65536
"2000" = 0
"2005" = 3
"2100" = 0
"2101" = 0
"2102" = 3
"2103" = 3
"2104" = 3
"2105" = 3
"2106" = 0
"2200" = 3
"2201" = 3
"2300" = 1
"2301" = 0
"2400" = 3
"2401" = 0
"2402" = 3
"2600" = 0
"2700" = 0
"2007" = 65536
"2107" = 3
"2708" = 3
"2709" = 3
"1812" = 1
"140A" = 0
"2302" = 3
"270B" = 3
"160B" = 0
"2701" = 0
"2702" = 0
"2703" = 3
"2704" = 0
"120B" = 3
"270C" = 0
"270D" = 3
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"2004" = 3
"2001" = 3
"1400" = 3
"1C00" = 0
"{AEBA21FA-782A-4A90-978D-B72164C80120}" = 1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 13 37 13 12 14 1A 15 39 [binary data]
"1A10" = 3
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}" = 1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 13 37 13 12 14 1A 15 39 [binary data]
"" =
"DisplayName" = Restricted sites
"PMDisplayName" = Restricted sites [Protected Mode]
"Description" = This zone contains Web sites that could potentially damage your computer or data.
"Icon" = inetcpl.cpl#00004481 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"LowIcon" = inetcpl.cpl#005426 -- [2014/02/06 05:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation)
"CurrentLevel" = 73728
"Flags" = 3
"1200" = 3
"2007" = 3

< End of report >
  • 0

Advertisements

#32
TheMattVid
Posted 13 March 2014 - 04:17 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL Extras logfile created on: 3/13/2014 6:05:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.58 Gb Available Physical Memory | 60.18% Memory free
11.90 Gb Paging File | 9.40 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 240.19 Gb Free Space | 52.94% Space Free | Partition Type: NTFS

Computer Name: TMV-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3481235227-1550051340-2648058792-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{C96DBB7A-9ADA-49A2-B616-3450983CE89A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{29785BEE-1BB3-4646-BFE3-CF3289AA8DA9}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57D75592-1B6E-1425-244B-11BCDC027707}" = Adobe Muse
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C678F94-F511-443E-B543-F26EA1471DE6}" = PCTDServiceActivation
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AdobeMuse" = Adobe Muse
"Audacity_is1" = Audacity 2.0.5
"Avast" = avast! Free Antivirus
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FileZilla Client" = FileZilla Client 3.7.3
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 3.23
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Out of the Park Baseball14" = Out of the Park Baseball 14
"Steam" = Steam
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"vEmotion" = vEmotion - VoIP audio assistant
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.2.2 beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3481235227-1550051340-2648058792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2014 7:05:42 PM | Computer Name = TMV-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2014 7:05:42 PM | Computer Name = TMV-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028

Error - 3/11/2014 7:05:42 PM | Computer Name = TMV-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028

Error - 3/11/2014 7:45:54 PM | Computer Name = TMV-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2014 7:45:54 PM | Computer Name = TMV-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2413897

Error - 3/11/2014 7:45:54 PM | Computer Name = TMV-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2413897

Error - 3/11/2014 8:10:33 PM | Computer Name = TMV-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 3/12/2014 4:47:04 PM | Computer Name = TMV-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2014 2:51:45 PM | Computer Name = TMV-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2014 5:59:22 PM | Computer Name = TMV-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/9/2014 10:55:58 PM | Computer Name = TMV-Laptop | Source = DCOM | ID = 10010
Description =

Error - 3/10/2014 8:57:00 PM | Computer Name = TMV-Laptop | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 3/10/2014 11:20:48 PM | Computer Name = TMV-Laptop | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 3/11/2014 5:12:56 PM | Computer Name = TMV-Laptop | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 3/11/2014 5:21:18 PM | Computer Name = TMV-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:19:17 PM on ?3/?11/?2014 was unexpected.

Error - 3/11/2014 5:23:43 PM | Computer Name = TMV-Laptop | Source = Service Control Manager | ID = 7022
Description = The Internet Connection Sharing (ICS) service hung on starting.

Error - 3/11/2014 8:09:03 PM | Computer Name = TMV-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:08:07 PM on ?3/?11/?2014 was unexpected.

Error - 3/12/2014 4:46:40 PM | Computer Name = TMV-Laptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \...\DR1.

Error - 3/13/2014 2:51:00 PM | Computer Name = TMV-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:50:28 PM on ?3/?12/?2014 was unexpected.

Error - 3/13/2014 5:58:26 PM | Computer Name = TMV-Laptop | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#33
Dakeyras
Posted 14 March 2014 - 04:55 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

1: Avast detected one bad thing. It was in Java, but I don't remember what the warning message was.

Probably detected something in the Java Cache. To be honest this software is a known security risk regardless the so called exploits have been rectified...

My friendly advice is if you do not actually use Java for anything merely uninstall the software. If you opt not to at the very least follow this advice:-

How to Disable Java in your Web Browser

2: I have successfully created the disc you wanted me to.

Good.

3: The proxy setting thing seems to be fixed, but I haven't had much time to test it, so i can't be sure that it is to this point. I will post another message if I discover that the problem is occurring again.

Actually it appears to be only partially rectified going from the new OTL log posted and the ProxyOverride setting is still hijacked. We will address this shortly...

4: One notable thing that I noticed is that when my laptop restarted after running the batch file, it asked if Skype had permission to bypass Windows Firewall. I selected to allow it to bypass it because I use Skype very often. Is it possible that Skype is the source of the proxy issues?

Not a cause for concern and or a problem, as the prior batch file I asked you to download and run reset the inbuilt Windows 7 Firewall back to its default status to err on the side of caution. I doubt Skype is the source of the on-going proxy issue and I actually use the software myself occasionally and have never encountered such a problem.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • Once the Scan has completed >> click on the Delete button >> then click on the Fix Proxy button.
  • Finally click on the Fix DNS button.
  • Then reboot(restart) your computer(ensure you do so).
  • Please post All RKreport.txt text files located on your desktop in your next reply.

  • 0

#34
TheMattVid
Posted 14 March 2014 - 06:14 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
A: You are indeed correct. The proxy problem is not fixed (before the use of RogueKiller).

B: Files:


File 1:



RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 03/14/2014 20:04:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 2 ¤¤¤
[Default][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][7][-] -> FOUND
[fbwuser][SUSP PATH] Best Buy pc app.lnk : C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][7][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Seagate ST95005620AS +++++
--- User ---
[MBR] abcaf1871948e4ac60d65758a9c83b32
[BSP] 1839e3e7073327e8a7b99dcba3e27b59 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464606 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954587136 | Size: 10833 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03142014_200417.txt >>



File 2:



RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 03/14/2014 20:04:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 2 ¤¤¤
[Default][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][7][-] -> DELETED
[fbwuser][SUSP PATH] Best Buy pc app.lnk : C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][7][-] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Seagate ST95005620AS +++++
--- User ---
[MBR] abcaf1871948e4ac60d65758a9c83b32
[BSP] 1839e3e7073327e8a7b99dcba3e27b59 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464606 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954587136 | Size: 10833 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03142014_200428.txt >>
RKreport[0]_S_03142014_200417.txt



File 3:



RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : ProxyFix -- Date : 03/14/2014 20:04:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555 [Country: (Private Address) (XX), City: (Private Address)]) -> DELETED
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_PR_03142014_200442.txt >>
RKreport[0]_D_03142014_200428.txt;RKreport[0]_S_03142014_200417.txt



File 4:



RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : DNSFix -- Date : 03/14/2014 20:04:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_DN_03142014_200451.txt >>
RKreport[0]_D_03142014_200428.txt;RKreport[0]_S_03142014_200417.txt
  • 0

#35
Dakeyras
Posted 15 March 2014 - 03:46 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Let proceed as follows shall we...

Check Hard Disk For Errors:

Download the attached hddcheck.bat below and save to your Desktop:-

Attached File  hddcheck.Bat   95bytes   243 downloads

Now right-click on hddcheck.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.
  • 0

#36
TheMattVid
Posted 15 March 2014 - 08:42 AM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
The type of the file system is NTFS.
Volume label is TI106167W0C.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
710 large file records processed.

0 bad file records processed.

0 EA records processed.

74 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
31607 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

475756543 KB total disk space.
225526852 KB in 377522 files.
191388 KB in 31608 indexes.
0 KB in bad sectors.
777339 KB in use by the system.
65536 KB occupied by the log file.
249260964 KB available on disk.

4096 bytes in each allocation unit.
118939135 total allocation units on disk.
62315241 allocation units available on disk.
  • 0

#37
Dakeyras
Posted 15 March 2014 - 02:26 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

The results of the Hard-Drive check are favourable so we can rule that out as the source for the unpredictable system crashes. Plus it appears malware is no longer a feasible source either.

Unfortunately what is denoted in the system errors re shutdown unexpected etc provides no event ID's and or explanation as too why...

So lets check if the following rectifies that as follows...

Run Windows 7 SRD:

Boot you machine up using the Windows 7 Startup Repair Disk you created.

  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed, run it again a further two times.
  • Upon completion of the third run, remove the SRD disc and then click on Restart
Note: Even if states nothing detected/repaired running it three times consecutively can at times implement some repairs even if not apparent etc.

Windows 7 - System File Checker:

  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue/Yes at the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • sfc /scannow
  • Then depress the Enter/Return key.
Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

Let myself know when completed the above and if any further issues remaining. We will then go from there, thank you.
  • 0

#38
TheMattVid
Posted 18 March 2014 - 04:02 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Boot you machine up using the Windows 7 Startup Repair Disk you created.


Should I do this upon a crash or just a regular startup? I will do it the next time it crashes, but you can let me know if I did it right later.
  • 0

#39
Dakeyras
Posted 19 March 2014 - 03:55 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Should I do this upon a crash or just a regular startup? I will do it the next time it crashes, but you can let me know if I did it right later.

No, just follow both sets of instructions as outlined in post #37 please...
  • 0

#40
TheMattVid
Posted 21 March 2014 - 03:36 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Step 37 has been completed. Here's where this leaves us:
-The system crashes, but it seems to be occurring less often.
-Even though I said that the freezing is fixed, it still occurs, but at a significantly smaller rate.
-The proxy settings seem to sometimes be enabled and sometimes be disabled depending on when I do it.

New problem:
-It seems like Internet settings aren't automatically on. Upon start-up of my laptop, it shows that no routers are detected, but when I hit "F8" to go over wireless settings, and set it to "All On", all the routers in my area are detected and shown in the list. This is also the case when I close the screen for my laptop and open it to use it again.

Other problems that my computer has always had, but I have not yet mentioned.
-The built in webcam never functioned. After trying to install drivers for this multiple times, there has been no success. I do not mind, as I bought an external webcam recently.
-Back when I got my laptop, there was always a message that said something like "Motion detected, moving hard drive to a safer place". I disabled this message from occurring since it happened so often.
  • 0

Advertisements

#41
Dakeyras
Posted 21 March 2014 - 06:51 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

The proxy settings seem to sometimes be enabled and sometimes be disabled depending on when I do it.

OK lets check if a update to IE10 makes any difference...

All else you mentioned has been acknowledged, it may just be I will be unable to rectify as primarily I only provide Anti-Malware support. Anyway lets proceed as follows shall we...

Update to IE10:

Download and install IE10 from here. Let myself know if still any problems proxy related afterwards.

Norman Malware Cleaner:

Please download Norman Malware Cleaner and save it to your Desktop.

Alternate download location here.

  • Right-click on Norman_Malware_Cleaner.exe and select Run as Administrator >> Accept.
  • Click on the Options tab >> General Options and deselect the following:
Enable Norman Protection Community
  • Now click on Cleaning Options and deselect the following:
Enable Cleaning
Quarantine objects before cleaning
  • Click on Apply >> then the Scan tab >> ensure the Quick scan is selected only.
  • Then click on Start
  • Once the scan has completed a log will be created on your desktop named: NFix_Year-Month-Day-Time.Log
  • Click on the Quit tab.
  • Post the aforementioned log in your next reply

  • 0

#42
TheMattVid
Posted 24 March 2014 - 06:57 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Norman Malware Cleaner v2.08.08
Copyright © 1990 - 2013, Norman Shark AS.
 
Norman Scanner Engine Version: 7.02.06
nvcbin.def: Version: 7.02.7512, Date: 2014/03/24 01:42:22, Variants: 27183986
 
Operating System: Windows 7 Service Pack 1 x64
 
Switches: /iagree /noclean /noquarantine
 
Scan started: 2014/03/24 20:54:31
 
Running pre-scan cleanup routine...
 
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s
 
Scanning running processes and process memory...
 
Number of files found: 580
Number of objects found: 4718
Number of objects scanned: 4718
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 23s
 
Scanning system for FakeAV...
 
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s
 
Running quick scan...
C:\windows\System32\ivireg.ivr: Error opening file for read: 0x00000020
C:\windows\SysWOW64\log.txt: Error opening file for read: 0x00000020
 
Number of files found: 6402
Number of archives unpacked: 2
Number of objects found: 6404
Number of objects scanned: 6402
Number of objects not scanned: 2
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 2m 2s
 
Running post-scan cleanup routine...
 
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s
 
Results:
Total number of files found: 6982
Total number of archives unpacked: 2
Total number of objects found: 11122
Total number of objects scanned: 11120
Total number of objects not scanned: 2
Total number of malicious objects found: 0
Total scanning time: 2m 25s

  • 0

#43
TheMattVid
Posted 24 March 2014 - 06:58 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Also, I was told on attempt of download that I was already using the latest version of Internet Explorer. Proxy-related problems are still occuring.


  • 0

#44
Dakeyras
Posted 25 March 2014 - 04:40 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Any particular reason why the constant prolonged delays between your response's ? Specifically...

1 - Is this due to connectivity issues.

2 - Does anyone else have access to your laptop.

3 - Do you regularly connect you machine to other networks apart from your own.

4 - Can you confirm for myself that the ISP in constant use is Verizon.

Reason asking is I am trying my best to narrow down what exactly is the root cause of this on-going proxy problem because at this juncture it does not appear to be malware related.
 

Also, I was told on attempt of download that I was already using the latest version of Internet Explorer.

So you do, my apologies about that. It does indeed appear your machine has Internet Explorer v11 installed.
 

Proxy-related problems are still occuring.

Acknowledged. Going back to this you mentioned prior:-
 

It seems like Internet settings aren't automatically on. Upon start-up of my laptop, it shows that no routers are detected, but when I hit "F8" to go over wireless settings, and set it to "All On", all the routers in my area are detected and shown in the list. This is also the case when I close the screen for my laptop and open it to use it again.

Are you actively using the Hotspot Shield software ? If so disable the software and or temp' uninstall and see if you can manually remove the proxy override, then...

Scan with MiniToolBox:

Please download MiniToolBox and save to your desktop.
  • Right-click on MiniToolBox.exe and select Run as Administrator to start the program.
  • Select the following checkboxes only:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer Errors
  • Now click on the Go button and post the result (Result.txt) in your next reply.
Also use your machine online and check if the proxy returns or not etc.
  • 0

#45
TheMattVid
Posted 25 March 2014 - 04:08 PM

TheMattVid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Late replies have been due to my busy schedule. I spend hours after school because of my involvement in my school's musical. Along with this, I balance 10 other clubs, my homework, 4 AP classes, and many other activities.

 

1 - Is what due to connectivity issues? I have always suspected that my connection is a little flaky. I did a ping test to check the connection between my laptop and my router about a month ago. Every few numbers would be around 90, but the rest would be 1, so there may be something flaky with the connection.

 

2 - Nobody else has access to my laptop.

 

3 - I do not normally connect to other networks. The only time I have connected to a network other than my own was at my aunt's house last summer.

 

4 - I can indeed confirm that my ISP is Verizon.

 

I will now uninstall Hotspot Shield. I used to use it as a VPN when I felt that I needed the extra protection from people seeing my IP address, but I no longer feel that it is needed. I have always had the VPN disabled, but not the program itself, so this is a possible source of the issue.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP