Solved Live Security Platinum + BSOD

J

_Jim_

Posts: 18   +0
Hello, hopefully this is the correct sub-forum.

My computer was infected yesturday by Live Security Platinum. I could tell this was a rouge-antivirus, so I followed the shortcut and removed the exe and other files within the file it created in appdata. I then tried to run malwarebytes and I was hit by a BSOD. I let it restart and the same thing occurred, right after windows loaded. Unable to even see the login screen it rebooted and I tried safe mode, the same problem.

I looked for some help using windows XP (duel boot) and set up a Kaspersky Recovery Disk. I am now using it to run a deep scan of my entire partition. I checked the registries manually looking to find any remaining trace of Live Security Platinum and could not find anything.

After viewing a similar topic on this forum I was concerned I took the wrong course of action.
Any help would be greatly appreciated. Thanks!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

What Windows version is it?
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Ok, thank you, I'll do that once the Kaspersky scan is complete? I might also have a system restore point if that's of any use, I didn't use it first as I wanted to try a remove everything.
 
Here you go:
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 02-08-2012 20:43:50
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9057608 2011-05-09] (COMODO)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]
HKLM-x32\...\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" [147456 2007-11-20] (Razer USA Ltd.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Jimmy\...\Run: [AdobeBridge] [x]
HKU\Jimmy\...\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [487424 2010-10-14] (Gadwin Systems, Inc)
HKU\Jimmy\...\Run: [] [x]
HKU\Jimmy\...\Run: [Akamai NetSession Interface] "C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Jimmy\...\Run: [Google Update] "C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-08] (Google Inc.)
HKU\Jimmy\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [667920 2012-03-22] (SANDBOXIE L.T.D)
HKU\Jimmy\...\Policies\system: [NoDispCPL] 0
HKU\Jimmy\...\Policies\system: [NoDispAppearancePage] 0
HKU\Jimmy\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Jimmy\...\Policies\system: [NoDispScrSavPage] 0
HKU\Jimmy\...\Policies\system: [NoDispSettingsPage] 0
HKU\Jimmy\...\Policies\system: [NoColorChoice] 0
HKU\Jimmy\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Jimmy\...\Policies\system: [DisableLockWorkstation] 0
HKU\Jimmy\...\Policies\system: [DisableChangePassword] 0
HKU\Jimmy\...\Policies\system: [HideLogonScripts] 0
HKU\Jimmy\...\Policies\system: [HideLogoffScripts] 0
HKU\Jimmy\...\Policies\system: [HideLegacyLogonScripts] 0
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
AppInit_DLLs: C:\Windows\system32\guard64.dll
Startup: C:\Users\Jimmy\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AMD FUEL Service; C:\Program Files (x86)\ATI Cayalyst\ATI.ACE\Fuel\Fuel.Service.exe /launchService [365568 2011-03-08] (Advanced Micro Devices, Inc.)
2 AMD Reservation Manager; "C:\Program Files (x86)\ATI Cayalyst\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-16] (Advanced Micro Devices)
4 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [161080 2011-05-25] (COMODO)
2 cmdagent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2506472 2011-05-09] (COMODO)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-11] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-11-08] (LogMeIn, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
4 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
4 mi-raysat_3dsmax2012_64; "C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [86016 2011-02-22] ()
4 mitsijm2012; "C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe" [848184 2010-12-07] (Autodesk, Inc.)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-29] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-07] ()
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [97552 2012-03-22] (SANDBOXIE L.T.D)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-29] (Microsoft Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
4 WUSB54GSCSVC; "C:\Program Files (x86)\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe" [x]

========================== Drivers (Whitelisted) =============

1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [24560 2009-07-07] (Cyberlink Co.,Ltd.)
2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [372720 2009-07-07] (CyberLink Corporation.)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [252344 2011-05-02] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [41712 2011-05-02] (COMODO)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [92688 2011-05-07] (COMODO)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-09-17] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-09-17] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-09-17] (LogMeIn, Inc.)
3 Lycosa; C:\Windows\System32\Drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
4 MySQL; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL [8918 2011-03-27] ()
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [115200 2010-10-15] (Razer USA Ltd)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [155136 2012-07-10] (SANDBOXIE L.T.D)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-12] (Prolific Technology Inc.)
2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2010-12-03] ()
3 WinVd32; \??\C:\Windows\WinVd32.sys [197728 2010-12-03] ()
2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
3 ALSysIO; \??\C:\Users\Jimmy\AppData\Local\Temp\ALSysIO64.sys [x]
3 AODDriver4.0; \??\C:\Program Files (x86)\ATI Cayalyst\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
4 LMIRfsClientNP; [x]
3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-02 20:43 - 2012-08-02 20:43 - 00000000 ____D C:\FRST
2012-08-01 16:28 - 2012-08-01 16:04 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jimmy\Desktop\tdsskiller.exe
2012-08-01 16:07 - 2012-08-01 16:07 - 00000506 ____A C:\Users\Jimmy\Desktop\Shortcut to Desktop.lnk
2012-08-01 12:20 - 2012-08-01 12:20 - 00006377 ____A C:\Users\Jimmy\Downloads\SafeBoot.zip
2012-08-01 07:17 - 2012-08-01 07:17 - 00002024 ____A C:\Users\Jimmy\Desktop\Live Security Platinum.lnk
2012-08-01 07:17 - 2012-08-01 07:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-01 07:14 - 2012-08-01 16:08 - 00000000 ____D C:\Users\All Users\0C1D1732004E8D06B940E6384F147C45
2012-08-01 06:47 - 2012-08-01 06:47 - 00000000 ____D C:\Program Files\MATLAB
2012-07-31 11:05 - 2012-07-31 11:05 - 00000000 ____D C:\Program Files (x86)\DDS Viewer
2012-07-31 10:59 - 2012-06-20 16:07 - 00007254 ___RA C:\Users\Jimmy\Desktop\LocaleData.xml
2012-07-31 10:58 - 2012-07-31 10:58 - 00000000 ____D C:\Users\Jimmy\Desktop\war mage
2012-07-31 10:51 - 2012-07-31 10:54 - 00007802 ____A C:\Users\Jimmy\Desktop\game.cfg
2012-07-31 09:12 - 2012-07-31 09:40 - 00000000 ____D C:\Users\Jimmy\Documents\Shiner
2012-07-31 09:12 - 2012-07-31 09:12 - 00000000 ____D C:\Users\Jimmy\AppData\Local\FLT
2012-07-31 08:48 - 2012-07-31 08:48 - 00002192 ____A C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
2012-07-31 08:38 - 2012-07-31 15:13 - 00000000 ____D C:\Program Files (x86)\Orcs Must Die 2
2012-07-31 06:37 - 2012-07-31 06:57 - 00000000 ____D C:\Program Files (x86)\Sauerbraten
2012-07-31 05:56 - 2012-07-31 07:37 - 00000000 ____D C:\Users\Jimmy\Downloads\Orcs_Must_Die_2-FLT
2012-07-18 18:52 - 2012-07-18 18:52 - 06311736 ____A C:\Users\Jimmy\Desktop\Wedsite-Return-v3.zip
2012-07-18 18:48 - 2012-07-18 18:49 - 00000000 ____D C:\Users\Jimmy\Desktop\Wedsite-Return-v3
2012-07-18 17:53 - 2012-07-18 17:53 - 00026112 ____A C:\Users\Jimmy\Desktop\p1.htm
2012-07-18 17:48 - 2012-07-18 17:49 - 00000000 ____D C:\Users\Jimmy\Desktop\nivo
2012-07-18 17:45 - 2012-07-18 17:45 - 00000000 ____D C:\Users\Jimmy\Desktop\nivo-slider
2012-07-18 17:28 - 2012-07-18 17:28 - 00013565 ____A C:\Users\Jimmy\Desktop\support.dev7studios.com.htm
2012-07-17 17:20 - 2012-07-17 17:20 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\runic games
2012-07-17 17:06 - 2012-07-17 17:06 - 00000000 ____D C:\Program Files (x86)\Runic Games
2012-07-17 16:41 - 2012-07-17 17:11 - 00000000 ____D C:\Users\Jimmy\Downloads\Torchlight v1.15
2012-07-15 16:07 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-15 16:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-15 16:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-15 16:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-15 16:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-15 16:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-15 16:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-15 16:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-15 16:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-15 16:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-15 16:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-15 16:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-15 16:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-15 16:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-15 16:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-15 16:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-15 16:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-15 16:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-15 16:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-15 16:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-15 16:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-15 16:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-15 16:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-15 16:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-15 16:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-15 16:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-15 16:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-15 16:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-15 16:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 16:34 - 2012-07-12 16:35 - 00000000 ____D C:\Program Files\Unlocker
2012-07-12 16:27 - 2012-07-12 16:27 - 00000693 ____A C:\rkill.log
2012-07-12 16:26 - 2012-07-12 16:26 - 01012656 ____A C:\Users\Jimmy\Desktop\iExplore.exe
2012-07-12 09:57 - 2012-07-12 09:57 - 00000000 ____D C:\Program Files (x86)\RazorGamer
2012-07-12 09:56 - 2012-07-12 09:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\ShamrockSpringSA
2012-07-12 09:56 - 2012-07-12 09:56 - 00000000 ____A C:\Users\All Users\7576abcb0eaf63903e278cdf74aa186a_c
2012-07-11 15:22 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 15:22 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 15:22 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 15:22 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 15:22 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 15:22 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 15:22 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 15:22 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 15:22 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 15:22 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 15:22 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 15:22 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 15:22 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 15:22 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 15:22 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 23:03 - 2012-07-10 23:04 - 00002054 ____A C:\Users\Jimmy\Desktop\Stop_All.bat.lnk
2012-07-10 22:26 - 2012-07-10 22:45 - 00002041 ____A C:\Users\Jimmy\Desktop\Lucozade.lnk
2012-07-10 22:18 - 2012-07-10 22:19 - 00000000 ____D C:\Users\Jimmy\Desktop\Launch Idle
2012-07-10 22:07 - 2012-07-13 15:59 - 00000000 ____D C:\Users\Jimmy\Documents\Steam
2012-07-10 19:44 - 2012-07-10 19:44 - 00000220 ____A C:\Users\Jimmy\Desktop\Source Filmmaker.url
2012-07-10 19:23 - 2012-07-10 19:23 - 00000000 ____D C:\Users\Jimmy\Downloads\Sandboxie 3.66 (x64) Cracked{H33T}{Easypath}
2012-07-10 16:51 - 2012-07-10 16:51 - 00000000 ___RD C:\Sandbox
2012-07-10 16:50 - 2012-07-31 18:13 - 00008694 ____A C:\Windows\Sandboxie.ini
2012-07-10 16:49 - 2012-07-10 16:49 - 00000000 ____D C:\Program Files\Sandboxie
2012-07-10 06:15 - 2012-07-10 06:15 - 32743973 ____A C:\Users\Jimmy\Desktop\Survival_Games.zip
2012-07-10 06:11 - 2012-07-10 06:12 - 00000000 ____D C:\Users\Jimmy\Desktop\Survival_Games
2012-07-10 06:10 - 2012-07-10 06:12 - 00000000 ____D C:\Users\Jimmy\Desktop\Survival Games 3
2012-07-07 15:39 - 2012-07-07 15:39 - 00000222 ____A C:\Users\Jimmy\Desktop\Super Monday Night Combat.url
2012-07-07 08:46 - 2012-07-16 10:29 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-07 08:46 - 2012-07-14 09:19 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-07 08:46 - 2012-07-07 09:04 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-07 08:46 - 2012-07-07 08:46 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-07 08:46 - 2012-07-07 08:39 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-07 08:25 - 2012-07-07 08:25 - 00000222 ____A C:\Users\Jimmy\Desktop\Blacklight Retribution.url
2012-07-07 08:10 - 2012-07-07 08:11 - 00000874 ____A C:\Users\Jimmy\Desktop\Diablo III - Copy.lnk
2012-07-07 07:50 - 2012-07-07 07:50 - 00002807 ____A C:\Windows\System32\Drivers\etc\hosts.bck
2012-07-07 07:37 - 2012-07-07 07:50 - 00000000 ____D C:\Mooege
2012-07-06 08:52 - 2012-07-06 08:53 - 00221169 ____A C:\Users\Jimmy\Desktop\redstone.rar
2012-07-04 15:59 - 2012-07-04 16:00 - 04084573 ____A C:\Users\Jimmy\Desktop\Wedsite-Return.zip
2012-07-04 15:59 - 2012-07-04 15:59 - 22052779 ____A C:\Users\Jimmy\Desktop\Wedsite.zip
2012-07-04 15:40 - 2012-07-18 18:27 - 00000000 ____D C:\Users\Jimmy\Desktop\Wedsite-Return-v2
2012-07-04 14:02 - 2012-07-07 07:50 - 00000000 ___AD C:\Users\Jimmy\Desktop\for Jim


============ 3 Months Modified Files ========================

2012-08-01 16:07 - 2012-08-01 16:07 - 00000506 ____A C:\Users\Jimmy\Desktop\Shortcut to Desktop.lnk
2012-08-01 16:04 - 2012-08-01 16:28 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jimmy\Desktop\tdsskiller.exe
2012-08-01 16:03 - 2012-06-02 14:28 - 00001753 ____A C:\Users\Jimmy\Desktop\Technic.lnk
2012-08-01 12:20 - 2012-08-01 12:20 - 00006377 ____A C:\Users\Jimmy\Downloads\SafeBoot.zip
2012-08-01 07:21 - 2010-11-03 06:23 - 402830660 ____A C:\Windows\MEMORY.DMP
2012-08-01 07:17 - 2012-08-01 07:17 - 00002024 ____A C:\Users\Jimmy\Desktop\Live Security Platinum.lnk
2012-08-01 07:17 - 2010-08-11 11:53 - 01644489 ____A C:\Windows\WindowsUpdate.log
2012-08-01 07:13 - 2011-05-14 14:42 - 00000440 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-08-01 06:51 - 2012-06-08 09:26 - 00002458 ____A C:\Users\Jimmy\Desktop\Google Chrome.lnk
2012-08-01 06:51 - 2012-06-08 09:25 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000UA.job
2012-08-01 06:46 - 2012-03-30 16:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-01 06:46 - 2009-07-13 20:51 - 00137591 ____A C:\Windows\setupact.log
2012-07-31 19:35 - 2012-06-08 09:25 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000Core.job
2012-07-31 18:13 - 2012-07-10 16:50 - 00008694 ____A C:\Windows\Sandboxie.ini
2012-07-31 10:54 - 2012-07-31 10:51 - 00007802 ____A C:\Users\Jimmy\Desktop\game.cfg
2012-07-31 08:51 - 2010-08-15 12:08 - 00295693 ____A C:\Windows\DirectX.log
2012-07-31 08:48 - 2012-07-31 08:48 - 00002192 ____A C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
2012-07-31 04:43 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 04:43 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 04:34 - 2011-06-04 14:45 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2012-07-31 04:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 18:52 - 2012-07-18 18:52 - 06311736 ____A C:\Users\Jimmy\Desktop\Wedsite-Return-v3.zip
2012-07-18 18:25 - 2010-09-22 12:28 - 00001456 ____A C:\Users\Jimmy\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-07-18 17:53 - 2012-07-18 17:53 - 00026112 ____A C:\Users\Jimmy\Desktop\p1.htm
2012-07-18 17:28 - 2012-07-18 17:28 - 00013565 ____A C:\Users\Jimmy\Desktop\support.dev7studios.com.htm
2012-07-16 13:26 - 2009-07-13 20:45 - 05115928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-16 10:29 - 2012-07-07 08:46 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-16 10:29 - 2011-12-17 18:02 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-14 09:19 - 2012-07-07 08:46 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-14 05:42 - 2010-08-10 18:25 - 00557130 ____A C:\Windows\PFRO.log
2012-07-12 16:27 - 2012-07-12 16:27 - 00000693 ____A C:\rkill.log
2012-07-12 16:26 - 2012-07-12 16:26 - 01012656 ____A C:\Users\Jimmy\Desktop\iExplore.exe
2012-07-12 11:58 - 2009-07-13 21:13 - 00876274 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 09:56 - 2012-07-12 09:56 - 00000000 ____A C:\Users\All Users\7576abcb0eaf63903e278cdf74aa186a_c
2012-07-11 08:20 - 2011-03-27 14:58 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 08:20 - 2011-03-27 14:58 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 08:20 - 2011-03-27 14:58 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-10 23:04 - 2012-07-10 23:03 - 00002054 ____A C:\Users\Jimmy\Desktop\Stop_All.bat.lnk
2012-07-10 22:58 - 2012-02-06 15:04 - 00000969 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-10 22:45 - 2012-07-10 22:26 - 00002041 ____A C:\Users\Jimmy\Desktop\Lucozade.lnk
2012-07-10 21:39 - 2012-06-12 10:36 - 00001164 ____A C:\Users\Jimmy\Desktop\Minecraft Server.lnk
2012-07-10 19:44 - 2012-07-10 19:44 - 00000220 ____A C:\Users\Jimmy\Desktop\Source Filmmaker.url
2012-07-10 19:07 - 2012-07-01 05:16 - 00000410 ____A C:\Users\Jimmy\Desktop\Steam Accounts.txt
2012-07-10 06:15 - 2012-07-10 06:15 - 32743973 ____A C:\Users\Jimmy\Desktop\Survival_Games.zip
2012-07-09 04:28 - 2012-07-08 15:05 - 00002236 ____A C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
2012-07-08 15:12 - 2010-09-23 14:10 - 00862898 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-07 23:07 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-07 15:39 - 2012-07-07 15:39 - 00000222 ____A C:\Users\Jimmy\Desktop\Super Monday Night Combat.url
2012-07-07 09:04 - 2012-07-07 08:46 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-07 08:39 - 2012-07-07 08:46 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-07 08:25 - 2012-07-07 08:25 - 00000222 ____A C:\Users\Jimmy\Desktop\Blacklight Retribution.url
2012-07-07 08:11 - 2012-07-07 08:10 - 00000874 ____A C:\Users\Jimmy\Desktop\Diablo III - Copy.lnk
2012-07-07 07:50 - 2012-07-07 07:50 - 00002807 ____A C:\Windows\System32\Drivers\etc\hosts.bck
2012-07-06 08:53 - 2012-07-06 08:52 - 00221169 ____A C:\Users\Jimmy\Desktop\redstone.rar
2012-07-04 16:00 - 2012-07-04 15:59 - 04084573 ____A C:\Users\Jimmy\Desktop\Wedsite-Return.zip
2012-07-04 15:59 - 2012-07-04 15:59 - 22052779 ____A C:\Users\Jimmy\Desktop\Wedsite.zip
2012-07-04 15:28 - 2010-08-15 13:29 - 00000132 ____A C:\Users\Jimmy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-02 08:15 - 2012-07-02 08:15 - 00716317 ____A C:\Users\Jimmy\Desktop\TRON.psd
2012-07-01 13:23 - 2012-07-01 13:23 - 00000219 ____A C:\Users\Jimmy\Desktop\Team Fortress 2 Beta.url
2012-07-01 06:01 - 2012-07-01 06:01 - 00003527 ____A C:\Users\Jimmy\Desktop\New Text Document.html
2012-07-01 05:15 - 2012-07-01 03:46 - 00000154 ____A C:\Users\Jimmy\Desktop\New Text Document.txt
2012-06-28 14:30 - 2012-06-28 14:30 - 08294454 ____A C:\Users\Jimmy\Desktop\ScreenShot184.bmp
2012-06-20 16:07 - 2012-07-31 10:59 - 00007254 ___RA C:\Users\Jimmy\Desktop\LocaleData.xml
2012-06-18 13:56 - 2010-08-21 12:49 - 00000132 ____A C:\Users\Jimmy\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-06-17 05:27 - 2012-06-16 07:05 - 00001129 ____A C:\Users\Jimmy\Desktop\minecraft.bat
2012-06-16 06:00 - 2011-03-16 11:21 - 00002530 ____A C:\Users\Jimmy\Documents\mcedit.ini
2012-06-16 05:59 - 2012-06-16 05:59 - 00001111 ____A C:\Users\Jimmy\Desktop\mcedit.lnk
2012-06-15 18:19 - 2012-06-15 17:50 - 00001290 ____A C:\Users\Jimmy\Desktop\Diablo III.lnk
2012-06-15 15:00 - 2012-06-15 15:01 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-15 15:00 - 2012-06-15 15:01 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-15 15:00 - 2012-06-15 15:01 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-15 15:00 - 2012-06-15 15:00 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-15 15:00 - 2012-06-15 15:00 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-11 19:02 - 2012-07-15 16:07 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 08:21 - 2012-06-09 08:21 - 00001170 ____A C:\Users\Jimmy\Desktop\BackTrack 5.0.vmcx - Shortcut.lnk
2012-06-08 21:30 - 2012-07-11 15:22 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 15:22 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 14:34 - 2012-05-27 06:02 - 00001853 ____A C:\Users\Jimmy\Desktop\Torchlight2.lnk
2012-06-05 21:50 - 2012-07-11 15:22 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 15:22 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 15:22 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 15:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 15:39 - 2012-06-05 14:55 - 00000502 ____A C:\Users\Jimmy\Documents\Untitled-1.html
2012-06-02 14:43 - 2012-06-02 14:43 - 00002030 ____A C:\Users\Jimmy\Desktop\Customize Fences.lnk
2012-06-02 14:19 - 2012-06-23 05:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 05:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 05:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 05:18 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 05:18 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 05:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 05:18 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-23 05:18 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-23 05:18 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-15 16:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-15 16:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-15 16:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:10 - 2011-03-31 13:09 - 00000600 ____A C:\Users\Jimmy\AppData\Roaming\winscp.rnd
2012-06-02 04:05 - 2012-07-15 16:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-15 16:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-15 16:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-15 16:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-15 16:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-15 16:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-15 16:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-15 16:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-15 16:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-15 16:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-15 16:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-15 16:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-15 16:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-15 16:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-15 16:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-15 16:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-15 16:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-15 16:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-15 16:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-15 16:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-15 16:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-15 16:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-15 16:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-15 16:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-15 16:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-11 15:22 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 15:22 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 15:22 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 15:22 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 15:22 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 15:22 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 15:22 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 15:22 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 15:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 15:14 - 2012-04-06 14:32 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-27 10:19 - 2012-05-05 13:40 - 00001456 ____A C:\Users\Jimmy\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-05-26 08:57 - 2012-04-01 15:21 - 00000132 ____A C:\Users\Jimmy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-05-23 07:41 - 2012-05-23 07:41 - 00001232 ____A C:\Users\Jimmy\Desktop\TeamSpeak 3 Client.lnk
2012-05-21 13:36 - 2011-03-27 14:58 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-13 14:48 - 2010-08-10 18:18 - 00151432 ____A C:\Users\Jimmy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-08 13:41 - 2011-01-04 07:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-05-05 07:15 - 2012-05-05 07:15 - 00002146 ____A C:\Users\Public\Desktop\Saints Row The Third.lnk


ZeroAccess:
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4}
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4}\@
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4}\L
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4}\U
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4}\U\00000001.@
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4}\U\800000cb.@

ZeroAccess:
C:\Users\Jimmy\AppData\Local\{e5853950-2679-4ecd-8064-76890aafb3b4}
C:\Users\Jimmy\AppData\Local\{e5853950-2679-4ecd-8064-76890aafb3b4}\@
C:\Users\Jimmy\AppData\Local\{e5853950-2679-4ecd-8064-76890aafb3b4}\L
C:\Users\Jimmy\AppData\Local\{e5853950-2679-4ecd-8064-76890aafb3b4}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8191.18 MB
Available physical RAM: 7305.4 MB
Total Pagefile: 8189.33 MB
Available Pagefile: 7312.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:540.68 GB) (Free:53.52 GB) NTFS
4 Drive g: (JIMS_DRIVE) (Removable) (Total:15.1 GB) (Free:7.15 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: () (Fixed) (Total:390.63 GB) (Free:202.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 10 MB
Disk 1 Online 15 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 31 KB
Partition 2 Primary 390 GB 203 MB
Partition 0 Extended 540 GB 390 GB
Partition 3 Logical 540 GB 390 GB

==================================================================================

Disk: 0
Partition 1
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y NTFS Partition 390 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 540 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G JIMS_DRIVE FAT32 Removable 15 GB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


==========================================================

Last Boot: 2012-07-09 11:36

======================= End Of Log ==========================

Do you mind if I was to edit this post and remove the log once the computer is sorted? I would just rather prefer it wasn't online, but it's only a preference if you disagree.
 
Please do NOT wrap logs in code brackets.

Do you mind if I was to edit this post and remove the log once the computer is sorted?
Click to expand...
You'll have to PM one of the mods when we're done here.

=====================================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    448 bytes · Views: 5
Here you go, thanks again for the quick responses:
---
ComboFix 12-07-31.04 - Jimmy 02/08/2012 22:54:11.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.8191.6333 [GMT 1:00]
Running from: c:\users\Jimmy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\7576abcb0eaf63903e278cdf74aa186a_c
c:\programdata\C565C0B89F.sys
c:\users\Jimmy\AppData\Local\assembly\tmp
c:\users\Jimmy\AppData\Local\ShamrockSpringSA
c:\users\Jimmy\AppData\Local\ShamrockSpringSA\bin\1.0.18.0\copyright.txt
c:\users\Jimmy\AppData\Local\ShamrockSpringSA\data\shamrockspringSA.dat
c:\users\Jimmy\AppData\Roaming\Adobe\shed
c:\users\Jimmy\AppData\Roaming\chrtmp
c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\Jimmy\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-03 04:43 . 2012-08-03 04:43 -------- d-----w- C:\FRST
2012-08-02 22:14 . 2012-08-02 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 15:17 . 2012-08-01 15:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-01 15:14 . 2012-08-02 00:08 -------- d-----w- c:\programdata\0C1D1732004E8D06B940E6384F147C45
2012-08-01 14:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E1CAE8C-3B49-4B13-A803-88417B51E8E6}\mpengine.dll
2012-08-01 14:47 . 2012-08-01 14:47 -------- d-----w- c:\program files\MATLAB
2012-07-31 19:05 . 2012-07-31 19:05 -------- d-----w- c:\program files (x86)\DDS Viewer
2012-07-31 17:12 . 2012-07-31 17:12 -------- d-----w- c:\users\Jimmy\AppData\Local\FLT
2012-07-31 16:38 . 2012-07-31 23:13 -------- d-----w- c:\program files (x86)\Orcs Must Die 2
2012-07-31 14:37 . 2012-07-31 14:57 -------- d-----w- c:\program files (x86)\Sauerbraten
2012-07-31 12:54 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-18 01:20 . 2012-07-18 01:20 -------- d-----w- c:\users\Jimmy\AppData\Roaming\runic games
2012-07-18 01:06 . 2012-07-18 01:06 -------- d-----w- c:\program files (x86)\Runic Games
2012-07-16 00:07 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 17:57 . 2012-07-12 17:57 -------- d-----w- c:\program files (x86)\RazorGamer
2012-07-11 00:51 . 2012-07-11 00:51 -------- d-----r- C:\Sandbox
2012-07-11 00:49 . 2012-07-11 00:49 -------- d-----w- c:\program files\Sandboxie
2012-07-08 23:13 . 2012-07-08 23:15 -------- d-----w- c:\programdata\RELOADED
2012-07-07 16:46 . 2012-07-16 18:29 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-07 16:46 . 2012-07-14 17:19 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-07 16:46 . 2012-07-07 17:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-07 16:46 . 2012-07-07 16:39 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-07 16:46 . 2012-07-07 16:46 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 18:29 . 2011-12-18 02:02 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-11 16:20 . 2011-03-27 22:58 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 16:20 . 2011-03-27 22:58 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 16:20 . 2011-03-27 22:58 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-15 23:00 . 2012-06-15 23:01 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-15 23:00 . 2012-06-15 23:01 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-15 23:00 . 2012-06-15 23:01 268744 ----a-w- c:\windows\system32\javaws.exe
2012-06-15 23:00 . 2012-06-15 23:00 189384 ----a-w- c:\windows\system32\javaw.exe
2012-06-15 23:00 . 2012-06-15 23:00 188872 ----a-w- c:\windows\system32\java.exe
2012-06-02 22:19 . 2012-06-23 13:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 13:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 13:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 13:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 13:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 13:19 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 13:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 13:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 13:18 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 11:58 . 2011-04-25 22:32 2480992 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-21 21:36 . 2011-03-27 22:58 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-20 12:57 . 2012-05-20 12:57 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-03-22 667920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 ALSysIO;ALSysIO;c:\users\Jimmy\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files (x86)\ATI Cayalyst\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-10-15 115200]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-09-15 18288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-26 1431888]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-20 8704]
R4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
R4 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-09-21 5788016]
R4 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files (x86)\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe WUSB54GSC.exe [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-07-07 24560]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-02 252344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-02 41712]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/06/04 21:14];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-03 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files (x86)\ATI Cayalyst\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\ATI Cayalyst\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-09-21 484720]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-03 10203648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-03 310784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:43]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000Core.job
- c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:25]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000UA.job
- c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 9057608]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B33AC0EF-9238-4C74-8BE9-1E8B833AD79E}\244584F6D65684572623D223255334: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B33AC0EF-9238-4C74-8BE9-1E8B833AD79E}\244584F6D65684572623D233153435: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\77puc4ow.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Jimmy\AppData\Local\Akamai\netsession_win.exe
SafeBoot-MsMpSvc
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Dynasty Warriors Online - c:\aeriagames\DynastyWarriorsOnline\Uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-ShiVa Server PLE - c:\program files (x86)\Stonetrip\ShiVa Server PLE\ShiVa Server PLE\ShiVa Server PLE-uninst.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe
AddRemove-shamrockspringSA - c:\users\Jimmy\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringUninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Jimmy\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{860AE7C9-7F9B-39A0-60DE-8C80884706F5}*]
"iamfgfpbofpkbdllci"=hex:6a,61,66,6d,6a,6e,6f,6a,61,64,62,6e,62,70,64,6f,67,6a,
6a,61,00,00
"hacfnkhmpebckmdj"=hex:6a,61,66,6d,6a,6e,6f,6a,61,64,62,6e,62,70,64,6f,67,6a,
6a,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{860AE7C9-7F9B-39A0-60DE-8C80884706F5}\InProcServer32*]
"jagfdcbbncojlhngkcdn"=hex:6a,61,66,6d,6a,6e,6f,6a,61,64,62,6e,62,70,64,6f,67,
6a,6a,61,00,df
"iagfnadjmopaaalbhg"=hex:6a,61,66,6d,6a,6e,6f,6a,61,64,62,6e,62,70,64,6f,67,6a,
6a,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Razer\Lycosa\razertra.exe
.
**************************************************************************
.
Completion time: 2012-08-02 23:25:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 22:25
.
Pre-Run: 57,097,625,600 bytes free
Post-Run: 58,575,622,144 bytes free
.
- - End Of File - - 7D8E230CDEA78F6EF3C167A8E699DCD0
 
Wow, sorry I completely forgot to add that. Just as a note: I attempted to run Firefox and it failed to open, using only 128K of memory I'm worried somethings hooked it into failing to run. Anyway, here you go:
---
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-02 22:42:17 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Jimmy\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge Value deleted successfully.
C:\Users\Jimmy\Desktop\Live Security Platinum.lnk moved successfully.
C:\Windows\Installer\{e5853950-2679-4ecd-8064-76890aafb3b4} moved successfully.
C:\Users\Jimmy\AppData\Local\{e5853950-2679-4ecd-8064-76890aafb3b4} moved successfully.

The operation completed successfully.

==== End of Fixlog ====
 
I suggest you reinstall Firefox.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RegNull::
[HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{860AE7C9-7F9B-39A0-60DE-8C80884706F5}*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{860AE7C9-7F9B-39A0-60DE-8C80884706F5}\InProcServer32*]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here you are my friend:
---
ComboFix 12-07-31.06 - Jimmy 04/08/2012 0:08.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.8191.6248 [GMT 1:00]
Running from: c:\users\Jimmy\Desktop\ComboFix.exe
Command switches used :: c:\users\Jimmy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 23:26 . 2012-08-03 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 04:43 . 2012-08-03 04:43 -------- d-----w- C:\FRST
2012-08-01 15:17 . 2012-08-01 15:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-01 15:14 . 2012-08-02 00:08 -------- d-----w- c:\programdata\0C1D1732004E8D06B940E6384F147C45
2012-08-01 14:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E1CAE8C-3B49-4B13-A803-88417B51E8E6}\mpengine.dll
2012-08-01 14:47 . 2012-08-01 14:47 -------- d-----w- c:\program files\MATLAB
2012-07-31 19:05 . 2012-07-31 19:05 -------- d-----w- c:\program files (x86)\DDS Viewer
2012-07-31 17:12 . 2012-07-31 17:12 -------- d-----w- c:\users\Jimmy\AppData\Local\FLT
2012-07-31 16:38 . 2012-07-31 23:13 -------- d-----w- c:\program files (x86)\Orcs Must Die 2
2012-07-31 15:57 . 2012-07-31 16:00 -------- d-----w- C:\D3Emu
2012-07-31 14:37 . 2012-07-31 14:57 -------- d-----w- c:\program files (x86)\Sauerbraten
2012-07-31 12:54 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-18 01:20 . 2012-07-18 01:20 -------- d-----w- c:\users\Jimmy\AppData\Roaming\runic games
2012-07-18 01:06 . 2012-07-18 01:06 -------- d-----w- c:\program files (x86)\Runic Games
2012-07-16 00:07 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 00:34 . 2012-07-13 00:35 -------- d-----w- c:\program files\Unlocker
2012-07-12 17:57 . 2012-07-12 17:57 -------- d-----w- c:\program files (x86)\RazorGamer
2012-07-11 00:51 . 2012-07-11 00:51 -------- d-----r- C:\Sandbox
2012-07-11 00:49 . 2012-07-11 00:49 -------- d-----w- c:\program files\Sandboxie
2012-07-08 23:13 . 2012-07-08 23:15 -------- d-----w- c:\programdata\RELOADED
2012-07-07 16:46 . 2012-07-16 18:29 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-07 16:46 . 2012-07-14 17:19 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-07 16:46 . 2012-07-07 17:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-07 16:46 . 2012-07-07 16:39 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-07 16:46 . 2012-07-07 16:46 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-05 17:45 . 2012-07-05 17:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 18:29 . 2011-12-18 02:02 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-11 16:20 . 2011-03-27 22:58 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 16:20 . 2011-03-27 22:58 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 16:20 . 2011-03-27 22:58 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-15 23:00 . 2012-06-15 23:01 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-15 23:00 . 2012-06-15 23:01 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-15 23:00 . 2012-06-15 23:01 268744 ----a-w- c:\windows\system32\javaws.exe
2012-06-15 23:00 . 2012-06-15 23:00 189384 ----a-w- c:\windows\system32\javaw.exe
2012-06-15 23:00 . 2012-06-15 23:00 188872 ----a-w- c:\windows\system32\java.exe
2012-06-02 22:19 . 2012-06-23 13:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 13:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 13:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 13:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 13:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 13:19 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 13:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 13:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 13:18 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 11:58 . 2011-04-25 22:32 2480992 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-21 21:36 . 2011-03-27 22:58 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-20 12:57 . 2012-05-20 12:57 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_22.17.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-11 02:41 . 2012-08-03 23:33 76310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-03 23:33 44990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-11 02:32 . 2012-08-03 23:33 32260 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3841411779-2212641540-3562038416-1000_UserData.bin
+ 2010-08-11 19:56 . 2012-08-03 22:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-11 19:56 . 2012-08-02 21:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-03 22:50 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 21:43 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-03 23:30 . 2012-08-03 23:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 22:16 . 2012-08-02 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 22:16 . 2012-08-02 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 23:30 . 2012-08-03 23:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-11 19:56 . 2012-08-03 22:50 163840 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-11 19:56 . 2012-08-02 21:43 163840 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2012-08-02 22:15 532128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-03 23:27 532128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-24 17:37 . 2012-08-03 23:27 4590692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3841411779-2212641540-3562038416-1000-12288.dat
+ 2012-08-02 22:42 . 2012-08-02 22:42 7643136 c:\windows\Installer\1c6c6.msi
- 2009-07-14 02:34 . 2012-08-01 15:08 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-08-03 23:10 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-03-22 667920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\Jimmy\IAG Remote Access Agent\wwwchurcherscollegeremotecom\churchersstaff1\uagqecsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 ALSysIO;ALSysIO;c:\users\Jimmy\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files (x86)\ATI Cayalyst\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-10-15 115200]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-09-15 18288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-26 1431888]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-20 8704]
R4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
R4 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-09-21 5788016]
R4 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files (x86)\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe WUSB54GSC.exe [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-07-07 24560]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-02 252344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-02 41712]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/06/04 21:14];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-03 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files (x86)\ATI Cayalyst\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\ATI Cayalyst\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-09-21 484720]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-03 10203648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-03 310784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:43]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000Core.job
- c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:25]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000UA.job
- c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 9057608]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B33AC0EF-9238-4C74-8BE9-1E8B833AD79E}\244584F6D65684572623D223255334: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B33AC0EF-9238-4C74-8BE9-1E8B833AD79E}\244584F6D65684572623D233153435: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\77puc4ow.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Razer\Lycosa\razertra.exe
.
**************************************************************************
.
Completion time: 2012-08-04 00:41:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 23:41
ComboFix2.txt 2012-08-02 22:25
.
Pre-Run: 57,029,902,336 bytes free
Post-Run: 56,547,868,672 bytes free
.
- - End Of File - - 425757E2F4EFDEAF4DDD35511C42A4E9
 
Good :)

Any current issues?

================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Here they are, had to post them in a maultiple because they are so long, I really hope you have an easier way of viewing these than I do.

=== Malwarebytes' Anti-Malware ===
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jimmy :: GAMINGMACHINE [administrator]

Protection: Enabled

04/08/2012 02:28:44 AM
mbam-log-2012-08-04 (02-28-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206279
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
=== OldTimer Listit ===
OTL logfile created on: 04/08/2012 02:33:04 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 71.81% Memory free
16.00 Gb Paging File | 13.57 Gb Available in Paging File | 84.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540.68 Gb Total Space | 52.57 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 97.18 Gb Free Space | 32.39% Space Free | Partition Type: NTFS
Drive I: | 20.00 Gb Total Space | 1.43 Gb Free Space | 7.14% Space Free | Partition Type: NTFS
Drive J: | 15.10 Gb Total Space | 7.14 Gb Free Space | 47.30% Space Free | Partition Type: FAT32

Computer Name: GAMINGMACHINE | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 02:29:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/08/02 22:47:56 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/07 18:04:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/10/14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 17:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/02 22:47:55 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/31 01:43:44 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2010/08/15 23:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lycosa\razertra.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld -- (MySQL)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/22 11:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/10/03 16:59:22 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/26 10:00:58 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/26 04:43:26 | 000,161,080 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2011/05/09 09:38:46 | 002,506,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdagent)
SRV:64bit: - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010/12/07 18:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Disabled | Stopped] -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV:64bit: - [2010/09/21 13:33:10 | 005,788,016 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/09/21 13:33:10 | 000,484,720 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/02 22:47:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 17:20:19 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 17:20:09 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/07 18:04:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/27 17:08:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/31 01:43:45 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/21 00:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/03/09 01:06:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\ATI Cayalyst\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\ATI Cayalyst\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/23 13:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/11 17:20:10 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/11 04:32:24 | 000,155,136 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/03 17:56:42 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/03 17:56:42 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/03 16:22:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/10/15 10:24:56 | 000,115,200 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/09/15 10:13:46 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/21 16:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/07 21:04:08 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009/07/07 21:04:06 | 000,372,720 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/12/04 00:12:20 | 000,197,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/08/28 18:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/04 21:14:34] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
=== OldTimers ListIt (Continued) ===
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 69 3D 73 00 71 CD 01 [binary data]
IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.6.0
FF - prefs.js..network.proxy.backup.ftp: "64.187.124.19"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "64.187.124.19"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "64.187.124.19"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "71-10-234-250.dhcp.oxfr.ma.charter.com"
FF - prefs.js..network.proxy.ftp_port: 6685
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "71-10-234-250.dhcp.oxfr.ma.charter.com"
FF - prefs.js..network.proxy.socks_port: 6685
FF - prefs.js..network.proxy.ssl: "71-10-234-250.dhcp.oxfr.ma.charter.com"
FF - prefs.js..network.proxy.ssl_port: 6685
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 22:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/25 21:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/25 21:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/08/21 12:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Extensions
[2010/08/21 12:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/03 23:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\77puc4ow.default\extensions
[2011/09/03 20:03:49 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\77puc4ow.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/06/21 16:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/02 23:43:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/12 00:12:28 | 000,108,965 | ---- | M] () (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\77PUC4OW.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE80}.XPI
[2012/08/02 22:47:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/13 00:36:18 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/18 19:05:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 19:05:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/04 00:31:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-48UKK.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = cfp.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = logmeinsystray.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = msseces.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = updaterstartuputility.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newadmin.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = newlock.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
 
=== OldTimers ListIt (Continued) ===
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = cfp.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = logmeinsystray.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = msseces.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = updaterstartuputility.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newadmin.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = newlock.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = cfp.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = logmeinsystray.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = msseces.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = updaterstartuputility.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = printscreen.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = netsession_win.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = dropbox.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7? = newadmin.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8? = newlock.exe
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1305408367931 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A99D95B7-9D0B-4CAA-AC8D-B8207C26AD8B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B33AC0EF-9238-4C74-8BE9-1E8B833AD79E}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/08 10:20:36 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/04/03 20:57:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sh4native Sh4Removal)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
=== OldTimers ListIt (Continued) ===

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 01:57:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\New folder
[2012/08/04 00:41:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 00:31:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/03 05:43:26 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/02 22:48:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/02 22:48:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/02 22:47:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 22:45:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/02 22:45:30 | 004,729,092 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\ComboFix.exe
[2012/08/02 01:28:37 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jimmy\Desktop\tdsskiller.exe
[2012/08/01 16:17:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/01 16:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D1732004E8D06B940E6384F147C45
[2012/08/01 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2012/07/31 20:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDS Viewer
[2012/07/31 20:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDS Viewer
[2012/07/31 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\war mage
[2012/07/31 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\FLT
[2012/07/31 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Shiner
[2012/07/31 17:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die 2
[2012/07/31 16:57:59 | 000,000,000 | ---D | C] -- C:\D3Emu
[2012/07/31 15:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sauerbraten
[2012/07/19 03:48:56 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\Wedsite-Return-v3
[2012/07/19 02:48:59 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\nivo
[2012/07/19 02:45:19 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\nivo-slider
[2012/07/18 02:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\runic games
[2012/07/18 02:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
[2012/07/18 02:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2012/07/13 01:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/07/13 01:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/07/12 18:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RazorGamer
[2012/07/11 07:18:59 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\Launch Idle
[2012/07/11 07:07:34 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Steam
[2012/07/11 04:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/07/11 01:51:25 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/07/11 01:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/07/10 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\Survival_Games
[2012/07/10 15:10:17 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\Survival Games 3
[2012/07/09 00:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/07/09 00:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame
[2012/07/09 00:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warlock.Master Of The Arcane.v 1.1.4.28 + 2 DLC
[2012/07/07 16:37:17 | 000,000,000 | ---D | C] -- C:\Mooege
[2011/03/20 14:28:56 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Users\Jimmy\AppData\Roaming\MSWINSCK.OCX
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Jimmy\*.tmp files -> C:\Users\Jimmy\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012/08/04 02:37:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 02:35:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000UA.job
[2012/08/04 02:28:03 | 000,711,240 | ---- | M] () -- C:\Windows\is-48UKK.exe
[2012/08/04 02:28:03 | 000,010,550 | ---- | M] () -- C:\Windows\is-48UKK.msg
[2012/08/04 02:28:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 02:28:03 | 000,000,459 | ---- | M] () -- C:\Windows\is-48UKK.lst
[2012/08/04 00:41:43 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 00:41:43 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 00:32:29 | 000,000,438 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/08/04 00:31:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/04 00:30:42 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/08/04 00:30:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 00:30:16 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 23:58:09 | 004,729,092 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\ComboFix.exe
[2012/08/03 01:08:12 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/08/03 01:08:12 | 000,000,704 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/02 22:48:09 | 000,002,048 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/02 01:07:14 | 000,000,506 | ---- | M] () -- C:\Users\Jimmy\Desktop\Shortcut to Desktop.lnk
[2012/08/02 01:04:51 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jimmy\Desktop\tdsskiller.exe
[2012/08/02 01:03:00 | 000,001,753 | ---- | M] () -- C:\Users\Jimmy\Desktop\Technic.lnk
[2012/08/01 16:21:28 | 402,830,660 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/01 15:51:32 | 000,002,458 | ---- | M] () -- C:\Users\Jimmy\Desktop\Google Chrome.lnk
[2012/08/01 04:35:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3841411779-2212641540-3562038416-1000Core.job
[2012/08/01 03:13:51 | 000,008,694 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/08/01 00:34:44 | 000,000,864 | ---- | M] () -- C:\Users\Jimmy\Desktop\MadCow.lnk
[2012/08/01 00:21:07 | 000,196,706 | ---- | M] () -- C:\Users\Jimmy\Desktop\2166280-sorceresswing.jpg
[2012/07/31 19:54:20 | 000,007,802 | ---- | M] () -- C:\Users\Jimmy\Desktop\game.cfg
[2012/07/31 17:48:29 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
[2012/07/19 03:52:36 | 006,311,736 | ---- | M] () -- C:\Users\Jimmy\Desktop\Wedsite-Return-v3.zip
[2012/07/19 03:25:30 | 000,001,456 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/19 02:53:56 | 000,026,112 | ---- | M] () -- C:\Users\Jimmy\Desktop\p1.htm
[2012/07/19 02:28:10 | 000,013,565 | ---- | M] () -- C:\Users\Jimmy\Desktop\support.dev7studios.com.htm
[2012/07/19 01:00:06 | 000,000,362 | ---- | M] () -- C:\Users\Jimmy\Desktop\bg.gif
[2012/07/16 22:26:40 | 005,115,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/16 19:29:05 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/16 19:29:05 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/16 00:47:17 | 000,216,145 | ---- | M] () -- C:\Users\Jimmy\Desktop\3872e0d7ef7538375d710a616a9a92aa1326566835_full.png
[2012/07/16 00:45:36 | 000,070,789 | ---- | M] () -- C:\Users\Jimmy\Desktop\637x358.jpg
[2012/07/15 01:14:13 | 000,053,275 | ---- | M] () -- C:\Users\Jimmy\Desktop\250px-Mining_Light.png
[2012/07/14 18:19:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/13 01:26:11 | 001,012,656 | ---- | M] () -- C:\Users\Jimmy\Desktop\iExplore.exe
[2012/07/12 20:58:03 | 000,876,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 20:58:03 | 000,735,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 20:58:03 | 000,152,718 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/11 17:20:10 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/11 17:20:10 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/11 17:20:09 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/11 08:04:34 | 000,002,054 | ---- | M] () -- C:\Users\Jimmy\Desktop\Stop_All.bat.lnk
[2012/07/11 07:58:48 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/11 07:45:36 | 000,002,041 | ---- | M] () -- C:\Users\Jimmy\Desktop\Lucozade.lnk
[2012/07/11 06:39:50 | 000,001,164 | ---- | M] () -- C:\Users\Jimmy\Desktop\Minecraft Server.lnk
[2012/07/11 06:37:05 | 000,166,496 | ---- | M] () -- C:\Users\Jimmy\Desktop\masterLucozade__Yes__bottles.jpg
[2012/07/11 04:44:55 | 000,000,220 | ---- | M] () -- C:\Users\Jimmy\Desktop\Source Filmmaker.url
[2012/07/11 01:49:17 | 000,000,896 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/07/10 15:15:37 | 032,743,973 | ---- | M] () -- C:\Users\Jimmy\Desktop\Survival_Games.zip
[2012/07/09 13:28:10 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
[2012/07/09 00:12:22 | 000,862,898 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/08 00:39:10 | 000,000,222 | ---- | M] () -- C:\Users\Jimmy\Desktop\Super Monday Night Combat.url
[2012/07/07 18:04:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/07 17:39:08 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/07 17:25:32 | 000,000,222 | ---- | M] () -- C:\Users\Jimmy\Desktop\Blacklight Retribution.url
[2012/07/07 17:11:37 | 000,000,874 | ---- | M] () -- C:\Users\Jimmy\Desktop\Diablo III - Copy.lnk
[2012/07/07 16:50:33 | 000,002,807 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bck
[2012/07/07 00:17:23 | 000,955,014 | ---- | M] () -- C:\Users\Jimmy\Desktop\p0jb2v0tfflcd1hf88b3mtqfe44ff771b53a967.jpg
[2012/07/06 23:54:48 | 000,429,571 | ---- | M] () -- C:\Users\Jimmy\Desktop\p0jb2v0tfflcd1hf88b3mtqfe44ff76baa921c4.jpg
[2012/07/06 23:46:17 | 000,217,998 | ---- | M] () -- C:\Users\Jimmy\Desktop\4chan1326609667013.jpg
[2012/07/06 17:53:11 | 000,221,169 | ---- | M] () -- C:\Users\Jimmy\Desktop\redstone.rar
[2012/07/05 17:57:34 | 000,078,542 | ---- | M] () -- C:\Users\Jimmy\Desktop\caroline.jpg
[2012/07/05 17:56:37 | 000,007,506 | ---- | M] () -- C:\Users\Jimmy\Desktop\4784af129a755ac3a3e7bb1108927afc07e9b930_full.jpg
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Jimmy\*.tmp files -> C:\Users\Jimmy\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012/08/04 02:28:03 | 000,711,240 | ---- | C] () -- C:\Windows\is-48UKK.exe
[2012/08/04 02:28:03 | 000,010,550 | ---- | C] () -- C:\Windows\is-48UKK.msg
[2012/08/04 02:28:03 | 000,000,459 | ---- | C] () -- C:\Windows\is-48UKK.lst
[2012/08/03 01:08:12 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/08/03 01:08:12 | 000,000,704 | ---- | C] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/02 22:50:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/02 22:48:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/02 22:48:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/02 22:48:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/02 22:48:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/02 01:07:14 | 000,000,506 | ---- | C] () -- C:\Users\Jimmy\Desktop\Shortcut to Desktop.lnk
[2012/08/01 00:21:07 | 000,196,706 | ---- | C] () -- C:\Users\Jimmy\Desktop\2166280-sorceresswing.jpg
[2012/07/31 19:59:10 | 000,007,254 | R--- | C] () -- C:\Users\Jimmy\Desktop\LocaleData.xml
[2012/07/31 19:51:34 | 000,007,802 | ---- | C] () -- C:\Users\Jimmy\Desktop\game.cfg
[2012/07/31 17:48:29 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
[2012/07/19 03:52:35 | 006,311,736 | ---- | C] () -- C:\Users\Jimmy\Desktop\Wedsite-Return-v3.zip
[2012/07/19 02:53:55 | 000,026,112 | ---- | C] () -- C:\Users\Jimmy\Desktop\p1.htm
[2012/07/19 02:28:08 | 000,013,565 | ---- | C] () -- C:\Users\Jimmy\Desktop\support.dev7studios.com.htm
[2012/07/19 01:00:04 | 000,000,362 | ---- | C] () -- C:\Users\Jimmy\Desktop\bg.gif
[2012/07/16 00:47:17 | 000,216,145 | ---- | C] () -- C:\Users\Jimmy\Desktop\3872e0d7ef7538375d710a616a9a92aa1326566835_full.png
[2012/07/16 00:45:36 | 000,070,789 | ---- | C] () -- C:\Users\Jimmy\Desktop\637x358.jpg
[2012/07/15 01:14:13 | 000,053,275 | ---- | C] () -- C:\Users\Jimmy\Desktop\250px-Mining_Light.png
[2012/07/13 01:26:17 | 001,012,656 | ---- | C] () -- C:\Users\Jimmy\Desktop\iExplore.exe
[2012/07/11 08:03:56 | 000,002,054 | ---- | C] () -- C:\Users\Jimmy\Desktop\Stop_All.bat.lnk
[2012/07/11 07:26:54 | 000,002,041 | ---- | C] () -- C:\Users\Jimmy\Desktop\Lucozade.lnk
[2012/07/11 06:37:05 | 000,166,496 | ---- | C] () -- C:\Users\Jimmy\Desktop\masterLucozade__Yes__bottles.jpg
[2012/07/11 04:44:55 | 000,000,220 | ---- | C] () -- C:\Users\Jimmy\Desktop\Source Filmmaker.url
[2012/07/11 01:50:51 | 000,000,896 | ---- | C] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/07/11 01:50:49 | 000,008,694 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/07/10 15:15:34 | 032,743,973 | ---- | C] () -- C:\Users\Jimmy\Desktop\Survival_Games.zip
[2012/07/09 00:05:26 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
[2012/07/08 00:39:10 | 000,000,222 | ---- | C] () -- C:\Users\Jimmy\Desktop\Super Monday Night Combat.url
[2012/07/07 17:46:30 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/07 17:46:30 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/07 17:46:22 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/07 17:46:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/07 17:25:32 | 000,000,222 | ---- | C] () -- C:\Users\Jimmy\Desktop\Blacklight Retribution.url
[2012/07/07 17:10:15 | 000,000,874 | ---- | C] () -- C:\Users\Jimmy\Desktop\Diablo III - Copy.lnk
[2012/07/07 00:17:22 | 000,955,014 | ---- | C] () -- C:\Users\Jimmy\Desktop\p0jb2v0tfflcd1hf88b3mtqfe44ff771b53a967.jpg
[2012/07/06 23:54:48 | 000,429,571 | ---- | C] () -- C:\Users\Jimmy\Desktop\p0jb2v0tfflcd1hf88b3mtqfe44ff76baa921c4.jpg
[2012/07/06 23:46:17 | 000,217,998 | ---- | C] () -- C:\Users\Jimmy\Desktop\4chan1326609667013.jpg
[2012/07/06 17:52:57 | 000,221,169 | ---- | C] () -- C:\Users\Jimmy\Desktop\redstone.rar
[2012/07/05 17:57:34 | 000,078,542 | ---- | C] () -- C:\Users\Jimmy\Desktop\caroline.jpg
[2012/07/05 17:56:37 | 000,007,506 | ---- | C] () -- C:\Users\Jimmy\Desktop\4784af129a755ac3a3e7bb1108927afc07e9b930_full.jpg
[2012/05/05 22:40:28 | 000,001,456 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/04/02 00:21:15 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/03/04 15:52:24 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/29 19:56:31 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{83EAE1DE-57A3-407C-B92E-787F0541C98C}
[2011/12/25 00:38:29 | 000,000,016 | ---- | C] () -- C:\Users\Jimmy\persistent_state
[2011/11/07 19:05:37 | 000,000,145 | ---- | C] () -- C:\Users\Jimmy\.appletviewer
[2011/10/06 18:48:26 | 203,258,417 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\THISONEJOE_TECHNIC_PACK.zip
[2011/10/03 12:53:16 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/07/11 19:29:23 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/06/09 21:38:42 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.1.lic
[2011/05/22 22:24:54 | 000,007,168 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 02:02:05 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2011/04/24 02:02:05 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011/04/24 01:50:17 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011/04/03 20:57:25 | 000,014,232 | ---- | C] () -- C:\Windows\SysWow64\sh4native.exe
[2011/03/31 22:09:25 | 000,000,600 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\winscp.rnd
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/08 18:48:40 | 000,000,550 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\Blpc.conf
[2011/01/08 17:59:57 | 000,000,811 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\MPQEditor.ini
[2010/12/22 20:14:33 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/12/04 00:12:20 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2010/12/04 00:12:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2010/11/27 00:34:28 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/12 21:16:00 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/12 21:15:58 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/09/27 22:25:28 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/23 23:10:49 | 000,862,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/22 21:28:13 | 000,001,456 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/22 21:26:59 | 000,162,588 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/05 21:43:57 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/21 21:49:17 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/20 02:26:36 | 000,025,375 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/08/16 23:01:24 | 000,013,669 | ---- | C] () -- C:\Windows\W3DemoUnin.dat
[2010/08/15 22:29:53 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/15 21:08:06 | 000,000,016 | ---- | C] () -- C:\Windows\guiinfo.dat
[2010/08/11 20:53:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/11 12:08:32 | 000,000,608 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/08/11 03:30:41 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\GTW32N50.dll

========== LOP Check ==========

[2012/07/07 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.minecraft
[2011/10/21 16:59:32 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.minecraft jim
[2011/11/18 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.minecraft old
[2012/01/09 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.minecraft TEKKIT
[2012/01/05 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.minecraft tekkit fail
[2012/01/12 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.minecraft TEKKIT2_broken
[2012/03/04 16:13:15 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.Nitrous
[2012/02/15 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.spoutcraft
[2011/09/03 03:26:23 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.spoutcraftLogs
[2012/08/01 02:53:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\.techniclauncher
[2011/07/31 00:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Audacity
[2012/04/01 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Autodesk
[2010/10/11 18:53:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\AVG10
[2010/08/19 08:38:13 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Azureus
[2012/03/05 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Blender Foundation
[2011/02/20 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\CEZEO software
[2010/08/20 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/14 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/09/12 00:36:33 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Downloads
[2012/08/04 00:43:37 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Dropbox
[2011/02/02 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\eTeks
[2012/06/07 03:20:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla
[2011/04/13 02:13:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Filter Forge 2
[2012/06/02 12:40:29 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FontCreator
[2011/10/19 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\GarageGames
[2011/05/27 17:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\GetRightToGo
[2010/11/15 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Independent
[2011/07/16 04:05:48 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Kalypso Media
[2012/01/07 08:05:59 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\LolClient
[2011/11/05 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Mael
[2011/05/13 18:38:54 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\MAXON
[2011/10/02 00:47:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\minecraft
[2011/10/09 21:41:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\minecraft-technic
[2011/07/29 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\minecraft_NPC
[2011/08/29 21:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Minecraft_orginal
[2012/07/11 04:20:27 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Mipony
[2011/09/20 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\MoreTerra
[2011/05/11 19:04:01 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mts
[2010/09/19 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\OpenOffice.org
[2012/06/02 13:02:18 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Opera
[2012/03/17 02:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PACE Anti-Piracy
[2012/03/31 03:34:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PDAppFlex
[2010/09/18 22:14:50 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PGP
[2010/12/18 23:04:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Progeny
[2011/01/04 16:48:37 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Publish Providers
[2011/05/28 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PunkBuster
[2011/09/14 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\pymclevel
[2010/12/15 16:43:03 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Raptr
[2012/02/21 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\RIFT
[2012/03/06 19:48:39 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\RotMG.Production
[2012/07/18 02:20:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\runic games
[2010/09/18 22:13:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\SmartDraw
[2011/05/21 09:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Sony
[2011/05/19 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Sony Creative Software Inc
[2011/07/29 02:02:37 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Spiral Graphics
[2012/01/05 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/06/02 23:43:18 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Stardock
[2010/11/13 00:18:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Stonetrip
[2010/12/16 01:59:32 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\TeamViewer
[2010/09/12 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\TGCStore
[2010/08/21 12:41:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Thunderbird
[2012/01/30 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Transcend Elite
[2012/05/23 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\TS3Client
[2012/05/23 16:46:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ts3overlay
[2012/06/02 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Ubisoft
[2012/03/17 02:18:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Unity
[2010/11/20 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Wings3D
[2011/10/09 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\World Machine 2.2 Basic
[2011/10/14 23:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\World Machine 2.2 Professional
[2012/07/08 08:07:01 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Jimmy\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Jimmy\Desktop\desktop.ini:gs5sys
@Alternate Data Stream - 1278 bytes -> C:\ProgramData\Microsoft:KFXUBdNnwo6Uvd8X1QXEDxueE
@Alternate Data Stream - 1260 bytes -> C:\Users\Jimmy\AppData\Local\Temp:ycvmRgdPHdhWvMf64tmjD
@Alternate Data Stream - 1197 bytes -> C:\Users\Jimmy\AppData\Local\Temp:CXRtXFh4OoPiRnZeoLq
@Alternate Data Stream - 1162 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:bbnGNLL3CpirjgoH3PYc3QGxQ
@Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:jcxP2SQi9BeO3oDuc02TBEA

< End of report >
 
=== OldTimer Listit - Extras ===
OTL Extras logfile created on: 04/08/2012 02:33:04 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 71.81% Memory free
16.00 Gb Paging File | 13.57 Gb Available in Paging File | 84.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540.68 Gb Total Space | 52.57 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 97.18 Gb Free Space | 32.39% Space Free | Partition Type: NTFS
Drive I: | 20.00 Gb Total Space | 1.43 Gb Free Space | 7.14% Space Free | Partition Type: NTFS
Drive J: | 15.10 Gb Total Space | 7.14 Gb Free Space | 47.30% Space Free | Partition Type: FAT32

Computer Name: GAMINGMACHINE | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E6F1B18-A1E4-4AA1-944C-8278CB78FC69}" = protocol=6 | dir=in | app=d:\downloads\utorrent.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2CEB2F4-1F33-4569-B4A8-136EE6906875}" = protocol=17 | dir=in | app=d:\downloads\utorrent.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20c31435-2a0a-4580-be8b-ac06fc243ca5}" = Python 2.7 (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2364CFB2-935A-C838-AA5A-774FEC1E588D}" = ccc-utility64
"{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39BFB02A-9692-0409-A808-3F5C7B1F8953}" = Autodesk 3ds Max 2011 64-bit
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
"{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A9C5B3-D166-4C6D-A11E-A54473150000}" = Java 3D 1.5.2
"{64A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1 (x64)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F89043A-D077-E434-FCDF-9D7179BE737A}" = AMD Media Foundation Decoders
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7563F495-80F5-0409-A514-747C66C22449}" = Autodesk 3ds Max 2011 64-bit Components
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A58CCEFF-3B96-0409-9EB9-AE95FB8759B7}" = Autodesk 3ds Max Design 2011 64-bit
"{A9482603-492F-001E-B96B-B644A0B5D326}" = AMD Fuel
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BC58750A-BF19-7057-4FDF-E9CAF52426EA}" = ccc-utility64
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BDAF38DA-C834-6D42-B314-B97BB214E140}" = AMD Drag and Drop Transcoding
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC7C5BA5-0010-1033-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
"{CC7C5BA5-09B5-428E-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
"{D207019F-D0A5-11DF-A282-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)
"{E379E16C-2258-0409-B844-BBF98F151FF6}" = Autodesk 3ds Max Design 2011 64-bit Components
"{E7979E13-F567-4D22-A7EF-9EBD1B6A6E9C}" = Genetica 3.6
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EDF6B241-8C7B-E74C-A387-5603C41AEEAA}" = AMD AVIVO64 Codecs
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7303166-C685-DCF3-5DE4-3CDA117DCEFF}" = AMD Catalyst Install Manager
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
"Autodesk FBX Plug-in 2011.1 - 3ds Max Design 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max Design 2011 64-bit
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Autodesk Mudbox 2012 64-bit - English" = Autodesk Mudbox 2012 64-bit - English
"DWG TrueView 2012" = DWG TrueView 2012
"MAXOND23FFDAC" = CINEMA 4D Demo 11.514
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Pen Tablet Driver" = Bamboo
"Sandboxie" = Sandboxie 3.66 (64-bit)
"UDK-55b412c8-9cbe-4a76-9d29-8c4ca0454086" = Unreal Development Kit: 2010-08
"UDK-9db0899a-049e-443a-97bd-2fbdb1e5c1fb" = Unreal Development Kit: 2010-12
"UDK-a11c0429-1b11-454f-bf37-392a82a1d893" = Unreal Development Kit: 2011-06
"Unlocker" = Unlocker 1.9.1-x64
 
=== OldTimers ListIt - Extras (Continued) ===

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04C6EC0A-4201-41A3-8162-E0533C638AAB}" = CubeMapGen v1.1
"{05757DB5-6E9F-97E2-111F-DA2B6E75290F}" = CCC Help Chinese Traditional
"{05CDC06E-4C55-4EAE-9401-8EF62F60CB69}" = Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0983F01E-51B9-AB95-A359-4EA7E06A3B8E}" = CCC Help Korean
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10162E91-BB26-AF99-909C-E840C15890E8}" = Catalyst Control Center Graphics Full Existing
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{136E21EB-B3DC-A814-E7FC-EF9D1DC81689}" = CCC Help Hungarian
"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{173F2B02-2AAA-414F-A2D8-44870BB98F7A}" = Shaun White Skateboarding
"{17FAA4AF-EB06-0050-D3B1-9F1747B9E4AA}" = CCC Help Swedish
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1A837B5C-AC31-2F10-DE76-E019DA223EDC}" = Catalyst Control Center Localization All
"{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}" = OpenAL 1.1 Core PC SDK (ver 3.05)
"{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{2A5782B3-9767-5DF6-8F5A-4900CD698845}" = Catalyst Control Center Graphics Light
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{38EC695A-64CD-7C76-3C21-9ECB49880C70}" = Catalyst Control Center Core Implementation
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{450A2869-616A-48C6-ECCC-59636695F35D}" = CCC Help Danish
"{47E0F183-E938-A97E-A3CF-9FD4D9893439}" = ccc-core-static
"{4912B33D-2F49-5626-103B-6E1F01A82FD3}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{52516A9C-C9DE-6745-DB13-D9628EB99D12}" = CCC Help Turkish
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57E489DE-46DB-2546-EA42-FB0D704559BE}" = Catalyst Control Center InstallProxy
"{59BB3D25-77C9-EDBC-FF56-5952567BD070}" = CCC Help Thai
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{5FE342FC-133D-449C-9E8D-1B9D8CBF7926}" = Timeline Maker Professional 2.1
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{6A7387C0-B74F-47D0-A217-B384E55FE0C9}" = Microsoft XNA Game Studio 4.0 Refresh (Redists)
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{707333E0-C796-4E2D-B0DA-5A429706C361}_is1" = DDS Viewer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73BFA936-50E9-0DF6-ADE1-2B22FEDF1C29}" = CCC Help Finnish
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{74EF259F-1DC6-4DEE-866B-0707173D7654}" = Adobe Flash Builder 4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A81A7E3-7391-ADFF-9014-F8F45F0337F6}" = CCC Help English
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{805C099D-2A20-DBF8-780C-52CA10916A14}" = Catalyst Control Center Graphics Full New
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89690B51-2E21-4E93-914E-F9CAC5B24A84}" = Microsoft XNA Game Studio Platform Tools
"{8B2F67C8-C4AC-9093-A94C-CD89566740A7}" = CCC Help Chinese Standard
"{8E79A5A3-AA5F-DA1F-4BF2-EEC290A08709}" = Skins
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
"{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
"{90140000-0017-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E1BDB3A3-E0ED-4347-A84D-5D4A747259CA}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SharePointDesigner_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{913B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{99335342-0149-FF85-C875-BAD87B55158B}" = Adobe Support Advisor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A1AE7AED-A090-0CD8-BE77-5EE59218F994}" = CCC Help Greek
"{A1C29F65-FA94-88FA-7716-71C842050A19}" = CCC Help Spanish
"{A240191E-4302-435E-86FC-A5717EF0CF38}" = Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA16146E-3894-0409-B5F9-F4D6687F1C13}" = Autodesk 3ds Max Design 2011 32-bit Components
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C064F50C-4B08-3136-48F5-B92130A47267}" = Catalyst Control Center Graphics Previews Common
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{C38F5ADE-EA15-147A-1539-FB9E48F544B5}" = CCC Help English
"{C4B3B964-173A-2324-D28E-D222026486F7}" = CCC Help Norwegian
"{C6369A55-984D-806C-5725-1A9F663DCCE8}" = CCC Help Czech
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CA9DAC4A-ADB2-B128-FD79-86DCE24FB8D3}" = CCC Help Italian
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D05AE043-DA11-4E77-A01A-DC47A8FB8761}_is1" = RazorGamer version Release Candidate 1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3812C4-8ECB-4151-6256-CE86C52067C1}" = CCC Help German
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E27E5F62-7AB0-3789-56EF-5774482E4DC8}" = CCC Help Russian
"{E3CA67A5-53E8-602E-D17A-45EFDE3DDD53}" = HydraVision
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78B0798-2AD2-25FC-F3F9-C8E4A1131630}" = CCC Help French
"{E8A606FD-B650-34EE-164E-F6A9FAC38421}" = CCC Help Japanese
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE3A5B79-C147-4BD9-952A-E894298C2ACA}" = Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF0407CF-760A-46CC-EE33-43CFDCE0FCE5}" = Catalyst Control Center Graphics Previews Common
"{EF175304-DE47-65A8-3D7C-4C78EF05976C}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F60DDBEA-DCF6-BC00-5B7B-A5253CEFBAC0}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Support Advisor
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk FBX Plug-in 2011.1 - 3ds Max Design 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max Design 2011
"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"COMODO GeekBuddy" = COMODO GeekBuddy
"Crazybump" = Crazybump (remove only)
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Dynasty Warriors Online" = Dynasty Warriors Online
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"Fences" = Fences
"fragMOTION 0.9.1a_is1" = fragMOTION 0.9.1a
"fragMOTION 1.0.0_is1" = fragMOTION 1.0.0
"Fraps" = Fraps (remove only)
"Gadwin PrintScreen" = Gadwin PrintScreen
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}" = OpenAL 1.1 Core PC SDK (ver 3.05)
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"jZip" = jZip
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiPony" = MiPony 1.5.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RC MegaTerrains" = RC MegaTerrains
"Realm Crafter" = Realm Crafter
"Runic Games Torchlight" = Torchlight
"Sauerbraten" = Sauerbraten
"ShiVa Server PLE" = ShiVa Server PLE
"StarCraft II" = StarCraft II
"Starfarer" = Starfarer by Fractal Softworks LLC
"Steam App 104700" = Super Monday Night Combat
"Steam App 1840" = Source Filmmaker
"Steam App 209870" = Blacklight: Retribution
"Steam App 210840" = Warlock - Master of the Arcane Demo
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Tiled" = Tiled - Tiled Map Editor
"tree[d]_is1" = tree[d] V3.1
"Unity" = Unity
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Warcraft III" = Warcraft III
"Web_4.0.1303.0" = Microsoft Expression Web 4
"World Machine2Pro" = World Machine 2.2 Professional Edition
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 Refresh
"xNormal 3.17.5" = xNormal 3.17.5
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ac1ad94e2ed7c137" = TF2 Items Editor
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.4.1
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"L3DT Professional (v2.9.0.0)" = L3DT Professional v2.9.0.0 (remove only)
"L3DT Standard (v2.9.0.0)" = L3DT Standard v2.9.0.0 (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III Demo" = Warcraft III Demo

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/11/2011 04:28:11 PM | Computer Name = GamingMachine | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/11/2011 04:35:08 PM | Computer Name = GamingMachine | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/11/2011 04:49:09 PM | Computer Name = GamingMachine | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/11/2011 03:00:56 PM | Computer Name = GamingMachine | Source = TabletServicePen | ID = 1
Description =

Error - 18/11/2011 05:16:48 PM | Computer Name = GamingMachine | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/11/2011 05:28:05 PM | Computer Name = GamingMachine | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/11/2011 05:43:52 PM | Computer Name = GamingMachine | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/11/2011 12:00:01 AM | Computer Name = GamingMachine | Source = uagqecsvc | ID = 16
Description =

Error - 21/11/2011 03:45:47 PM | Computer Name = GamingMachine | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 724 Start
Time: 01cca885b2bad1d8 Termination Time: 268 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 21/11/2011 08:39:48 PM | Computer Name = GamingMachine | Source = uagqecsvc | ID = 16
Description =

Error - 22/11/2011 03:29:05 PM | Computer Name = GamingMachine | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122 Faulting module name: EXPLORERFRAME.dll, version: 6.1.7600.16623,
time stamp: 0x4c258eef Exception code: 0xc0000005 Fault offset: 0x000000000001d2c9
Faulting
process id: 0xc48 Faulting application start time: 0x01cca9398ef2ff2d Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\EXPLORERFRAME.dll
Report
Id: 3cf1f97e-1540-11e1-b3aa-cb21c45ad8fe

Error - 22/11/2011 06:21:33 PM | Computer Name = GamingMachine | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 148c Start
Time: 01cca94164483c6e Termination Time: 207 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ OSession Events ]
Error - 04/05/2012 01:14:52 PM | Computer Name = GamingMachine | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/08/2012 07:31:24 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SQLWriter service.

Error - 03/08/2012 07:31:54 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%1053

Error - 03/08/2012 07:31:55 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7000
Description = The Microsoft Forefront UAG Quarantine Enforcement Client service
failed to start due to the following error: %%2

Error - 03/08/2012 07:31:55 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 03/08/2012 07:32:20 PM | Computer Name = GamingMachine | Source = SbieSvc | ID = 16851905
Description = SBIE9153 Cannot start driver (SbieDrv)

Error - 03/08/2012 07:32:20 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 03/08/2012 07:32:21 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 03/08/2012 07:37:23 PM | Computer Name = GamingMachine | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 03/08/2012 07:43:25 PM | Computer Name = GamingMachine | Source = ipnathlp | ID = 31004
Description =

Error - 03/08/2012 08:43:27 PM | Computer Name = GamingMachine | Source = ipnathlp | ID = 31004
Description =


< End of report >
 
Any current issues?
Click to expand...

p4494882.gif


===========================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\..Trusted Domains: novastor.com ([]https in Trusted sites)
[2012/08/03 05:43:26 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/04 02:28:03 | 000,711,240 | ---- | C] () -- C:\Windows\is-48UKK.exe
[2012/08/04 02:28:03 | 000,010,550 | ---- | C] () -- C:\Windows\is-48UKK.msg
[2012/08/04 02:28:03 | 000,000,459 | ---- | C] () -- C:\Windows\is-48UKK.lst
@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Jimmy\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Jimmy\Desktop\desktop.ini:gs5sys
@Alternate Data Stream - 1278 bytes -> C:\ProgramData\Microsoft:KFXUBdNnwo6Uvd8X1QXEDxueE
@Alternate Data Stream - 1260 bytes -> C:\Users\Jimmy\AppData\Local\Temp:ycvmRgdPHdhWvMf64tmjD
@Alternate Data Stream - 1197 bytes -> C:\Users\Jimmy\AppData\Local\Temp:CXRtXFh4OoPiRnZeoLq
@Alternate Data Stream - 1162 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:bbnGNLL3CpirjgoH3PYc3QGxQ
@Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:jcxP2SQi9BeO3oDuc02TBEA

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
No current issues, I read it, just didn't have anything to report. Following your advice now.
 
Here are the logs, and the TFC executed successfully. Running the final step now, might take some time.

=== OldTimers ListIt ===
All processes killed
========== OTL ==========
HKU\S-1-5-21-3841411779-2212641540-3562038416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cleverreach.com\novastor\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google-analytics.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3841411779-2212641540-3562038416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.
C:\FRST\Quarantine\{e5853950-2679-4ecd-8064-76890aafb3b4}\{e5853950-2679-4ecd-8064-76890aafb3b4}\U folder moved successfully.
C:\FRST\Quarantine\{e5853950-2679-4ecd-8064-76890aafb3b4}\{e5853950-2679-4ecd-8064-76890aafb3b4}\L folder moved successfully.
C:\FRST\Quarantine\{e5853950-2679-4ecd-8064-76890aafb3b4}\{e5853950-2679-4ecd-8064-76890aafb3b4} folder moved successfully.
C:\FRST\Quarantine\{e5853950-2679-4ecd-8064-76890aafb3b4}\U folder moved successfully.
C:\FRST\Quarantine\{e5853950-2679-4ecd-8064-76890aafb3b4}\L folder moved successfully.
C:\FRST\Quarantine\{e5853950-2679-4ecd-8064-76890aafb3b4} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\is-48UKK.exe moved successfully.
C:\Windows\is-48UKK.msg moved successfully.
C:\Windows\is-48UKK.lst moved successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Jimmy\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Jimmy\Desktop\desktop.ini:gs5sys deleted successfully.
ADS C:\ProgramData\Microsoft:KFXUBdNnwo6Uvd8X1QXEDxueE deleted successfully.
ADS C:\Users\Jimmy\AppData\Local\Temp:ycvmRgdPHdhWvMf64tmjD deleted successfully.
ADS C:\Users\Jimmy\AppData\Local\Temp:CXRtXFh4OoPiRnZeoLq deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:bbnGNLL3CpirjgoH3PYc3QGxQ deleted successfully.
ADS C:\ProgramData\Microsoft:jcxP2SQi9BeO3oDuc02TBEA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jimmy
->Temp folder emptied: 644925 bytes
->Temporary Internet Files folder emptied: 7077758 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 120700999 bytes
->Google Chrome cache emptied: 9146557 bytes
->Flash cache emptied: 3193538 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 53702 bytes
%systemroot% .tmp files removed: 1446190 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 164242 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 136.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jimmy
->Java cache emptied: 0 bytes

User: Public

User: TEMP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jimmy
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08042012_035836

Files\Folders moved on Reboot...
C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

=== Farbar Service Scanner ===
Farbar Service Scanner Version: 04-08-2012 01
Ran by Jimmy (administrator) on 04-08-2012 at 04:16:27
Running from "C:\Users\Jimmy\Desktop"
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 00:48] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 23:52] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-14 17:01] - [2012-04-24 06:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
You must log in or register to reply here.

Similar threads

midian182
Government review criticizes Microsoft for security lapses in "preventable" Exchange hack
Replies
0
Views
96
midian182
midian182
midian182
eBay will pay $3 million in harassment case involving its employees, customers, and live...
Replies
5
Views
270
RandomWAN
R
D
Ubiquiti fixes massive bug that allowed users to view others' security cameras
Replies
0
Views
178
DragonSlayer101
D

Latest posts

Back