Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden overall computer slowdown and EOleSysError Class not registered in OTL


  • This topic is locked This topic is locked
11 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:44 PM

Posted 16 September 2014 - 09:26 AM

Hi all!

I am starting a new topic as instructed here: http://www.bleepingcomputer.com/forums/t/547110/otl-throwing-eolesyserror-message-class-not-registered/

A few months ago my computer suddenly slowed down significantly for no apparent reason. Also my WLAN began having trouble initializing. Every morning I had to restart the computer as well as the router (ZyXEL P-2812HNU-F3) to get the connection back. This workaround took about 10 minutes to complete, in addition to the first startup (20 minutes altogether).

I therefore decided searching Google for an answer, assuming this might be spyware-related. Quickly I found your forum site, and started reading about the subject of spyware, and how to remove it.

Subsequently I have disinfected my computer by running most of the anti-spyware tools hosted on this site. I have run several scans and performed research as necessary on the web. The total number of threats eliminated is 300-400.

Afterwards, luckily my WLAN is now both stable and error-free. But, the computer continues to run slowly (10 minutes on startup), and overall. For example creating a system restore point takes 23 seconds. Starting Firefox takes 43 seconds. It is like as if something is hindering the computer speed, which is frustrating, especially in the long run.

 

And sometimes my mouse pointer does not move smoothly across the screen, likewise some icons in SysTray are missing on startup.

I will be happy to run any anti-spyware tools and post their respective logs as well.

But, regarding the topic title, when trying to run OTL by OldTimer, I unfortunately receive the same error message every time:

"Application Error - Exception EOleSysError in module OTL.exe at 000584A5 - Class not registered."

In order to try to fix this on my own, I have already tried downloading the program with a modified name, from alternate mirror, running the program from Safe Mode, running the program from a VisualBasic Script, downloaded several Delphi Run-time environment files, and running OTH, RKill, Doug Knox' EXE-Fix, FixExec, Farbar GrantPerms and GiveMePower, but to no avail.

I suspect the culprit of all this could be restrictions and policies imposed by spyware. (A search with SystemLook shows 16 sections of the registry containing "Restrictions", and countless sections containing "Policies".) I will post these logs on request.

 

Could you please advice on this? Any suggestions are appreciated.

 

Below is a DDS log; and an Attach log is zipped:

 

Thank you very much in advance!

 

Regards,

midimusicman79

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21376  BrowserJavaVersion: 10.67.2
Run by Torbjoern Martin at 13:01:46 on 2014-09-16
#Option Extended Search is enabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1044.18.2047.1310 [GMT 2:00]

AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal Firewall *Disabled*

============== Running Processes ================

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Logitech\Mus\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.no/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\Program Files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\java\jre7\bin\ssv.dll
BHO: Log on Assistant for Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\Program Files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files\wot\WOT.dll
uRun: [RemoteControl] <no file>
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [CTHelper] CTHELPER.EXE
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [ISUSPM Startup] "c:\Program Files\Common Files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\Program Files\Common Files\installshield\updateservice\issch.exe" -start
mRun: [OpwareSE2] "c:\Program Files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [mspwr] c:\windows\system32\PuXpMan2.exe
mRun: [NSLauncher] c:\Program Files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [Adobe Photo Downloader] "c:\Program Files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] c:\Program Files\Common Files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\Program Files\Common Files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DVD- and CD-sharing] "c:\Program Files\dvd- and cd-sharing\ODSAgent.exe"
mRun: [APSDaemon] "c:\Program Files\Common Files\apple\apple application support\APSDaemon.exe"
mRun: [StartCCC] "c:\Program Files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\Program Files\quicktime\QTTask.exe" -atboottime
mRun: [egui] "c:\Program Files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [IJNetworkScannerSelectorEX] c:\Program Files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [SunJavaUpdateSched] "c:\Program Files\Common Files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\Program Files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\bdarem~1.lnk - c:\Program Files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\bounce~1.lnk - c:\Program Files\cms peripherals\bounceback professional\BBLauncher.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\logite~1.lnk - c:\Program Files\logitech\mus\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\sonicc~1.lnk - c:\Program Files\Common Files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\window~1.lnk - c:\Program Files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373122604828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345026703125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} - hxxp://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15026/CTPID.cab
TCP: NameServer = 130.67.15.198 193.213.112.4 10.0.0.138
TCP: Interfaces\{DF60B97F-F4BC-4CE5-BB7B-B3EFA1C40066} : DHCPNameServer = 130.67.15.198 193.213.112.4 10.0.0.138
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\Program Files\Common Files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\Program Files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\Program Files\superantispyware\SASSEH.DLL
mASetup: ccc-core-static - msiexec /fums {399150FC-EB45-1CE0-0792-1F3A23397BD4} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\torbjoern martin\programdata\mozilla\firefox\profiles\1ajtphld.default\

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]
R1 SASDIFSV;SASDIFSV;c:\Program Files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\Program Files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\Program Files\superantispyware\SASCORE.EXE [2013-10-11 142648]
R2 ekrn;ESET Service;c:\Program Files\eset\eset smart security\ekrn.exe [2013-9-12 1337752]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PFMODNT.SYS [2005-12-8 8192]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2006-8-3 14976]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-26 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-26 43392]
S3 cpuz135;cpuz135;\??\c:\Program Files\cpuid\pc wizard 2012\pcwiz_x32.sys --> c:\Program Files\cpuid\pc wizard 2012\pcwiz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-5-10 23456]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-8-29 43368]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2014-8-29 24040]
S3 PortReporter;Port Reporter;c:\Program Files\portreporter\PortReporter.exe [2006-8-5 90183]
S3 RDID1032;Roland GI-20;c:\windows\system32\drivers\rdwm1032.sys [2006-9-27 43900]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

=============== Created Last 60 ================

2014-09-14 11:38:35    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-14 11:36:14    --------    d-----w-    c:\Program Files\iPod
2014-09-14 11:35:36    --------    d-----w-    c:\Program Files\iTunes
2014-09-14 11:35:36    --------    d-----w-    c:\documents and settings\all users\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-13 10:56:33    3231696    ----a-w-    c:\Program Files\mozilla firefox\d3dcompiler_46.dll
2014-09-13 10:54:58    638064    ----a-w-    c:\Program Files\mozilla firefox\libGLESv2.dll
2014-09-12 14:00:16    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-09-12 14:00:16    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-09-12 11:53:26    --------    d-----w-    c:\documents and settings\all users\programdata\MicroWorld
2014-09-12 11:14:46    --------    d-----w-    c:\documents and settings\torbjoern martin\programdata\Download Manager
2014-09-09 13:52:29    --------    d-----w-    c:\Program Files\Tweaking.com
2014-09-04 13:41:04    --------    d-----w-    C:\zoek_backup
2014-08-30 11:34:49    --------    d-----w-    c:\Program Files\Reason
2014-08-29 12:46:28    43368    ------w-    c:\windows\system32\drivers\gfiark.sys
2014-08-29 12:46:28    24040    ------w-    c:\windows\system32\drivers\gfiutil.sys
2014-08-26 13:22:17    --------    d-----w-    C:\OldTimer
2014-08-23 13:27:09    --------    d-----w-    c:\documents and settings\torbjoern martin\programdata\PE Explorer
2014-08-22 09:31:36    --------    d-----w-    c:\Program Files\Secunia
2014-08-18 11:29:31    --------    d-----w-    c:\documents and settings\all users\programdata\Ashampoo
2014-08-07 11:30:02    --------    d-----w-    C:\SQL2KSP4
2014-08-05 13:44:24    --------    d-----w-    c:\Program Files\stinger
2014-08-05 08:58:52    145408    ------w-    c:\windows\system32\javacpl.cpl
2014-08-05 08:58:35    96680    ------w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-04 10:11:26    --------    d-----w-    c:\documents and settings\torbjoern martin\programdata\Runscanner.net
2014-08-03 09:53:47    188304    ------w-    c:\Program Files\internet explorer\plugins\nppdf32.dll
2014-07-23 13:04:47    --------    d-----w-    c:\Program Files\Common Files\ATI Technologies
2014-07-23 13:04:01    --------    d-----w-    c:\Program Files\USB TV
2014-07-22 14:20:44    --------    d-----w-    c:\documents and settings\all users\programdata\Package Cache

==================== Find6M  ====================

2014-09-10 13:38:51    701104    ------w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-10 13:38:50    71344    ------w-    c:\windows\system32\FlashPlayerCPLApp.cpl

============= FINISH: 13:02:21,03 ===============
 

 

Attached File  attach.zip   5.76KB   1 downloads


Edited by midimusicman79, 17 September 2014 - 03:19 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 21 September 2014 - 06:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:44 PM

Posted 21 September 2014 - 10:12 AM

Hi, nasdaq.

 

Thank you, sir, for your prompt answer, but unfortunately it is just way too much work for me to translate the log texts from Norwegian to English, I am very sorry about this, also for having wasted your valuable time on trying to help me.

 

BTW, I thought you would be interested in me posting the two logs from SystemLook, actually showing the restrictions and policies which I think have been imposed by spyware, both causing the computer slowdown and the EOleSysError message. (Also now both my DVD burners have stopped working.)

 

I will try to continue to solve these problems on my own, without any more help from you. Again I am very sorry about this - please forgive me.

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 21 September 2014 - 12:24 PM

No need to translate the logs.


Post them and I will see what I can suggest.

#5 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:44 PM

Posted 23 September 2014 - 06:52 AM

Hi again, nasdaq.

 

Unfortunately, I forgot to mention that I had an important weekly appointment yesterday, which I had to keep, thereby causing a delay in my response to you, for this I apologize.

 

And regarding translation, I decided to do it anyway. :)

 

(Just thought that I should mention that eSupport.com and DriverAgent is a driver utility. Uninstall.exe belongs to my new Canon printer. Thus all FPs.)

 

Regards,

midimusicman79

 

 

Here are the logs:

 

 

AdwCleaner log:

 

# AdwCleaner v3.310 - Report created 21/09/2014 at 15:39:36
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Torbjoern Martin - EGEN-6B8E11F08C
# Running from : C:\Documents and Settings\Torbjoern Martin\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Documents and Settings\All Users\Start-menu\Programs\eSupport.com
[x] Not Deleted : C:\Program Files\eSupport.com
[x] Not Deleted : C:\Documents and Settings\Torbjoern Martin\Local Settings\Program Data\eSupport.com
[x] Not Deleted : C:\DOCUME~1\TORBJR~1\LOCAL~1\Temp\Uninstall.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKCU\Software\eSupport.com

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376


-\\ Mozilla Firefox v32.0.2 (x86 nb-NO)

[ File : C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default\prefs.js ]


[ File : C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\xyl6yugq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1349 octets] - [21/09/2014 15:35:08]
AdwCleaner[S0].txt - [1290 octets] - [21/09/2014 15:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1350 octets] ##########
 

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Torbjoern Martin (administrator) on EGEN-6B8E11F08C on 21-09-2014 15:52:10
Running from C:\Documents and Settings\Torbjoern Martin\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Norwegian (Book Language)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Creative Technology Ltd) C:\WINDOWS\CTHELPER.EXE
() C:\WINDOWS\system32\TaskSwitch.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
() C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\Mus\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [CTHelper] => C:\WINDOWS\CTHELPER.EXE [16384 2005-12-08] (Creative Technology Ltd)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [ISUSPM Startup] => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [mspwr] => C:\WINDOWS\system32\PuXpMan2.exe
HKLM\...\Run: [NSLauncher] => C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [3100672 2007-09-07] ()
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [57344 2005-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-04-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DVD- and CD-sharing] => C:\Program Files\DVD- and CD-sharing\ODSAgent.exe [619832 2008-02-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\Program Files\Common Files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [RemoteControl] => [X]
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [Creative Detector] => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R >wr     
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [ctfmon.exe] => (the data entry has 67 more characters).
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [StartCCC] => [X]
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [TrendSecure Remote File Lock] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe [423248 2008-03-06] (Trend Micro Inc.)
Startup: C:\Documents and Settings\All Users\Start menu\Programs\startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\All Users\Start menu\Programs\startup\BounceBack Launcher.lnk
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe ()
Startup: C:\Documents and Settings\All Users\Start menu\Programs\startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\Mouse\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Documents and Settings\All Users\Start menu\Programs\startup\Sonic CinePlayer Quick Launch.lnk
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
Startup: C:\Documents and Settings\All Users\Start menu\Programs\startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Log on help for Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15026/CTPID.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 130.67.15.198 193.213.112.4 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default
FF Homepage: https://www.google.no/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin Program Files/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bok-NO.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yellowpages-NO.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\qxl-NO.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-NO.xml
FF Extension: WOT - C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-11]
FF Extension: Adblock Plus - C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-21]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-03-29]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-17] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336 2014-08-28] (Apple Inc.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-05-11] (Google Inc.)
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-05-11] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [553288 2014-09-01] (Apple Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-05] (Oracle Corporation)
S3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [322120 2003-06-19] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-19] (Mozilla Foundation)
R2 MSFtpsvc; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation) [File not signed]
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
S3 PortReporter; C:\Program Files\PortReporter\portreporter.exe [90183 2004-03-30] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [212480 2007-02-08] (Nokia.) [File not signed]
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [914944 2006-11-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-09-21] (D-Link Corporation)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [5685 2005-12-22] () [File not signed]
S3 ATHFMWDL; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [43392 2005-07-26] (Windows ® 2000 DDK provider) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [170496 2009-02-04] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-11-10] (Creative Technology Ltd)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-05-10] (Phoenix Technologies) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [754176 2005-12-08] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [154112 2005-12-08] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [179712 2005-12-08] (Creative Technology Ltd)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [91776 2009-06-22] (Microsoft Corporation) [File not signed]
S3 msgame; C:\WINDOWS\System32\DRIVERS\msgame.sys [35200 2001-08-17] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-18] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 PfDetNT; C:\WINDOWS\system32\drivers\PfModNT.sys [8192 2005-12-08] (Creative Technology Ltd.)
R2 portD; C:\WINDOWS\System32\DRIVERS\portd2k.sys [14976 2004-02-23] (CMS Peripherals, Inc.) [File not signed]
S3 RDID1032; C:\WINDOWS\System32\Drivers\rdwm1032.sys [43900 2002-12-18] (Roland Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2006-06-06] (EnTech Taiwan) [File not signed]
S3 YMIDUSB; C:\WINDOWS\System32\Drivers\ymidusb.sys [16640 2006-12-21] (Yamaha Corporation) [File not signed]
S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [245248 2006-05-23] (Marvell)
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 gfiutil; system32\drivers\gfiutil.sys [X]
S4 IntelIde; No ImagePath
U5 LHidKe; C:\Windows\System32\Drivers\LHidKe.sys [27136 2006-07-19] (Logitech Inc.) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\A5AGU.sys 6E0A62F76886F7C0807B2DCEE0524EFF
C:\WINDOWS\System32\DRIVERS\ACPI.sys 7E3B0F07B0DCB6155FD4EAF4047F0C72
C:\WINDOWS\system32\Drivers\ACPIEC.sys EAB54EA21AB7EA92FB9975C02779080B
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F
C:\WINDOWS\System32\drivers\AsIO.sys 19A1DAC5BC607C212E8A94C05886ED52
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\Drivers\ATHFMWDL.sys 8B56BAC1AF3A59D665D7A5D1BB5624F0
C:\WINDOWS\System32\DRIVERS\ati2mtag.sys C0B86ECB324E50F6BBD529F9D5C6B24B
C:\WINDOWS\System32\DRIVERS\atinavt2.sys BEFB648D5A40B816D66283B571BBE38A
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\drivers\ctac32k.sys 3CFB715F2E3B0E475E984F78CDFADA57
C:\WINDOWS\System32\drivers\ctaud2k.sys B640816F7D3FFEAAEFEA831242FE5E8C
C:\WINDOWS\System32\drivers\ctdvda2k.sys C4333325D325EFA668888D0D3177C6FF
C:\WINDOWS\System32\drivers\ctprxy2k.sys A9F9A48406E99134CD3879B410E9139D
C:\WINDOWS\System32\drivers\ctsfm2k.sys FCBB8EA6FE935D2C531D3A4DEE9F985B
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys F1F9E49B764C96902ECCABEF144E7CC7
C:\WINDOWS\System32\drivers\dmio.sys 12CA201C2B40D8A8B1687164E2DD1D9A
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\system32\Drivers\DrvAgent32.sys 651554E483712B708EDE864D0CA1AA73
C:\WINDOWS\System32\DRIVERS\e1e5132.sys F239EC59B4A30266A4A7B081A5DEE0FC
C:\WINDOWS\System32\DRIVERS\eamon.sys 0C51F1D7A7501FC948D35AE0FDE764A5
C:\WINDOWS\System32\DRIVERS\ehdrv.sys C79916F203E1A2CBBE99F22D6E5D21DA
C:\WINDOWS\System32\drivers\emupia2k.sys 05377DDEDF219D9BD3102BD9FBDC3EAE
C:\WINDOWS\System32\DRIVERS\epfw.sys 4B6B2C930CD076F8BDEE683512EE05E8
C:\WINDOWS\System32\DRIVERS\Epfwndis.sys BE76566CE5E943B7529CF49025506542
C:\WINDOWS\System32\DRIVERS\epfwtdi.sys B964288A27843BDAFB5EE3A5CFC26A0A
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys A3D6EF42350586396D613081E20D750C
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys F49589D9B1B3229EB3E761E569B20ACA
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\drivers\ha10kx2k.sys 5DA1AF9485B591E4406924803969CCF0
C:\WINDOWS\System32\drivers\hap16v2k.sys 9F7EEC8D49279052E4D70971246AC7CD
C:\WINDOWS\System32\drivers\hap17v2k.sys C34FBFCF18332927C9D7DFB44F1CC84F
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 07D2C69BF1230998553EA5FC62E4DA9D
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelppm.sys 694E25EFDC04BFC2803B718CD01B71AD
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 165255B09753CD0900287C6722B53E8A
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 403A9D3C56617C49EFCB5F2897F500D7
C:\WINDOWS\System32\DRIVERS\kbdhid.sys AD4760546EF72CEE55E12F91DC444847
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys D1968DEA7BAFF4A917858C384339CEC8
C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys 24E0DDB99AECCF86BB37702611761459
C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys D58B330D318361A66A9FE60D7C9B4951
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys EFC09980C68BE2DD0BC3076AAA567D67
C:\WINDOWS\System32\DRIVERS\mouclass.sys F54DE35966BD4F6D7D751642DED032DB
C:\WINDOWS\System32\DRIVERS\mouhid.sys 2C8ACE099162A015D464C9A427148651
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\MPE.sys C0F8E0C2C3C0437CF37C6781896DC3EC
C:\WINDOWS\system32\drivers\mqac.sys EEE50BF24CAEEDB515A8F3B22756D3BB
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\DRIVERS\msgame.sys 082A950191DDE602BBEA8EF4E5900251
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\System32\drivers\msmpu401.sys CA3E22598F411199ADC2DFEE76CD0AE0
C:\WINDOWS\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA
C:\WINDOWS\System32\drivers\nmwcd.sys 696B37EA78F9D9767A2F18BA0304A51A
C:\WINDOWS\System32\drivers\nmwcdc.sys BBB6010FC01D9239D88FCDF133E03FF0
C:\WINDOWS\System32\drivers\nmwcdcj.sys 4C3726467D67483F054C88F058E9C153
C:\WINDOWS\System32\drivers\nmwcdcm.sys 4C3726467D67483F054C88F058E9C153
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F
C:\WINDOWS\System32\drivers\ctoss2k.sys 3649EEFA90990249267DD6C7808CBC86
C:\WINDOWS\System32\DRIVERS\parport.sys 1AA2E7C0F517B16C6D53093F6EF4D707
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 12297B25CCC4D89D9D2E794A8FD6EE3D
C:\WINDOWS\System32\DRIVERS\pci.sys 5AF0A66BBBBB8D44A308141F529EA5E0
C:\WINDOWS\System32\DRIVERS\pciide.sys C9EF84891A111F6F5EBB758A29252E54
C:\WINDOWS\system32\Drivers\Pcmcia.sys 339B6DA5D9E01E04F39A5E93612D5C5A
C:\WINDOWS\system32\drivers\PfModNT.sys DB64E50CFEA80077E47C282BCE2C1813
C:\WINDOWS\System32\DRIVERS\portd2k.sys 97152B53B88C82564CAE86FE16635BDC
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\Drivers\rdwm1032.sys CBCCC79FD9AB75487508C59863BE702D
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys 99C7D4742BE0415D084126EC3462B454
C:\WINDOWS\system32\drivers\RMCast.sys 96F7A9A7BF0C9C0440A967440065D33C
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\WINDOWS\System32\DRIVERS\sbp2port.sys B244960E5A1DB8E9D5D17086DE37C1E4
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys D579FAB95D55A3459547D3EF116821D7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\DRIVERS\SI3132.sys 0B9B5C6DF6226497EF4819B6E1B2EFD5
C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys AD29A80543C63E5B3588D118FB327E22
C:\WINDOWS\System32\DRIVERS\SiRemFil.sys B19EFE5E45AE31F3C3E4C4F0F9DA3C49
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\speedfan.sys DC8D2952FB6FFBAEC67BD1B93A34DF11
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys A10A8FFFBC556480027FB5AADAE4FE1A
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\System32\DRIVERS\tcpip6.sys 4E53BBCC4BE37D7A4BD6EF1098C89FF7
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\System32\DRIVERS\tunmp.sys 8F861EDA21C05857EB8197300A92501C
C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS E266683FC95ABDEC17CD378564E1B54B
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 9D61102F5BACD5A26FCAA0DE95E5909E
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\DRIVERS\Wdf01000.sys FD47474BD21794508AF449D9D91AF6E6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\WINDOWS\System32\DRIVERS\WudfPf.sys 50EB9E21963B4F06FD010D007D54351B
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 6E209664BDEA8A15B5E8E480D6C607C2
C:\WINDOWS\System32\Drivers\ymidusb.sys 48D2CA257A22481F830D9CE434E3827A
C:\WINDOWS\System32\DRIVERS\yk51x86.sys 228D0403F0210D6D67A9ACF907597EFE

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 15:34 - 2014-09-21 15:39 - 00000000 ____D () C:\AdwCleaner
2014-09-21 15:18 - 2014-09-21 15:18 - 01373475 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\adwcleaner_3.310.exe
2014-09-20 15:46 - 2014-09-20 15:47 - 00075994 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Addition.txt
2014-09-20 15:45 - 2014-09-21 15:52 - 00037446 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\FRST.txt
2014-09-20 13:24 - 2014-09-20 13:24 - 00001805 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-20 13:24 - 2014-09-20 13:24 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-20 13:24 - 2014-09-20 13:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start menu\Programs\Tweaking.com
2014-09-19 12:58 - 2014-09-19 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Torbjoern Martin\Desktop\HijackThis.exe
2014-09-19 12:50 - 2014-09-19 12:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-14 13:38 - 2014-09-14 13:38 - 00001537 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-09-14 13:38 - 2014-09-14 13:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start menu\Programs\iTunes
2014-09-14 13:38 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-09-14 13:36 - 2014-09-14 13:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 13:35 - 2014-09-14 13:38 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 13:35 - 2014-09-14 13:38 - 00000000 ____D () C:\Documents and Settings\All Users\Program Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-12 14:09 - 2014-09-12 14:10 - 09891714 _____ () C:\WINDOWS\REGBK00.ZIP
2014-09-12 13:59 - 2014-09-12 13:59 - 00000458 _____ () C:\WINDOWS\UPDLL.LOG
2014-09-12 13:58 - 2014-09-12 14:00 - 00000276 _____ () C:\WINDOWS\general.log
2014-09-12 13:14 - 2014-09-12 13:23 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Program Data\Download Manager
2014-09-11 11:22 - 2013-05-02 07:56 - 00459114 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\GrantPerms.exe
2014-09-04 15:41 - 2014-09-04 15:54 - 00000002 ____N () C:\runcheck.txt
2014-08-26 15:22 - 2014-09-11 11:26 - 00000000 ____D () C:\OldTimer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 15:52 - 2014-09-20 15:45 - 00037446 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\FRST.txt
2014-09-21 15:52 - 2014-06-30 12:05 - 00000000 ____D () C:\FRST
2014-09-21 15:52 - 2006-06-05 14:19 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Desktop
2014-09-21 15:52 - 2006-06-05 14:19 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp
2014-09-21 15:52 - 2006-06-05 14:13 - 02062852 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-21 15:50 - 2009-04-29 14:05 - 00000442 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{99082F30-1C10-41B8-85EC-F9979A0249DE}.job
2014-09-21 15:48 - 2006-06-05 15:55 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-09-21 15:47 - 2004-08-04 14:00 - 00012674 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-21 15:45 - 2006-06-05 16:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-21 15:44 - 2014-03-12 11:53 - 00000242 _____ () C:\WINDOWS\Tasks\Notification about end of support for Microsoft Windows XP – Log on.job
2014-09-21 15:44 - 2006-06-05 16:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-21 15:44 - 2006-06-05 14:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-21 15:41 - 2007-06-23 16:13 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-09-21 15:41 - 2007-06-23 16:13 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-09-21 15:41 - 2006-06-05 23:02 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-09-21 15:41 - 2006-06-05 14:19 - 00000286 ___SH () C:\Documents and Settings\Torbjoern Martin\ntuser.ini
2014-09-21 15:41 - 2006-06-05 14:17 - 00032100 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-21 15:39 - 2014-09-21 15:34 - 00000000 ____D () C:\AdwCleaner
2014-09-21 15:38 - 2012-03-30 11:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-21 15:31 - 2006-06-05 16:01 - 00205086 _____ () C:\WINDOWS\setupact.log
2014-09-21 15:26 - 2014-06-27 15:44 - 01097728 _____ (Farbar) C:\Documents and Settings\Torbjoern Martin\Desktop\FRST.exe
2014-09-21 15:23 - 2014-05-19 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Program Data\CanonIJPLM
2014-09-21 15:18 - 2014-09-21 15:18 - 01373475 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\adwcleaner_3.310.exe
2014-09-21 15:15 - 2013-10-29 16:54 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\My documents\Downloads
2014-09-21 15:15 - 2006-06-08 13:56 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\My documents\My newly installed files
2014-09-21 15:08 - 2006-06-05 14:19 - 00000000 ___HD () C:\Documents and Settings\Torbjoern Martin\OtherMachines
2014-09-21 13:19 - 2013-11-21 16:19 - 00000000 __RHD () C:\Documents and Settings\Torbjoern Martin\Latest
2014-09-20 15:47 - 2014-09-20 15:46 - 00075994 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Addition.txt
2014-09-20 13:24 - 2014-09-20 13:24 - 00001805 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-20 13:24 - 2014-09-20 13:24 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-20 13:24 - 2014-09-20 13:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start menu\Programs\Tweaking.com
2014-09-20 13:24 - 2006-06-05 16:02 - 00000000 ___RD () C:\Program Files
2014-09-20 13:24 - 2006-06-05 16:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Start menu\Programs
2014-09-20 13:00 - 2014-06-11 13:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 16:08 - 2014-07-17 12:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-19 12:58 - 2014-09-19 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Torbjoern Martin\Desktop\HijackThis.exe
2014-09-19 12:51 - 2014-09-19 12:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-19 12:30 - 2006-06-05 14:19 - 00000000 ___RD () C:\Documents and Settings\Torbjoern Martin\Start menu\Programs
2014-09-18 11:27 - 2006-06-05 14:19 - 00000000 ___RD () C:\Documents and Settings\Torbjoern Martin\My documents
2014-09-16 14:52 - 2009-03-12 18:14 - 00960049 _____ () C:\WINDOWS\setupapi.log
2014-09-14 13:38 - 2014-09-14 13:38 - 00001537 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-09-14 13:38 - 2014-09-14 13:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start menu\Programs\iTunes
2014-09-14 13:38 - 2014-09-14 13:35 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 13:38 - 2014-09-14 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Program Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-14 13:38 - 2006-06-05 16:02 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop
2014-09-14 13:36 - 2014-09-14 13:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 13:36 - 2007-06-29 18:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-13 16:57 - 2006-06-05 14:19 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin
2014-09-12 16:17 - 2013-07-09 15:47 - 00000000 ____D () C:\Program Files\CPUID
2014-09-12 16:17 - 2013-07-09 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start menu\Programs\CPUID
2014-09-12 16:01 - 2014-07-08 16:00 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-09-12 16:01 - 2006-06-05 14:17 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-12 16:01 - 2006-06-05 14:17 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-12 16:00 - 2006-06-05 14:11 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-12 14:10 - 2014-09-12 14:09 - 09891714 _____ () C:\WINDOWS\REGBK00.ZIP
2014-09-12 14:00 - 2014-09-12 13:58 - 00000276 _____ () C:\WINDOWS\general.log
2014-09-12 13:59 - 2014-09-12 13:59 - 00000458 _____ () C:\WINDOWS\UPDLL.LOG
2014-09-12 13:58 - 2004-08-04 14:00 - 00001915 _____ () C:\WINDOWS\win.ini
2014-09-12 13:53 - 2006-06-05 16:02 - 00000000 ____D () C:\Program Files\Common Files
2014-09-12 13:23 - 2014-09-12 13:14 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Program Data\Download Manager
2014-09-12 12:49 - 2014-07-01 11:27 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Desktop\FRST-OlderVersion
2014-09-12 12:37 - 2006-08-03 07:47 - 00000000 ____D () C:\WINDOWS\BounceBack
2014-09-11 15:16 - 2004-08-04 14:00 - 00000231 _____ () C:\WINDOWS\system.ini
2014-09-11 15:14 - 2014-08-19 15:47 - 00139264 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\SystemLook.exe
2014-09-11 11:26 - 2014-08-26 15:22 - 00000000 ____D () C:\OldTimer
2014-09-11 11:05 - 2013-07-10 14:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 10:57 - 2006-06-05 21:24 - 98758480 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 15:38 - 2012-03-30 11:33 - 00701104 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 15:38 - 2011-05-21 12:02 - 00071344 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 13:41 - 2006-06-06 17:46 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\My documents\My new Emails
2014-09-04 15:54 - 2014-09-04 15:41 - 00000002 ____N () C:\runcheck.txt
2014-08-31 00:54 - 2006-06-05 14:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-30 19:11 - 2006-09-13 16:31 - 00000282 ____N () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-28 14:37 - 2006-06-10 15:22 - 00002491 ____N () C:\Documents and Settings\Torbjoern Martin\Desktop\Microsoft Office Excel 2003.lnk
2014-08-22 11:55 - 2006-06-05 16:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Start menu\Programs\startup

Some content of TEMP:
====================
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\02TVoHLM.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\1000053.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\2000038.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\7za.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\AdobeUpdater12345.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\atl80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\AUMgr.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\avxdisk.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdc.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdcore.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdfltlib2k.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdnimbus32.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdnimbus64.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdupdateservice.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\catchme.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\DEVCON.EXE
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\DFC_Setup.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\dZ2Xs.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\eEmpty.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\encdec.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\esupdate.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\flashplayer6_winax.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\FmR.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\FSSync.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Getvlist.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\GoogleInstall.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\gtapi.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\hBDPKAz.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\hijackthis.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\i4j23825.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ikave.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Install.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\InstHelper.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ipc.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jBsnV4r.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u16-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\kave.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\kavvlg.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\libexpat.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfc80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfc80u.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfcm80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfcm80u.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\MSETUP4.EXE
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvclnt.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcm80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcp110.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcp80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcp90.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcr110.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcr80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcr90.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvl64.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvlclnt.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\MUOAp.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mwavdwnl.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\MWAVL.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mwavscan.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mwunzip.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\NirCmd.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\o0Tz.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Ohbum.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\PEVZ.EXE
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\pKIJ5PwS.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\prLoader.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\red32.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Reload.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\remove.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\scan.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ScanningProcess.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sed.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\setpointnor.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\setpriv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sfextra.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\shortcut.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sp_setpoint.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\swreg.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\swxcacls.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\test2.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\TmDbg32.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\TNO_CC30Pack.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\trufos.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\uninstall.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\unregx.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Unwise.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\UPDLL10.DLL
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\viewtcp.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\wget.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\xIWte3.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Attached File  Addition.zip   14.35KB   2 downloads


Edited by midimusicman79, 23 September 2014 - 08:38 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 23 September 2014 - 08:30 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [RemoteControl] => [X]
    HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [StartCCC] => [X]
    Handler: msdaipp - No CLSID Value -
    FF Plugin: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin HKCU: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
    S3 gfiark; system32\drivers\gfiark.sys [X]
    S3 gfiutil; system32\drivers\gfiutil.sys [X]
    S4 IntelIde; No ImagePath
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/

    ===

    How is the computer running now?


#7 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:44 PM

Posted 25 September 2014 - 09:58 AM

Hi again, nasdaq.

 

Thank you for the advice, but Sir, with all do respect, unfortunately I do not want to clean my Temporary files/folders, as I think it might cause "unpredictable results". Neither do they pose a security threat, nor have they ever bothered me.

 

I have particially mostly used the fixlist which you created and ran FRST, as I think some of the lines were somewhat too risky to execute, namely one of these belonging to my Graphics card. I also decided to use the Reboot: option in order to force a reboot of the computer, like I have always used FRST, because I think it is "better" than just doing this in the normal fashion. Hope you do not mind this.

 

And as for how the computer is running now, it is still as slow, OTL by OldTimer still will not run, and even still both my DVD-burners do not work.

 

Do you want me to post the logs from SystemLook showing the restrictions and policies that I think cause both the computer slowdown as well as the EOleSysError?

 

Can I use FRST and/or Windows Repair (All In One) to remove these?

 

Regards,

midimusicman79

 

 

Here are the logs:

 

 

FRST Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2014
Ran by Torbjoern Martin at 2014-09-24 15:05:56 Run:10
Running from C:\Documents and Settings\Torbjoern Martin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Handler: msdaipp - No CLSID Value -
FF Plugin: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 gfiutil; system32\drivers\gfiutil.sys [X]
Reboot:
*****************

"HKCR\PROTOCOLS\Handler\msdaipp" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9" => Key deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll not found.
cpuz135 => Service deleted successfully.
gfiark => Service deleted successfully.
gfiutil => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

SecurityCheck checkup log:

 

Results of screen317's Security Check version 0.99.87  
Windows XP Service Pack 3 x86   
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 7.0   
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.96-8    
SUPERAntiSpyware     
VirusTotal Uploader 2.2   
Java 7 Update 67  
Adobe Flash Player     15.0.0.152  
Adobe Reader 10.1.11 Adobe Reader out of Date! 
Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe  
ESET NOD32 Antivirus ekrn.exe  
Trend Micro TrendSecure RemoteFileLock FLMain.exe
Trend Micro TrendSecure TSCFPlatformCOMSvr.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````


Edited by midimusicman79, 26 September 2014 - 08:37 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 25 September 2014 - 10:15 AM

Do you want me to post the logs from SystemLook showing the restrictions and policies that I think cause both the computer slowdown as well as the EOleSysError?


No need to post the registry log. The Farbar tool reports the registry policies that have been modified.
Nothing was should on your logs.

See if you can get a log from ComboFix.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#9 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:44 PM

Posted 26 September 2014 - 08:19 AM

Hi again, nasdaq.

 

Once again, you are asking me to run a program, this time it is ComboFix. However, the first and foremost problem with this, is that it cleans all Temporary files/folders, which is exactly what I will not do. And hence, I unfortunately cannot run this program.

 

Furthermore, you are not commenting the findings of SecurityCheck, stating that both IE7 and Adobe Reader are out of date, which is important information. Regarding IE, I hardly ever use it as I rather prefer FF. Well, good news is: I am updating AR today. :thumbup2:

 

 

No need to post the registry log. The Farbar tool reports the registry policies that have been modified.
Nothing was should on your logs.

 

Of course the registry logs from SystemLook show whatever FRST is unable to report.

 

And in any case, here are the logs; I would just like to show them to you:

 

(Note that {62B6A513-3764-42CD-8410-9B81E8DFF135}, {B05651C6-9B10-425E-B616-1FCD828DB3B1} and {E16F1874-C5B1-4400-A9F0-08E7FD4D3F8C} are all spyware.)

 

Regards,

midimusicman79

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:36 on 26/09/2014 by Torbjoern Martin
Administrator - Elevation successful

========== regfind ==========

Searching for "Restrictions"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\internet explorer\restrictions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62B6A513-3764-42CD-8410-9B81E8DFF135}]
@="IRestrictionSub"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651C6-9B10-425E-B616-1FCD828DB3B1}]
@="ISiteRestrictions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E16F1874-C5B1-4400-A9F0-08E7FD4D3F8C}]
@="IRestrictionSize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WINDOW_RESTRICTIONS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WINDOW_RESTRICTIONS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\restrictions]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Software\Policies\Microsoft\internet explorer\restrictions]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]

Searching for "Policies"
[HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Policies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA126AD8-2166-11D1-B1D0-00805FC1270E}]
@="Network Group Policies for NLA Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FAEDCF68-31FE-11D1-AAD2-00805FC1270E}]
@="INetMachinePolicies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\Restriction Policies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\ALTTEXT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\MOVSYSCARET]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\TEXTSIZE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Zoom"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\AUTOAPPEND]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\AUTOCOMPLETE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\CTRLTABMRU]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\TabbedBrowsing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\FAVINTELLI]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\FORCE_OFFSCREEN]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\FRIENDLY_ERRORS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\IEONDESKTOP]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\IEUPDATECHECK]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\NOTIFYDOWNLOADCOMPLETE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\NSCSINGLEEXPAND]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\PT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\REUSEWINDOWS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER_IE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_ERROR_CACHE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SMOOTH_SCROLLING]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\ULINKS\ALWAYS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\ULINKS\HOVER]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\ULINKS\NEVER]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\USEBHO]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\USE_THEMES]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CACHE_FLUSH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CACHE_PAGES]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CD_LMZ_LOCKDOWN]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CERTREV]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CHECK_SIG]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Download"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\LMZ_LOCKDOWN]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\NEGOTIATE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PHISHINGFILTER\ALWAYS]
"RegPoliciesPath"="Software\Policies\Microsoft\Internet Explorer\PhishingFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PHISHINGFILTER\DISABLE]
"RegPoliciesPath"="Software\Policies\Microsoft\Internet Explorer\PhishingFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PHISHINGFILTER\MANUAL]
"RegPoliciesPath"="Software\Policies\Microsoft\Internet Explorer\PhishingFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\RUN_INV_SIG]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Download"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SECURE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SITECERT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL2.0]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL3.0]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSLREV]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SUBMIT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.0]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\XMLHTTP]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP\GENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP\PROXY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL\IDN]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL\IDN_INFOBAR]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL\IDN_INTRANET]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL\IDN_SHOWPUNY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL\UTF8_MAILTO]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL\UTF8_URL]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_VM\CONSOLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Java VM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_VM\JIT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Java VM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_VM\LOGGING]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Java VM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\ANIMAT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\AUTOIMAGERESIZE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\CLEARTYPE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\PICTS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\PLACEHOLDERS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\SMART_DITHERING]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\SOUNDS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\PRINT\BACKGROUND]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\SEARCHING\AUTOSEARCH\JUST_DISPLAY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\SEARCHING\AUTOSEARCH\NO_SEARCH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\SEARCHING\JUST_DISPLAY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\SEARCHING\NO_SEARCH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
"RegKey"="Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX\APPROVE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX_OPTIN\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX_OPTIN\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ALLOW_DYNSRC_VIDEO\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ALLOW_DYNSRC_VIDEO\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\BBHVR\APPROVE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\BBHVR\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\BBHVR\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\BBHVR\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ENABLE\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ENABLE\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ENABLE\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SAFETY\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SAFETY\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SAFETY\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SCRIPTLETRUN\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SCRIPTLETRUN\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SCRIPTLETRUN\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SCRIPTSAFE\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SCRIPTSAFE\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\SCRIPTSAFE\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\UNSIGNEDACTIVEX\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\UNSIGNEDACTIVEX\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\UNSIGNEDACTIVEX\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\AUTH\LOGON\ANONYMOUS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\AUTH\LOGON\ASK]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\AUTH\LOGON\COND]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\AUTH\LOGON\SILENT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\FILEDOWNLOAD\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\FILEDOWNLOAD\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\FONTDOWNLOAD\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\FONTDOWNLOAD\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\FONTDOWNLOAD\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\CUSTOM]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\HIGH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\LOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\MEDIUM]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ClientCertPrompt\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ClientCertPrompt\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\CrossDomainData\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\CrossDomainData\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\CrossDomainData\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\DRAGDROP\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\DRAGDROP\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\DRAGDROP\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORCE_ADDRESS_BAR\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORCE_ADDRESS_BAR\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\INC_UPLOAD_FILEPATH\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\INC_UPLOAD_FILEPATH\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\INSTALLDT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\INSTALLDT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\INSTALLDT\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\LAUNCHING\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\LAUNCHING\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\LAUNCHING\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\META_REFRESH\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\META_REFRESH\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIME_SNIFFING\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIME_SNIFFING\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIXED_CONTENT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIXED_CONTENT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIXED_CONTENT\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\NEWWINDOW\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\NEWWINDOW\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\PHISHINGFILTER\ALLOW]
"RegPoliciesPath"="Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\PHISHINGFILTER\DENY]
"RegPoliciesPath"="Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\RESTRICTED_PROTOCOLS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\RESTRICTED_PROTOCOLS\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\RESTRICTED_PROTOCOLS\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SHELLEXEC\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SHELLEXEC\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SHELLEXEC\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SOFTDIST\HIGH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SOFTDIST\LOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SOFTDIST\MEDIUM]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SubFrameNavigate\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SubFrameNavigate\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\SubFrameNavigate\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\UserData\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\UserData\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WebOC\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WebOC\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WINDOW_RESTRICTIONS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WINDOW_RESTRICTIONS\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ZONE_ELEVATION\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ZONE_ELEVATION\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ZONE_ELEVATION\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPT\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTJAVA\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTJAVA\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTJAVA\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTPASTE\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTPASTE\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTPASTE\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTPROMPT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTPROMPT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTSTATUS\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\SCRIPTING\SCRIPTSTATUS\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\LOOSE_XAML\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\LOOSE_XAML\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\LOOSE_XAML\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\WINDOWS_BROWSER_APPLICATIONS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\WINDOWS_BROWSER_APPLICATIONS\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\WINDOWS_BROWSER_APPLICATIONS\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\XPS_DOCUMENTS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\XPS_DOCUMENTS\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\XPS_DOCUMENTS\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WinFXSetup\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WinFXSetup\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX\APPROVE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX_OPTIN\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX_OPTIN\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ALLOW_DYNSRC_VIDEO\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ALLOW_DYNSRC_VIDEO\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\BBHVR\APPROVE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\BBHVR\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\BBHVR\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\BBHVR\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ENABLE\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ENABLE\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ENABLE\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SAFETY\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SAFETY\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SAFETY\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SCRIPTLETRUN\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SCRIPTLETRUN\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SCRIPTLETRUN\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SCRIPTSAFE\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SCRIPTSAFE\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\SCRIPTSAFE\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\UNSIGNEDACTIVEX\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\UNSIGNEDACTIVEX\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\UNSIGNEDACTIVEX\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\AUTH\LOGON\ANONYMOUS]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\AUTH\LOGON\ASK]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\AUTH\LOGON\COND]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\AUTH\LOGON\SILENT]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\FILEDOWNLOAD\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\FILEDOWNLOAD\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\FONTDOWNLOAD\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\FONTDOWNLOAD\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\FONTDOWNLOAD\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\CUSTOM]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\HIGH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\LOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\MEDIUM]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ClientCertPrompt\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ClientCertPrompt\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\CrossDomainData\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\CrossDomainData\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\CrossDomainData\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\DRAGDROP\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\DRAGDROP\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\DRAGDROP\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORCE_ADDRESS_BAR\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORCE_ADDRESS_BAR\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\INSTALLDT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\INSTALLDT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\INSTALLDT\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\LAUNCHING\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\LAUNCHING\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\LAUNCHING\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\META_REFRESH\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\META_REFRESH\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIME_SNIFFING\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIME_SNIFFING\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIXED_CONTENT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIXED_CONTENT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIXED_CONTENT\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\RESTRICTED_PROTOCOLS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\RESTRICTED_PROTOCOLS\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\RESTRICTED_PROTOCOLS\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SHELLEXEC\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SHELLEXEC\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SHELLEXEC\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SOFTDIST\HIGH]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SOFTDIST\LOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SOFTDIST\MEDIUM]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SubFrameNavigate\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SubFrameNavigate\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\SubFrameNavigate\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\UserData\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\UserData\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WebOC\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WebOC\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WINDOW_RESTRICTIONS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WINDOW_RESTRICTIONS\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ZONE_ELEVATION\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ZONE_ELEVATION\ENABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ZONE_ELEVATION\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPT\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPT\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPT\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTJAVA\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTJAVA\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTJAVA\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTPASTE\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTPASTE\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTPASTE\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTSTATUS\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\SCRIPTING\SCRIPTSTATUS\DENY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\LOOSE_XAML\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\LOOSE_XAML\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\LOOSE_XAML\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\WINDOWS_BROWSER_APPLICATIONS\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\WINDOWS_BROWSER_APPLICATIONS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\WINDOWS_BROWSER_APPLICATIONS\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\XPS_DOCUMENTS\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\XPS_DOCUMENTS\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\XPS_DOCUMENTS\QUERY]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WinFXSetup\ALLOW]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WinFXSetup\DISABLE]
"RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLastUserName]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/SOFTWARE/policies/Microsoft/windows

NT/DCOM/MachineAccessRestriction]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/SOFTWARE/policies/Microsoft/windows

NT/DCOM/MachineLaunchRestriction]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8e47639b-8144-4e40-9b3e-11adc735f622}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a70ba770-21dd-41cf-bcf1-4a7de43f3dea}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d22a3230-59fd-4cd7-8fa7-abce820292ca}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9bdc288c-38b8-4d02-bbbf-77243b07d151}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{5f516021-5702-4f52-b1d5-7ea996f9f88f}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{af5c167f-55ba-4f9b-a5c0-53968c6bccdf}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9bdc288c-38b8-4d02-bbbf-77243b07d151}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8e47639b-8144-4e40-9b3e-11adc735f622}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a70ba770-21dd-41cf-bcf1-4a7de43f3dea}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d22a3230-59fd-4cd7-8fa7-abce820292ca}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{86e5f335-e55b-48b8-8f16-805d54621f3f}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2231d3dc-a6f8-41db-801e-d2e8c1156f7c}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{9251e48e-852d-4c87-b06c-462e20199233}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{fdb2a010-c654-4080-94f3-92005e4a8709}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2231d3dc-a6f8-41db-801e-d2e8c1156f7c}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{86e5f335-e55b-48b8-8f16-805d54621f3f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2231d3dc-a6f8-41db-801e-d2e8c1156f7c}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8e47639b-8144-4e40-9b3e-11adc735f622}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8e47639b-8144-4e40-9b3e-11adc735f622}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8e47639b-8144-4e40-9b3e-11adc735f622}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9bdc288c-38b8-4d02-bbbf-77243b07d151}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9bdc288c-38b8-4d02-bbbf-77243b07d151}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9bdc288c-38b8-4d02-bbbf-77243b07d151}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a70ba770-21dd-41cf-bcf1-4a7de43f3dea}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a70ba770-21dd-41cf-bcf1-4a7de43f3dea}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a70ba770-21dd-41cf-bcf1-4a7de43f3dea}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{af5c167f-55ba-4f9b-a5c0-53968c6bccdf}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{5f516021-5702-4f52-b1d5-7ea996f9f88f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{af5c167f-55ba-4f9b-a5c0-53968c6bccdf}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d22a3230-59fd-4cd7-8fa7-abce820292ca}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d22a3230-59fd-4cd7-8fa7-abce820292ca}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d22a3230-59fd-4cd7-8fa7-abce820292ca}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{fdb2a010-c654-4080-94f3-92005e4a8709}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{9251e48e-852d-4c87-b06c-462e20199233}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{fdb2a010-c654-4080-94f3-92005e4a8709}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9bdc288c-38b8-4d02-bbbf-77243b07d151}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a70ba770-21dd-41cf-bcf1-4a7de43f3dea}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{af5c167f-55ba-4f9b-a5c0-53968c6bccdf}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{fdb2a010-c654-4080-94f3-92005e4a8709}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d22a3230-59fd-4cd7-8fa7-abce820292ca}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8e47639b-8144-4e40-9b3e-11adc735f622}

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2231d3dc-a6f8-41db-801e-d2e8c1156f7c}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Search Service Windows Product Activation Windows 3.1 Migration

WgaSetup WebClient W3Ctrs VSSetup VSS VS80sp1-KB2548826-v4-X86-INTL VBRuntime Userinit Userenv TrojanHunter Trend Realtime Service Tlntsvr

System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization

3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs SPInstaller

Software Restriction Policies Software Installation Small Business Accounting ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy

SceSrv SceCli Sandra safrslv SAFrdms RPC Remote Assistance PortReporter PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files

Oakley Ntbackup.ini ntbackup Nokia Software
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Restriction Policies]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Search Service Windows Product Activation Windows 3.1 Migration

WgaSetup WebClient W3Ctrs VSSetup VSS VS80sp1-KB2548826-v4-X86-INTL VBRuntime Userinit Userenv TrojanHunter Trend Realtime Service Tlntsvr

System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization

3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs SPInstaller

Software Restriction Policies Software Installation Small Business Accounting ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy

SceSrv SceCli Sandra safrslv SAFrdms RPC Remote Assistance PortReporter PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files

Oakley Ntbackup.ini ntbackup Nokia Software
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Software Restriction Policies]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Search Service Windows Product Activation Windows 3.1 Migration

WgaSetup WebClient W3Ctrs VSSetup VSS VS80sp1-KB2548826-v4-X86-INTL VBRuntime Userinit Userenv TrojanHunter Trend Realtime Service Tlntsvr

System.ServiceModel.Install 3.0.0.0 System.ServiceModel 4.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 4.0.0.0 System.Runtime.Serialization

3.0.0.0 System.IO.Log 4.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 4.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SpoolerCtrs SPInstaller

Software Restriction Policies Software Installation Small Business Accounting ServiceModel Audit 4.0.0.0 ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy

SceSrv SceCli Sandra safrslv SAFrdms RPC Remote Assistance PortReporter PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files

Oakley Ntbackup.ini ntbackup Nokia Soft
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Restriction Policies]
[HKEY_USERS\.DEFAULT\Control Panel\PowerCfg\PowerPolicies]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_USERS\.DEFAULT\Software\Policies]
[HKEY_USERS\S-1-5-19\Control Panel\PowerCfg\PowerPolicies]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_USERS\S-1-5-19\Software\Policies]
[HKEY_USERS\S-1-5-20\Control Panel\PowerCfg\PowerPolicies]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_USERS\S-1-5-20\Software\Policies]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Control Panel\PowerCfg\PowerPolicies]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Software\Policies]
[HKEY_USERS\S-1-5-18\Control Panel\PowerCfg\PowerPolicies]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_USERS\S-1-5-18\Software\Policies]

-= EOF =-


Edited by midimusicman79, 26 September 2014 - 08:29 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 26 September 2014 - 10:45 AM

Lets compromise,
Create a new folder and name it Downloaded_Files or some other name as you wish.

copy all the files in the folder in bold to that new folder.

C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp

When done run ComboFix and will take it from there.

#11 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 792 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:44 PM

Posted 27 September 2014 - 09:52 AM

Hi again, nasdaq.

 

It is nice that you are willing to compromise, but unfortunately there are some problems that actually prevent me from accepting.

 

  1. The amount of my Temporary files/folders is approximately 8.700/1.900 and their space is approximately 1.7 GB, plus Windows Temporary files/folders is approximately 3.500/900 and their space is approximately 1.2 GB. Totals 12.200/2.800 files/folders and 2.9 GB space. Therefore it would quite possibly crash my computer if I try to copy all these files and folders to a new folder for backup purposes, like you suggest.
  2. I have a strange folder in my Recycle Bin which, if I try to empty it, prompts me with the following question: "Do you really want to delete Windows?" The folder is named AA0970208A46FFB4, contains the subfolders 11 and 15, occupies 276kB, and was originally located in C:\Documents and Settings\Torbjoern Martin\My Documents\My Music\iTunes\Album Artwork\Local .
  3. Furthermore, and this may sound a little extravagant, but unfortunately I have a special Norwegian letter in my first name (Torbjoern) and, thoughtlessly enough in my user name as well, which I have no idea how ComboFix would tackle. Some of the other anti-spyware tools that I have ran so far, either accept the letter totally, others particially, and even others may in fact crash because of this. And obviously I cannot change my user name unless I buy myself a new computer! :smash:

So, all in all, I am afraid I have to answer 'no' to your suggestions, as it is just too risky to proceed with running ComboFix, please forgive me.

 

Thank you, Sir, for all your help, time and thoughtfulness.

 

Regards,

midimusicman79.


Edited by midimusicman79, 28 September 2014 - 08:48 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 03 October 2014 - 08:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users