Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MeBroot removal steps


  • This topic is locked This topic is locked
9 replies to this topic

#1 intense nex

intense nex

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 21 July 2010 - 06:12 PM

Continuation to http://www.bleepingcomputer.com/forums/t/333603/mebroot-removal-steps/

i ran DDS 3 hrs ago and had the files ready for your request. Hoping that doesn't change anything. Please check attached files.

Gmer runs well for me its just i don't know how to really use it.

Attached Files



BC AdBot (Login to Remove)

 


#2 intense nex

intense nex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 25 July 2010 - 10:09 AM

In response to Orange Blossom here:

http://www.bleepingcomputer.com/forums/t/333603/mebroot-removal-steps/

I thought i should inform u folks that i ran CC Cleaner to fix my reg as opposed by "you should NOT make further changes to your computer " . So am i required to re-run DDS script ?

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 28 July 2010 - 04:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 06 August 2010 - 04:37 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 18 August 2010 - 03:10 AM

Topic reopened. Please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 intense nex

intense nex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 18 August 2010 - 10:16 AM

EXTRAS.TXT


OTL Extras logfile created on: 8/18/2010 4:02:16 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\100341072\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.24 Gb Total Space | 4.71 Gb Free Space | 7.57% Space Free | Partition Type: NTFS
Drive D: | 86.81 Gb Total Space | 25.53 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.65 Gb Total Space | 50.62 Gb Free Space | 10.87% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 16.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: UOSL09-C1967C74
Current User Name: 100341072
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57763:TCP" = 57763:TCP:*:Enabled:Pando Media Booster
"57763:UDP" = 57763:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57763:TCP" = 57763:TCP:*:Enabled:Pando Media Booster
"57763:UDP" = 57763:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Program Files\Combat Arms\CombatArms.exe" = D:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Program Files\Combat Arms\Engine.exe" = D:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\Program Files\Combat Arms\CombatArms.exe" = D:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Program Files\Combat Arms\Engine.exe" = D:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\3dsmax7\3dsmax.exe" = C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7 -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\backburner 2\monitor.exe" = C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\backburner 2\manager.exe" = C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\backburner 2\server.exe" = C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\uTorrent\uTorrent .exe" = C:\Program Files\uTorrent\uTorrent .exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\My Documents\Downloads\utorrent.exe" = D:\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Steam\steamapps\common\kane & lynch 2 - dog days demo\kl2.exe" = D:\Program Files\Steam\steamapps\common\kane & lynch 2 - dog days demo\kl2.exe:*:Enabled:Kane & Lynch 2: Dog Days Demo -- (Io Interactive A/S)
"D:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = D:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"D:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = D:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program Files\Steam\steamapps\intensen_nex\pirates, vikings, and knights ii\hl2.exe" = D:\Program Files\Steam\steamapps\intensen_nex\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II -- ()
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{022376C1-ADF1-4781-9374-1045F09C0DE4}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04EF0266-1A3B-4A3C-82DD-1624105C935B}" = NI SCXI 1.10.0
"{05753821-B1DF-434A-8C85-63921360BA89}" = NI Logos XT Support
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{065F29A4-D4D9-4BB9-85AF-8A878907BBD6}" = NI LabVIEW Run-Time Engine 8.5.1
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07964107-2400-44CC-B284-5BE58B4C30D4}" = Ride7
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B9DB47E-540D-402D-81C8-EE1052766273}" = NI LabVIEW 8.6.1 Templates
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E1A5A05-EFAC-4424-AC33-710646AD345C}" = NI DAQ Assistant 1.10.0
"{0E4AD61E-94EA-455A-8038-B2C565F39EAD}" = NI Calibration Provider for MAX
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{16AF46BD-5ED9-4E2B-84D4-DC40354BAD19}" = NI Trace Engine
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199DA648-61E8-45F1-B535-E69DF1113060}" = NI Remote Provider for MAX
"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support
"{1C16DA31-24E9-448C-BBE2-B84F249B84C3}" = NI-DAQ Document Set
"{1C85CCAA-9616-439B-897D-8E618EA2EA61}" = NI Assistant Framework LabVIEW Code Generator 8.6
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E359417-A7A1-45E2-8A60-1E1A0FAED597}" = NI Assistant Framework
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks closed beta v.0.4.5
"{1EF6FDF1-2D2A-4E0A-B6F3-BD1044888BB2}" = NI-MRU 2.10.1f0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{200049BA-E9A9-44E8-B9C2-F8DBC5780069}" = PLM JT Bi-directional Translator for CATIA V5 version 6.1
"{200813E6-F3F2-44EA-B4FE-B99C4EE061FE}" = Solid Edge Machinery Library
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20BAE35A-D9B1-44E4-9DF4-16D305FFF3C0}" = NI LabVIEW 8.6.1 WWW
"{21FAE7B9-C315-4949-A83E-48BFC9F3E845}" = NI LabVIEW 8.6.1 Project
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23432E7A-1DBA-4765-8DCA-36097AA7F64C}" = NI LabVIEW 8.6 Simulation
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{2A8E68D8-2D07-47E6-AA43-74A24A6C6037}" = PLM Components JT Translator for Pro/ENGINEER v7.0
"{2BB8B2CF-AABC-497D-B0B4-6318E4CCBDCA}" = ModelSim-Altera 6.1g (Quartus II 7.2) Web Edition
"{2D7ED304-40EE-422B-B524-43E4203D2602}" = NI Timing Installer 1.13.0
"{2E8DC19D-E1E1-402D-A483-CFF559207B94}" = FileOpen Plug-in for Adobe Acrobat® and Adobe Reader®
"{3116A1B1-4E07-46ED-89F9-57409D88588A}" = NI MetaSuite Installer
"{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java™ SE Development Kit 6 Update 12
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35F7B2DD-1874-4FAC-A4BE-76E16446B468}" = NI License Manager
"{36CDEFCF-00E6-468C-B5AE-F40684F5E7A4}" = PLM Components JT Translator for Pro ENGINEER
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3B410500-1802-488E-9EF1-4B11992E0440}" = VMware Tools
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CF58C9D-776D-4AD3-807C-E1F53DC07B82}" = Microsoft Runtime Components 7.0
"{3E148C99-EC41-43A4-BB66-33918A57D8BE}" = NI Logos LabVIEW 8.6 Support
"{3E7E05EC-C38A-41D8-A2DB-2D1E09D65E74}" = NI Enhanced DSC Deployment Support for LabVIEW 8.6.1
"{3F99A228-0BBD-40B6-8AEB-A6F689688969}" = NI LabWindows/CVI Code Generator
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{4124F21F-41E3-4A13-9AAC-13AFEB23E88E}" = NI STC 1.2.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43561223-4A39-4DB6-9429-59144C02E988}" = PLM Components JT Translator for Pro ENGINEER
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4772BE8A-D8B7-4E1D-B492-3273402713B3}" = NI Measurement Studio MAX Configuration Support for VS2008
"{47EDEDEE-2EB3-4768-AD3B-7DA5108B5B0D}" = NI LabVIEW 8.6 License
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B45D29E-0D63-44D4-91FF-EA4394BE822A}" = NI LabVIEW Deployable License 8.6.1
"{4D0918D4-1046-47B9-9A8E-53778E84C511}" = NI MXS
"{4D93F309-66EE-4B88-ABFE-7F876DC823CE}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{4E0DE929-EB66-4A28-A351-645B22369078}" = NI Update Service 1.0
"{50F88190-99D8-4BE3-9D96-B80C6A60A5D1}" = NI Portable Configuration
"{5107C9DC-43B2-4A84-9F3F-725C65108221}" = NI USI 1.5.1
"{51A6EDD9-CC43-4BF2-9210-4EBDF38C618A}" = NI MAX LabVIEW Support
"{51FF87E3-E138-4A7A-9A07-096E7A64CC0F}" = NI LabVIEW 8.6 Help
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{53B5ECB6-64DB-4E79-91FA-10CBC512660D}" = NI-ORB 1.9.0f0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54304862-E6F4-4590-AA10-3B1A8B548BA2}" = Quartus II 7.2 Programmer and SignalTap II
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{560CA7AD-9745-4331-B465-B68D276E6E89}" = NI Measurement Studio MAX Configuration Support for VS2003
"{573E9FAB-D896-49E2-A858-E8DE60BDFA64}" = PLM Components JT Translator for Pro ENGINEER
"{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{596AA1A8-7EF0-4489-97CC-08695F7EF935}" = NI LabVIEW SignalExpress 3.0 Tools
"{5D23734B-6D69-44DF-9014-C4F70FB82B1E}" = NI Measurement & Automation Explorer 4.5
"{60AB4A75-FC53-4F33-BA84-34795A05F2C2}" = NI Variable Engine LabVIEW 8.6 Support
"{63111C36-ABFA-4B9D-8C3B-FF37B23DECA3}" = MegaCore IP Library 7.2
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{67241D62-D132-4DFD-A6D1-6366C1583C1C}" = NI LabVIEW 8.6.1
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68624FB8-2512-46B5-9664-64366DCCB3EB}" = SAS 9.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F9B60B-DD42-43F6-8B74-3E2C85DB3347}" = NI Circuit Design Suite 10.1.1 Education
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{6B54DB6D-6F00-4353-AB03-27374FC91F2F}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D5A49E3-981E-4CCB-AC23-E9C9DE259259}" = NI-653x Installer 1.9.0
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{701849E9-EF15-472D-80C3-039CA1D58F9B}" = NI FSL Installer 1.8.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B4471-C8EF-4C7B-A93A-1B994FD1DAE1}" = NI-DAQ INF Files
"{73234AD9-FDD0-4B3C-82C1-AA317F41E327}" = NI-APAL Error Files 1.4.0f1
"{7469D3E1-2470-4539-81CB-A95036683D9B}" = NI Update Service Extras 1.0
"{74712ACB-DD68-4A05-8D2B-8ABD5B29087C}" = NI Circuit Design Suite 10.1.1 Core
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F29E62-CEE0-44A5-932A-B69813C853EB}" = NI Measurement Studio MAX Configuration Support for VS2005
"{79BEC7FA-43D4-446B-A07C-64506D776892}" = NI LabVIEW 8.6.1 CINtools
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7B505C4F-900B-494C-9B58-DA001DB1204C}" = NI-PAL 2.4.0f0
"{7CD4746F-C707-415A-A17C-E622BAE7167C}" = NI Distributed System Manager
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{802B0C64-13C5-4677-8FAD-37A1D1588D83}" = NI LabVIEW 8.6.1 Menus
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82220A94-0F8F-407F-9867-C4BA52A9DA49}" = NI LabVIEW 8.6.1 VI.lib
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{87F52851-470E-48D9-AE00-B8EE2D65BDC2}" = NI LabVIEW Merge Utility 8.6.0
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A64016B-5822-44B4-82E0-65E052C8683F}" = NI LabVIEW Web Server
"{8B0C876C-37FE-11D4-883A-00C04F38F645}" = Microsoft Runtime Components
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5BB34F-54A7-40D7-8712-F78ADC5336CB}" = NI LVBrokerAux 8.6.0
"{8DF4E6BE-9DEE-4A64-8A3C-96E7C67D6B86}" = NI AFW Channel Configuration Tool
"{8E820C52-1F2D-4662-8A11-D71C6F960DDF}" = NI LabVIEW 8.6.1 gMath
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{210C9999-D2CD-4E41-837D-D84AF2C5A8B7}" =
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{21BFF584-C6C8-4365-A7D5-7E5802C0219F}" =
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{EA35370F-586C-45E1-AC6C-A4E275C6B762}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{75EC8FFC-B913-4991-B3A1-22576D2FC45D}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97EB73FA-5CED-44F2-889A-79CC34DFAE62}_is1" = STM8S Touch Sensing Package V1.3.0
"{97F1CE79-9619-420C-9FFA-56197E059D33}" = NI LabVIEW Broker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B0CFC5C-99C3-4859-87EF-C7E56A531D78}" = NI Remote PXI Provider for MAX
"{9C3AC133-6E56-4A36-9C7B-9FD53B866494}" = NI LabVIEW 8.6.1 User.lib
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CED85C4-6316-45CD-8B92-3775C27D9466}" = NI MXS 4.5.0f0 for LabVIEW Real-Time
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E5C4739-D269-4ACC-BB46-4383920151E8}" = NI Circuit Design Suite 10.1.1 Edu Licenses
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A07DB974-1B10-45D6-A336-4EB707437339}" = PLM JT Bi-directional Translator for CATIA V5 version 6.1
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3370DAC-E7A9-4843-B84C-31EF654A5938}" = NI Example Finder 8.6
"{A3CC88BF-D760-401E-8FED-64A26ECC4B89}" = NI-MXEF 2.2.0
"{A4AAFE37-4DA2-4F38-9A50-6003F2494096}" = LabVIEW Web Services
"{A52BFE95-969C-4FEF-B455-BE0F6E9CF126}" = NI Service Locator
"{A8271C78-CAAF-49F1-9034-A612B606B4AD}" = QuickWave 3D & V2D v7.5 rev1 DEMO
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B6F571-EA7C-4128-811A-E1CD38334387}" = Microsoft .NET Framework 2.0 Language Pack - JPN
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE8D32F-1365-4442-A956-9EC1719E79FF}" = NI Instrument IO Assistant for LabVIEW 8.6
"{ADAD3A9A-8E72-405F-BB2E-535AA7C8A936}" = NI Logos 5.0
"{AE7302AE-17CC-4C0A-8DED-D7DA86919251}" = Quartus II 7.2 Web Edition
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel® PROSet/Wireless WiFi Software
"{AF5FB1B3-1E13-429C-9DE7-D2846DEDDACE}" = NI EULA Depot
"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
"{B032CEB6-10AA-4C60-B5EE-63BD06070FF5}" = NI LabVIEW 8.6.1 Applibs
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}" = SigmaPlot 11.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B67435B5-EF93-4EE0-BFCD-74D5F3C3F23F}" = NI LabVIEW 8.6 MeasAppChm File
"{B6C16F2C-44DD-4D1E-99C0-455E74C735F5}" = NI LabVIEW 8.6 Deployment Framework
"{B7F61F72-D91E-4D62-B602-BBB45FFCF2C3}" = NI MIO Device Drivers 2.0.1
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9AB73ED-28BA-4740-98F4-1895E893DC2C}" = NI ELVISmx 4.1
"{BC520820-FFB2-435B-9630-034569D100C8}" = NI Light Weight PSP Control Environment
"{BC991DB2-9E92-49A7-A613-B3B54A5DE9C0}_is1" = Xors3d Trial 1.15
"{BC9A3265-9A35-4C7B-93EE-5F697F09CFBF}" = QuickWave Manuals v7.5 rev1 DEMO
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF7B908D-03F0-47B7-8BCB-597ECD0F0806}" = NI Uninstaller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5E59B58-F2AF-4E66-8F9E-7D73FE45FFD2}" = NI PXI Platform Services 2.4.2 Configuration Support
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C771F7B4-6246-4D22-8B6B-210CAAC23F91}" = Nios II Embedded Design Suite 7.2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CB1D57E4-1FD3-4EE5-98D6-049B5755B9D3}" = NI LabVIEW 8.6.1 iMath
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFB6A98-BD10-46BC-A410-CA683C0AAEE8}" = NI-MDBG 1.9.0f0
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5BE6B0-5F10-4910-93E0-95880A177AFE}" = NI-MXDF 1.10.0f0
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CF6FBE0D-CCF3-461E-94FD-C35B9666F6F6}" = NI Variable Engine
"{CFB0F311-C051-4760-A64A-12CA2609E91A}" = NI TDMS
"{CFF2AF40-7799-4BB8-AFF9-88FE6350A31C}" = NI DataSocket 4.6.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0FA7C37-C23C-42D0-9135-05A92F3C3432}" = NI MAX CVI Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D202EF11-60CD-4167-A708-9D80AC6D1D3C}" = NI MDF Support
"{D21ED09B-C194-4937-A219-6F1901EC3C2E}" = NI-DAQ C and VB6 API
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D32F724F-1415-478E-B039-794C51C810C6}" = NI PXI Platform Services 2.4.2 Expert
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D7BCF606-5821-4D1D-889E-76AE9D00E439}" = Solid Edge ST
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D80F4010-990F-11D3-B362-006008E7FE2C}" = ST Toolset
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB72CAC1-018E-4C75-B438-9EB46F302F92}" = NI-DAQmx Documentation
"{DB96BAE9-2109-4C0A-9D52-5254F146F950}" = NI LabVIEW 8.6.1 Instr.lib
"{DD26A68B-8032-4360-B40B-695B4BC1F9B9}" = PLM JT Bi-directional Translator for CATIA V5 version 6.1
"{DD3AEFA1-8681-45F2-9ED5-21B78560ECF3}" = RKit-STM8 for Ride7
"{DE2D4A5E-DEC1-486C-9D15-4D3F24E44774}" = NI LabVIEW Real-Time NBFifo
"{DEA1D87B-DECA-47F2-A9D2-2074B2805390}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 3.5
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E0706E40-440D-4ED8-AC52-DC2A0F60C7F2}" = NI LabVIEW 8.6.1 Resource
"{E0C7991F-B4FB-43B5-8C31-F292E93F0719}" = NI ELVISmx Instrument Launcher
"{E35269EE-4191-454F-BFAA-C3564A69654D}" = NI-DIM 1.9.0f0
"{E376B763-CCA4-4909-B984-4038ED8A2971}" = COSMIC STM8 16K C Compiler
"{E4380F50-473D-4C68-8E33-B9513FF693C9}" = NI-DAQmx Switch Core 1.15.0
"{E4637ACC-37D1-47F5-911B-01C38D3E6399}" = NI-RPC 4.0.0f0 for Phar Lap ETS
"{E4B8D98E-8AA0-4EC2-8B27-4DFB63025E85}" = Audacity
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5E41719-FB9C-4093-A715-673CF1101386}" = NI-DAQmx 8.9.0
"{E5F6E1A6-44AA-4CF7-883E-4F7FA7C4BCA5}" = 3ds max 7 Reference Files
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B966C5-4621-4E2A-A06F-1F1D8963637A}" = NI LabVIEW 8.6 Help File
"{E7462ECA-075B-4370-B0DA-F2EE132640A2}" = NI-MXLC 1.2.1f1
"{E758CD41-F57B-4CAE-999A-878070216BA0}" = NI OPC Support
"{EBBF853B-0539-40B8-A4B4-50C462C158C9}" = DSP Builder v7.2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0C1E96F-6BC9-457E-B5EC-4B369BC37864}" = PLM Components JT Translator for Pro ENGINEER
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1563171-2C0D-4CD7-904D-477387CD0B9F}" = NI Common Digital 1.9.0
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F1E5095D-0F73-44C6-B760-CEC13DE67285}" = NI LabVIEW 8.6.1 Examples
"{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer
"{F30A86E1-6A82-4D9C-870F-7A81D999C405}" = NI Software Provider for MAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F43867C9-68FD-46C7-B0AF-214356305B5E}" = Microsoft SQL Server Management Studio Express
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7570A98-64A7-4F33-9714-AB93A05889BF}" = NI PXI Platform Services 2.4.2
"{F851BCDD-6873-4C10-A190-D85BF4382905}" = NI-DAQmx MAX Support 1.12.0
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FD5D4137-EEC7-4CD9-8A1C-DE62D33469BE}" = NI LabVIEW SignalExpress 3.0 Datatypes
"{FE159BC0-1D40-449B-A0AE-CB4F642CF3DC}" = NI-RPC 4.0.0f0
"{FE34ECB1-BEDB-4E1C-A08D-DD2CB9AD2B7E}" = NI Dynamic Signal Acquisition Installer 1.13.0
"{FE7CCD97-B1BC-492C-BFC0-8117A3CF8C1A}" = NI PXI Platform Framework 1.1.0
"{FEF0CD08-371E-4068-81D5-EED61B647FB4}" = NI LabVIEW 8.6 Manuals
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3D Driving-School" = 3D Driving-School
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Akamai" = Akamai NetSession Interface
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Crimsonland_is1" = Crimsonland
"e7b5d423e2fcc19f6c91a3c2b5238c8a" = SAS Private JRE (J2SE™ Java Runtime Environment 1.4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Episode 201 - Ice Station Santa" = Sam and Max - Season Two - Sam and Max Episode 201 - Ice Station Santa
"Episode 202 - Moai Better Blues" = Sam and Max - Season Two - Sam and Max Episode 202 - Moai Better Blues
"Episode 203 - Night of the Raving Dead" = Sam and Max - Season Two - Sam and Max Episode 203 - Night of the Raving Dead
"Episode 204 - Chariots of the Dogs" = Sam and Max - Season Two - Sam and Max Episode 204 - Chariots of the Dogs
"Episode 205 - What's New, Beelzebub?" = Sam and Max - Season Two - Sam and Max Episode 205 - What's New, Beelzebub?
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.3
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"Hamachi" = Hamachi 1.0.1.5
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"IDEal_is1" = IDEal 0.8.94
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Karnaugh Map Minimizer" = Karnaugh Map Minimizer 0.4
"LMCrack" = LMCrack
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 13" = Maple 13
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 2.0 Language Pack - JPN" = Microsoft .NET Framework 2.0 日本語 Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"MiKTeX 2.7" = MiKTeX 2.7
"MinGW" = MinGW 5.1.4
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"OpenAL" = OpenAL
"OSA Kit Pro Player" = OSA Kit Pro Player v4.0 1.0
"OSA Kit Pro SDK" = OSA Kit Pro SDK v4.0 2.1
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PonyProg2000_is1" = PonyProg2000 v2.07c
"Power Management Driver" = ThinkPad Power Management Driver
"PRJPRO" = Microsoft Office Project Professional 2007
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"SpeedFan" = SpeedFan (remove only)
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 211" = Source SDK
"Steam App 220" = Half-Life 2
"Steam App 28020" = Kane & Lynch 2: Dog Days Demo
"Steam App 32470" = Star Wars: Empire at War Gold
"Steam App 36710" = The Scourge Project: Episode 1 and 2 Demo
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 7830" = Men of War
"Steam App 8190" = Just Cause 2
"SWiSH Max2" = SWiSH Max2
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"The Haptek Player" = The Haptek Player
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UDK-b980982f-a572-41a6-ba0f-6a8a3255fdca" = Sanctum Demo
"UDK-d6efffdc-ebb5-430b-81c1-2ad6b9ffbd9a" = Unreal Development Kit: 2010-07
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.5
"V-Ray for 3dsmax R8 for x86" = V-Ray for 3dsmax R8 for x86
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinEdt_is1" = WinEdt
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Megadrum Config Tool" = Megadrum Config Tool
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2010 2:24:25 AM | Computer Name = UOSL09-C1967C74 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\oncampus.local\NETLOGON\AcademicIntegrity\stu\icon.bat.
The network name cannot be found. .

Error - 8/18/2010 2:24:46 AM | Computer Name = UOSL09-C1967C74 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\oncampus.local\NETLOGON\IE6SiteAddition.bat.
The network name cannot be found. .

Error - 8/18/2010 2:50:26 AM | Computer Name = UOSL09-C1967C74 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/18/2010 2:50:44 AM | Computer Name = UOSL09-C1967C74 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/18/2010 2:51:30 AM | Computer Name = UOSL09-C1967C74 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\oncampus.local\NETLOGON\AcademicIntegrity\stu\icon.bat.
The network name cannot be found. .

Error - 8/18/2010 2:51:52 AM | Computer Name = UOSL09-C1967C74 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\oncampus.local\NETLOGON\IE6SiteAddition.bat.
The network name cannot be found. .

Error - 8/18/2010 3:05:14 AM | Computer Name = UOSL09-C1967C74 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/18/2010 3:05:25 AM | Computer Name = UOSL09-C1967C74 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/18/2010 3:06:17 AM | Computer Name = UOSL09-C1967C74 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\oncampus.local\NETLOGON\AcademicIntegrity\stu\icon.bat.
The network name cannot be found. .

Error - 8/18/2010 3:06:38 AM | Computer Name = UOSL09-C1967C74 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\oncampus.local\NETLOGON\IE6SiteAddition.bat.
The network name cannot be found. .

[ OSession Events ]
Error - 5/14/2010 12:56:48 AM | Computer Name = UOSL09-C1967C74 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/4/2010 10:55:34 AM | Computer Name = UOSL09-C1967C74 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 558
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/5/2010 11:48:04 AM | Computer Name = UOSL09-C1967C74 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 52866
seconds with 1440 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/18/2010 3:02:00 AM | Computer Name = UOSL09-C1967C74 | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 8/18/2010 3:05:13 AM | Computer Name = UOSL09-C1967C74 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ONCAMPUS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/18/2010 3:05:26 AM | Computer Name = UOSL09-C1967C74 | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x80090016.

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7001
Description = The Altera ByteBlaster service depends on the Parallel port driver
service which failed to start because of the following error: %%1058

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7000
Description = The par1284 service failed to start due to the following error: %%20

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VMware Tools Service
service to connect.

Error - 8/18/2010 3:06:16 AM | Computer Name = UOSL09-C1967C74 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440 atiide IntelIde vmscsi

[ TuneUp Events ]
Error - 7/22/2010 7:49:20 PM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-23 07:49:20', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','7524',0)

Error - 7/28/2010 1:45:18 AM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-28 13:45:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6316',0)

Error - 7/28/2010 1:48:24 AM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-28 13:48:24', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','7052',0)

Error - 7/31/2010 2:52:45 PM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-01 02:52:44', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','7368',0)

Error - 7/31/2010 2:54:00 PM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-01 02:54:00', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6264',0)

Error - 8/4/2010 11:05:29 AM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-04 23:05:28', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5368',0)

Error - 8/12/2010 2:16:56 AM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 14:16:56', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3496',0)

Error - 8/12/2010 10:00:03 AM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 22:00:03', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','4280',0)

Error - 8/18/2010 1:42:51 AM | Computer Name = UOSL09-C1967C74 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 13:42:51', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2824',0)


< End of report >


OTL.txt



OTL logfile created on: 8/18/2010 4:02:16 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\100341072\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.24 Gb Total Space | 4.71 Gb Free Space | 7.57% Space Free | Partition Type: NTFS
Drive D: | 86.81 Gb Total Space | 25.53 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.65 Gb Total Space | 50.62 Gb Free Space | 10.87% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 16.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: UOSL09-C1967C74
Current User Name: 100341072
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/18 15:57:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\100341072\Desktop\OTL.exe
PRC - [2010/07/22 11:34:45 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/07/22 11:34:44 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe
PRC - [2010/06/30 01:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/29 10:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\100341072\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/27 05:50:23 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/04/30 03:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/15 23:26:37 | 001,039,360 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2009/06/05 19:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2009/04/27 21:37:52 | 000,178,944 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2009\RepairWizard.exe
PRC - [2009/04/27 21:37:46 | 000,552,192 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
PRC - [2009/04/27 21:37:42 | 000,619,264 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2009\OneClick.exe
PRC - [2009/04/27 21:37:38 | 001,400,576 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2009\Integrator.exe
PRC - [2009/04/17 19:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\amtmon.exe
PRC - [2009/04/17 19:22:00 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/04/15 19:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/03/25 20:40:58 | 000,225,280 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDRegWatch.exe
PRC - [2009/03/24 19:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/03/24 19:32:40 | 000,249,856 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDInventoryProvider.exe
PRC - [2009/03/23 22:07:54 | 000,294,912 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\alert.exe
PRC - [2009/03/23 22:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/03/10 19:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/02/06 14:29:14 | 000,657,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\SysInspector.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/02/03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- G:\procexp.exe
PRC - [2008/12/04 19:12:38 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2008/12/02 05:49:14 | 000,608,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2008/12/01 23:33:56 | 001,406,192 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/21 22:56:20 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/11/12 03:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2008/11/12 03:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2008/11/12 03:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2008/09/29 22:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/08/22 10:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2008/07/11 08:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/11 08:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/11 08:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/11 08:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/05/15 04:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/04/13 16:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Copy of explorer.exe
PRC - [2008/04/03 04:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/11/30 17:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/11/07 03:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/10/23 21:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/09/19 23:30:50 | 000,167,936 | ---- | M] () -- c:\altera\72\quartus\bin\jtagserver.exe
PRC - [2007/08/31 19:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/06/22 09:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
PRC - [2007/03/22 01:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/01/02 05:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/08/18 15:57:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\100341072\Desktop\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/22 11:34:45 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/07/22 11:34:44 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Running] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/06/27 05:50:23 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/06/25 20:55:15 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/20 02:53:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 19:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2009/04/27 20:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/04/17 19:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\amtmon.exe -- (LANDesk® Out-of-Band Monitor Service) LANDesk®
SRV - [2009/04/15 19:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/03/24 19:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/03/23 22:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 19:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/12/02 05:49:14 | 000,608,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/21 22:56:20 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/11/19 02:27:56 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2008/11/12 03:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/11/12 03:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2008/11/12 03:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2008/09/29 22:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/22 10:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/22 10:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu)
SRV - [2008/08/09 04:04:22 | 000,264,752 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Tools\VMwareService.exe -- (VMTools)
SRV - [2008/08/09 04:04:21 | 000,294,912 | R--- | M] (ThinPrint GmbH) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2008/07/30 01:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/07/11 08:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/11 08:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/07/11 08:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/11 08:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/11 08:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/11 08:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/05/15 04:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/04/03 04:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/11/30 17:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/11/07 03:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/10/23 21:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/09/19 23:30:50 | 000,167,936 | ---- | M] () [Auto | Running] -- c:\altera\72\quartus\bin\jtagserver.exe -- (JTAGServer)
SRV - [2007/08/31 19:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/06/22 09:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2007/05/10 03:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007/03/22 01:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2005/11/14 13:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usb6xxxkl.sys -- (usb6xxxk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\100341~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\dibjyfl.sys -- (dqnnrbfa)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010/07/18 02:20:08 | 000,125,056 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/30 03:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/17 21:24:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/02 13:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/06/04 02:30:48 | 000,050,704 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2009/06/04 02:29:58 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/06/04 02:29:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/06/04 02:28:59 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/06/04 02:28:59 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/06/04 02:28:58 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/04 02:28:57 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/06/04 02:28:15 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/04 02:27:57 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2009/06/04 02:25:25 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/04 02:25:25 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/04 02:25:24 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/04 02:23:00 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/04 02:17:51 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/06/04 02:16:42 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2009/06/04 02:16:41 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2009/06/04 02:16:41 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2009/06/04 02:13:18 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2009/03/18 23:59:56 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2009/02/25 06:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/11 06:19:24 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk)
DRV - [2009/02/07 05:28:24 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkl.sys -- (niufurk)
DRV - [2009/02/07 05:28:24 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk)
DRV - [2009/02/07 05:28:24 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk)
DRV - [2009/02/07 05:28:22 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk)
DRV - [2009/02/07 05:28:22 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk)
DRV - [2009/02/07 05:28:22 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk)
DRV - [2009/02/07 05:28:20 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicsrkl.sys -- (nicsrk)
DRV - [2009/02/06 14:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/01/07 16:03:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/01/07 04:51:10 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nifslkl.sys -- (nifslk)
DRV - [2009/01/05 21:30:36 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark)
DRV - [2009/01/05 21:28:24 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk)
DRV - [2009/01/05 21:28:22 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk)
DRV - [2009/01/03 05:54:08 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork)
DRV - [2009/01/03 05:40:54 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk)
DRV - [2009/01/03 05:37:02 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k)
DRV - [2009/01/03 05:02:06 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk)
DRV - [2008/12/30 05:24:52 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk)
DRV - [2008/12/30 05:21:38 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk)
DRV - [2008/12/30 05:18:36 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk)
DRV - [2008/12/30 05:17:34 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk)
DRV - [2008/12/19 04:56:34 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)
DRV - [2008/12/16 13:58:44 | 000,592,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2008/12/16 13:57:00 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2008/12/16 13:55:34 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2008/12/06 03:21:24 | 000,020,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk)
DRV - [2008/12/05 21:05:00 | 006,620,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/24 13:42:02 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k)
DRV - [2008/11/12 01:53:32 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k)
DRV - [2008/11/12 01:52:50 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)
DRV - [2008/11/12 01:50:36 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)
DRV - [2008/11/11 11:36:38 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk)
DRV - [2008/11/11 11:36:38 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk)
DRV - [2008/09/29 22:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/08/22 08:04:58 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2008/08/09 04:04:19 | 000,062,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2008/08/09 04:04:19 | 000,034,992 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2008/08/09 04:04:19 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2008/08/09 04:04:19 | 000,011,696 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2008/08/09 04:04:18 | 000,092,592 | ---- | M] (VMware, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\hgfs.sys -- (hgfs)
DRV - [2008/08/09 04:04:18 | 000,015,408 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2008/07/30 21:59:00 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk)
DRV - [2008/07/30 21:58:42 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk)
DRV - [2008/07/29 03:08:36 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/26 18:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/25 23:02:24 | 000,020,568 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)
DRV - [2008/06/14 04:42:56 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/06/14 02:51:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)
DRV - [2008/06/14 02:50:38 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)
DRV - [2008/06/14 02:49:04 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)
DRV - [2008/06/14 02:48:32 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)
DRV - [2008/05/15 04:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/15 04:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/13 10:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/04/19 03:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 22:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/07/07 08:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/07/07 08:11:40 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/07/07 08:09:48 | 000,007,680 | ---- | M] (Altera Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pgdhdlc.sys -- (AlteraByteBlaster)
DRV - [2007/07/04 06:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/31 04:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/31 04:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/31 04:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (AlteraUSBBlaster)
DRV - [2004/12/01 04:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2003/07/10 03:31:28 | 000,043,776 | ---- | M] (STMicroelectronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\parstm.sys -- (STM Parallel Driver)
DRV - [2003/05/08 22:44:14 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\par1284.sys -- (par1284)
DRV - [2001/08/17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.uoit.ca/mycampus/ [binary data]
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uoit.ca/
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182332\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182332\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182332\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 22:03:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 03:03:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/21 06:20:37 | 000,000,000 | ---D | M]

[2009/05/27 00:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100341072\Application Data\Mozilla\Extensions
[2010/08/06 09:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100341072\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions
[2010/07/25 22:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\100341072\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/03 06:18:53 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\100341072\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/08/03 06:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100341072\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\firebug@software.joehewitt.com
[2010/08/06 09:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 01:26:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/02/08 22:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2007/07/25 06:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv85win32.dll
[2008/12/11 02:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll
[2008/10/09 15:58:40 | 000,044,288 | ---- | M] (MeadCo Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npmeadax.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1644491937-682003330-725345543-182332..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent .exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182332\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1232121137750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1232126903781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncampus.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\tphotkey: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\TPSvc: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\100341072\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\100341072\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (yabbbb.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/20 01:02:47 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/05/05 23:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ce20464-5c5f-11df-b56f-001fe17c14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce20464-5c5f-11df-b56f-001fe17c14b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ce20464-5c5f-11df-b56f-001fe17c14b5}\Shell\AutoRun\command - "" = G:\laucher.exe -- File not found
O33 - MountPoints2\{2ce20465-5c5f-11df-b56f-001fe17c14b5}\Shell\AutoRun\command - "" = H:\POJELA\macajezik.exe -- File not found
O33 - MountPoints2\{2ce20465-5c5f-11df-b56f-001fe17c14b5}\Shell\open\command - "" = H:\POJELA\macajezik.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "iPod Service"
MsConfig - StartUpFolder: C:^Documents and Settings^100341072^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^100341072^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Assistant 6 Startup.lnk - C:\PROGRA~1\Zabaware\ULTRAH~1\HalAsst.exe - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: FingerPrintSoftware - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - D:\My Documents\Downloads\utorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: VMware Tools - hkey= - key= - C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
MsConfig - StartUpReg: VMware User Process - hkey= - key= - C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1F3A4165-4E73-FBF1-1321-2100B39BB9ED} - IE7 Uninstall Stub
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {518FC77F-F07A-C0C0-FD97-D3383506E7AA} - Vector Graphics Rendering (VML)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5C59A98D-5EAA-5738-E175-AD0FC7A8967D} - Dynamic HTML Data Binding for Java
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A3DBC928-DB88-DDFE-8507-E6579A715834} - Browser Customizations
ActiveX: {A8B6F571-EA7C-4128-811A-E1CD38334387} - .NET Framework
ActiveX: {ACAE2544-D2AA-B4F8-11AF-CB69F39E5E54} - Themes Setup
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {D6FE8097-AE17-AC73-902E-D0A47643DB66} - IE7 Uninstall Stub
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E1FB4837-2B36-6B40-3EC3-B2DCD8CACAD4} - Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F0BC0B55-5332-704C-BED0-1FEC6864D3A5} - DirectAnimation
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: {FD7D8439-9D70-98D4-7DA6-BDA86C33D7AA} -
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/18 16:00:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\100341072\Desktop\OTL.exe
[2010/08/18 15:11:29 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Copy of explorer.exe
[2010/08/17 12:15:20 | 003,373,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP6R.DLL
[2010/08/17 12:15:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP6RENU.DLL
[2010/08/17 12:15:20 | 000,024,990 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP6RUN.EXE
[2010/08/17 12:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Local Settings\Application Data\Help
[2010/08/17 12:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\Help
[2010/08/17 09:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\W
[2010/08/17 02:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Desktop\Blitz3DSDK1.0
[2010/08/17 02:31:21 | 000,700,416 | ---- | C] (Blitz Research Limited) -- C:\WINDOWS\System32\B3D.dll
[2010/08/17 00:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Local Settings\Application Data\Tiny Tanks Online
[2010/08/16 23:11:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/16 12:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Desktop\Samples
[2010/08/16 12:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Desktop\RUST
[2010/08/16 10:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\wargaming.net
[2010/08/12 21:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2010/08/12 15:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/08/11 06:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Local Settings\Application Data\76561198028801818
[2010/08/11 01:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Local Settings\Application Data\DogFighter
[2010/08/09 12:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/08/06 07:59:38 | 000,000,000 | ---D | C] -- C:\WinAVR-20100110
[2010/08/06 07:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atmel
[2010/08/06 07:35:09 | 000,143,360 | ---- | C] (Jungo) -- C:\WINDOWS\System32\wdapi1001.dll
[2010/08/06 07:35:09 | 000,102,400 | ---- | C] (Jungo) -- C:\WINDOWS\System32\wdapi811.dll
[2010/08/06 07:34:44 | 000,143,360 | ---- | C] (Jungo) -- C:\WINDOWS\System32\wdapi1010.dll
[2010/08/06 07:34:44 | 000,143,360 | ---- | C] (Jungo) -- C:\WINDOWS\System32\wdapi1002.dll
[2010/08/06 07:34:42 | 005,752,320 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\BCGCBPRO103090.dll
[2010/08/06 07:34:42 | 004,419,584 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\BCGCBPRO10180.dll
[2010/08/06 07:34:42 | 000,073,728 | ---- | C] (Rogue Wave Software Inc) -- C:\WINDOWS\System32\RWUXThemeS.dll
[2010/08/06 07:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Atmel
[2010/08/04 05:09:53 | 000,000,000 | R--D | C] -- D:\My Documents\My Dropbox
[2010/08/04 05:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\Dropbox
[2010/08/03 12:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/08/03 12:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\Notepad++
[2010/08/03 08:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SWiSHMax2WorkFolder
[2010/08/03 08:28:44 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/08/03 08:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWiSHzone.com
[2010/08/01 03:23:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/08/01 03:23:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/08/01 03:23:18 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/08/01 03:23:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/08/01 03:23:15 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/08/01 03:23:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/08/01 03:23:12 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/08/01 03:23:10 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/08/01 03:23:08 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/08/01 03:23:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/08/01 03:23:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/08/01 03:23:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/08/01 03:23:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/08/01 03:23:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/08/01 03:23:00 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/08/01 03:22:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/08/01 03:22:56 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/08/01 03:22:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/08/01 03:22:52 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/07/23 12:16:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\100341072\Recent
[2010/07/22 12:27:29 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
[2010/07/22 12:26:53 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
[2010/07/22 12:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2010/07/22 11:41:45 | 000,000,000 | ---D | C] -- D:\My Documents\Visual Studio 2005
[2010/07/22 11:41:39 | 000,000,000 | ---D | C] -- D:\My Documents\SQL Server Management Studio Express
[2010/07/22 11:34:45 | 000,604,416 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/07/22 11:34:44 | 000,361,216 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/07/22 11:34:44 | 000,028,928 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/07/22 11:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\TuneUp Software
[2010/07/22 11:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/07/22 11:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2010/07/22 11:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Desktop\ICON
[2010/07/22 11:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Visual Studio 2005Templates
[2010/07/22 11:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Visual Studio 2005
[2010/07/22 11:11:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/07/22 03:46:25 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\100341072\Desktop\RootRepeal.exe
[2010/07/22 03:38:35 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\100341072\Desktop\cmd.exe
[2010/07/21 11:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/07/21 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/21 09:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Local Settings\Application Data\ESET
[2010/07/21 06:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\100341072\Application Data\ESET
[2010/07/21 06:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/21 06:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/20 23:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QWED
[2010/07/20 15:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\QWED
[2010/07/20 15:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QWED
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/18 16:05:23 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\100341072\ntuser.dat
[2010/08/18 16:00:56 | 000,067,519 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/08/18 16:00:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/08/18 15:57:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\100341072\Desktop\OTL.exe
[2010/08/18 15:34:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/18 15:34:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/18 15:34:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/18 15:34:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/18 15:34:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/18 15:34:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/18 15:34:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\100341072\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/18 15:09:27 | 000,730,246 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/18 15:09:27 | 000,592,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/18 15:09:27 | 000,123,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/18 15:04:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/18 15:04:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/18 15:03:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\100341072\ntuser.ini
[2010/08/18 13:02:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 05:36:21 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\100341072\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 14:46:16 | 000,001,387 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\cmd.exe.lnk
[2010/08/17 14:10:42 | 000,000,477 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/17 13:55:26 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Shortcut to cmd.exe.lnk
[2010/08/17 12:15:20 | 003,373,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP6R.DLL
[2010/08/17 12:15:20 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP6RENU.DLL
[2010/08/17 12:15:20 | 000,024,990 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP6RUN.EXE
[2010/08/17 07:45:55 | 000,057,754 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Add_Drop_course_form.pdf
[2010/08/17 03:25:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/08/17 03:24:46 | 000,037,255 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/08/17 02:44:05 | 000,700,416 | ---- | M] (Blitz Research Limited) -- C:\WINDOWS\System32\B3D.dll
[2010/08/16 21:49:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/16 11:48:07 | 000,067,519 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/08/12 13:21:03 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Source SDK.url
[2010/08/12 12:38:33 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\SpeedFan.lnk
[2010/08/12 12:38:32 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/08/12 11:37:53 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Half-Life 2.url
[2010/08/12 03:45:34 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\100341072\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/12 03:31:51 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\The Scourge Project Ep 1 - 2 Demo.url
[2010/08/12 03:20:44 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Pirates, Vikings, and Knights II.url
[2010/08/11 12:02:57 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Alien Swarm.url
[2010/08/11 06:47:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/08/11 06:47:32 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/08/11 01:29:50 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Kane & Lynch 2 - Dog Days Demo.url
[2010/08/10 13:05:47 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/08/09 12:10:58 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Crimsonland.lnk
[2010/08/05 23:47:57 | 002,644,284 | -H-- | M] () -- C:\Documents and Settings\100341072\Local Settings\Application Data\IconCache.db
[2010/08/05 09:33:55 | 000,113,745 | ---- | M] () -- D:\My Documents\USB.docx
[2010/08/05 09:21:54 | 000,000,162 | -H-- | M] () -- D:\My Documents\~$USB.docx
[2010/08/05 05:08:33 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Shortcut to ST.exe (2).lnk
[2010/08/04 23:12:42 | 000,062,764 | ---- | M] () -- D:\My Documents\circuit.xlsx
[2010/08/04 02:42:24 | 000,039,921 | ---- | M] () -- D:\My Documents\modulator v2 design.docx
[2010/08/04 02:42:24 | 000,000,162 | -H-- | M] () -- D:\My Documents\~$dulator v2 design.docx
[2010/08/04 02:23:56 | 000,000,165 | -H-- | M] () -- D:\My Documents\~$circuit.xlsx
[2010/08/04 00:22:37 | 000,002,745 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\chat.php
[2010/08/04 00:21:01 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\chatapp.php
[2010/08/04 00:14:16 | 000,380,928 | ---- | M] () -- D:\My Documents\memebers.accdb
[2010/08/03 13:27:35 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\javscripttest.html
[2010/08/03 12:18:38 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\Movie2.html
[2010/08/03 12:00:17 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2010/08/03 10:56:40 | 000,020,796 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\callback.js
[2010/08/03 08:49:39 | 000,028,996 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\gunship.swf
[2010/08/03 08:28:39 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\SWiSH Max2.lnk
[2010/07/28 22:30:55 | 000,000,610 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/28 22:30:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/22 13:15:54 | 000,057,549 | ---- | M] () -- D:\My Documents\OSAP Digital.docx
[2010/07/22 13:12:38 | 000,076,177 | ---- | M] () -- D:\My Documents\pulse gen report.docx
[2010/07/22 11:37:12 | 000,000,212 | ---- | M] () -- C:\WINDOWS\ildasmfnt.bin
[2010/07/22 11:34:45 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/07/22 11:34:44 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/07/22 11:34:29 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/07/22 11:34:28 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010/07/22 10:17:27 | 000,032,741 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\sql setup2.JPG
[2010/07/22 10:10:47 | 000,068,027 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\sql setup.JPG
[2010/07/22 04:27:05 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\dds.pif
[2010/07/22 03:55:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\settings.dat
[2010/07/22 02:51:56 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\RootRepeal.zip
[2010/07/21 23:26:50 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\100341072\Local Settings\Application Data\PUTTY.RND
[2010/07/21 13:23:06 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\mbr.exe
[2010/07/21 12:47:49 | 000,171,904 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\FixMebroot.exe
[2010/07/21 12:02:28 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\dds.scr
[2010/07/21 11:43:11 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\100341072\Desktop\CCleaner.lnk
[2010/07/21 04:56:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/21 04:32:11 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 08:12:18 | 000,017,482 | ---- | M] () -- D:\My Documents\Osap appeal 2010 Neville Ekka.docx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 14:34:37 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\cmd.exe.lnk
[2010/08/17 13:38:48 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Shortcut to cmd.exe.lnk
[2010/08/17 07:45:55 | 000,057,754 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Add_Drop_course_form.pdf
[2010/08/16 08:45:42 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Shortcut to Blitz3D.lnk
[2010/08/12 13:21:03 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Source SDK.url
[2010/08/12 12:38:33 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\SpeedFan.lnk
[2010/08/12 12:38:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/08/12 11:37:53 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Half-Life 2.url
[2010/08/12 03:31:51 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\The Scourge Project Ep 1 - 2 Demo.url
[2010/08/12 03:20:44 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Pirates, Vikings, and Knights II.url
[2010/08/11 12:02:57 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Alien Swarm.url
[2010/08/11 01:29:50 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Kane & Lynch 2 - Dog Days Demo.url
[2010/08/10 04:02:38 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/08/09 12:10:58 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Crimsonland.lnk
[2010/08/06 07:34:42 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2010/08/05 09:21:54 | 000,000,162 | -H-- | C] () -- D:\My Documents\~$USB.docx
[2010/08/05 09:21:53 | 000,113,745 | ---- | C] () -- D:\My Documents\USB.docx
[2010/08/05 05:08:35 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Shortcut to ST.exe (2).lnk
[2010/08/04 02:42:24 | 000,039,921 | ---- | C] () -- D:\My Documents\modulator v2 design.docx
[2010/08/04 02:42:24 | 000,000,162 | -H-- | C] () -- D:\My Documents\~$dulator v2 design.docx
[2010/08/04 02:23:04 | 000,000,165 | -H-- | C] () -- D:\My Documents\~$circuit.xlsx
[2010/08/04 00:22:37 | 000,002,745 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\chat.php
[2010/08/04 00:20:38 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\chatapp.php
[2010/08/03 14:38:55 | 000,380,928 | ---- | C] () -- D:\My Documents\memebers.accdb
[2010/08/03 12:18:38 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\Movie2.html
[2010/08/03 12:00:17 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2010/08/03 10:56:11 | 000,020,796 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\callback.js
[2010/08/03 08:56:03 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\javscripttest.html
[2010/08/03 08:48:49 | 000,028,996 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\gunship.swf
[2010/08/03 08:28:39 | 000,000,411 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\SWiSH Max2.lnk
[2010/07/28 13:47:38 | 000,062,764 | ---- | C] () -- D:\My Documents\circuit.xlsx
[2010/07/24 07:06:04 | 000,016,924 | ---- | C] () -- C:\Documents and Settings\100341072\qms-bmh3.bmp
[2010/07/24 07:06:04 | 000,016,924 | ---- | C] () -- C:\Documents and Settings\100341072\qms-bmh2.bmp
[2010/07/24 07:06:04 | 000,016,924 | ---- | C] () -- C:\Documents and Settings\100341072\qms-bmh1.bmp
[2010/07/22 11:37:12 | 000,000,212 | ---- | C] () -- C:\WINDOWS\ildasmfnt.bin
[2010/07/22 11:34:39 | 000,000,494 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/22 11:22:19 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/07/22 11:22:19 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010/07/22 10:17:27 | 000,032,741 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\sql setup2.JPG
[2010/07/22 10:10:47 | 000,068,027 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\sql setup.JPG
[2010/07/22 04:27:05 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\dds.pif
[2010/07/22 03:55:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\settings.dat
[2010/07/22 03:54:56 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\100341072\mbr.log
[2010/07/22 03:38:28 | 000,171,904 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\FixMebroot.exe
[2010/07/22 03:38:21 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\mbr.exe
[2010/07/22 02:51:56 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\RootRepeal.zip
[2010/07/21 23:25:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\100341072\Local Settings\Application Data\PUTTY.RND
[2010/07/21 15:21:36 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\100341072\sqlprov.log
[2010/07/21 12:02:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\dds.scr
[2010/07/21 11:43:11 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\100341072\Desktop\CCleaner.lnk
[2010/07/21 04:32:11 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 06:07:01 | 000,057,549 | ---- | C] () -- D:\My Documents\OSAP Digital.docx
[2010/07/18 02:20:07 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2010/07/17 23:40:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\w65k248Av.dat
[2010/06/19 13:33:01 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/05/14 07:52:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\stdics32.dll
[2010/05/14 07:52:28 | 000,005,392 | R--- | C] () -- C:\WINDOWS\System32\stdics16.dll
[2010/05/10 14:35:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\BWAsettings.ini
[2010/05/09 07:22:20 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\100341072\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 03:37:03 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\100341072\Application Data\winscp.rnd
[2009/08/14 04:29:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pxiesys.ini
[2009/08/14 04:29:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini
[2009/08/07 00:31:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/08/07 00:31:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/08/07 00:31:49 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/08/07 00:17:25 | 000,013,600 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2009/08/06 23:13:23 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2009/08/06 23:13:23 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2009/08/06 23:13:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2009/07/06 22:23:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/07/06 22:23:14 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/07/04 00:43:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/04 00:43:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/04 00:43:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/04 00:43:14 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/04 05:21:35 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/06/04 02:32:40 | 000,906,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/04 02:32:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/04 02:11:45 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/06/03 01:48:08 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009/05/28 00:53:07 | 000,000,055 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/21 05:21:30 | 000,000,306 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/08 06:20:24 | 000,050,208 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll
[2009/01/05 21:28:24 | 000,070,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll
[2009/01/05 21:28:12 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2008/12/16 13:57:20 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2008/08/09 04:04:15 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\TPVMMonUIjpn.dll
[2008/08/09 04:04:15 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\TPVMMonjpn.dll
[2008/06/14 03:47:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2008/04/07 22:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2008/01/04 17:22:16 | 000,245,760 | R--- | C] () -- C:\WINDOWS\System32\setupsup.dll
[2007/02/05 23:25:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/10 21:44:26 | 001,457,024 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1996/03/22 11:32:26 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\DLWBC31.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/17 00:09:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/17 00:09:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS

< MD5 for: AHCIX86.SYS >
[2009/06/04 02:27:20 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\WINDOWS\inf\UIU\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/17 00:09:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/17 00:09:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/01/24 05:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2009a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 02:22:04 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\inf\UIU\T2\iastor.sys
[2008/11/04 05:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\DRIVERS\IAStor\IaStor.sys
[2009/06/04 02:14:29 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\WINDOWS\inf\UIU\iastor.sys
[2009/06/04 02:29:58 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\WINDOWS\inf\UIU\T3\iastor.sys
[2009/06/04 02:29:58 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2009/06/04 02:19:52 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\WINDOWS\inf\UIU\T1\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2009/06/04 02:25:23 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\WINDOWS\inf\UIU\T2\nvata.sys
[2009/06/04 02:25:21 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\inf\UIU\T1\nvata.sys

< MD5 for: NVATABUS.SYS >
[2009/06/04 02:14:14 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\inf\UIU\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2009/06/04 02:25:49 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\WINDOWS\inf\UIU\T1\nvgts.sys
[2009/06/04 02:25:49 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\WINDOWS\inf\UIU\T3\nvgts.sys

< MD5 for: NVRAID.SYS >
[2009/06/04 02:14:18 | 000,077,184 | ---- | M] (NVIDIA Corporation) MD5=3BC8B9D8A744DF75698FE35D52F18A0A -- C:\WINDOWS\inf\UIU\nvraid.sys

< MD5 for: NVRD32.SYS >
[2009/06/04 02:25:54 | 000,125,440 | ---- | M] (NVIDIA Corporation) MD5=B71BFBC2FE958A6DA1E31357E03AD545 -- C:\WINDOWS\inf\UIU\T1\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2009/06/04 02:25:38 | 000,093,056 | ---- | M] (LSI Logic) MD5=164FCA8F1489278A6D5A41F8CF99D295 -- C:\WINDOWS\inf\UIU\T2\symmpi.sys
[2009/06/04 02:17:49 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\inf\UIU\T1\symmpi.sys
[2009/06/04 02:25:38 | 000,103,552 | ---- | M] (LSI Logic) MD5=C9480E5D9D7C19AD3B66692234519A4E -- C:\WINDOWS\inf\UIU\T3\symmpi.sys
[2009/06/04 02:11:49 | 000,036,096 | ---- | M] (LSI Logic) MD5=EA776423FA3762802A19A6A74310730A -- C:\WINDOWS\inf\UIU\symmpi.sys

< MD5 for: VIAMRAID.SYS >
[2009/06/04 02:16:25 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\inf\UIU\viamraid.sys
[2009/06/04 02:19:47 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\WINDOWS\inf\UIU\T1\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/06/30 00:12:14 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/06/30 00:12:14 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 08:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/14 08:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/05/19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2008/04/14 02:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/14 08:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/14 08:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/14 08:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/14 08:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/14 08:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/14 08:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/14 01:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/05/05 19:13:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/05 19:13:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/05 19:13:23 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/18 02:20:08 | 000,125,056 | ---- | M] () -- C:\WINDOWS\system32\drivers\ftdisk.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32:msnmsgr
< End of report >

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 18 August 2010 - 05:30 PM

Hi,

could you please a summary of what is wrong with the PC right now.

Please run a scan with MBRCheck:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

As well as a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 intense nex

intense nex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 19 August 2010 - 01:48 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-20 00:27:26
Windows 5.1.2600 Service Pack 3
Running: wr488ihg.exe; Driver: C:\DOCUME~1\100341~1\LOCALS~1\Temp\ufxoykog.sys


---- System - GMER 1.0.15 ----

SSDT 898FB580 ZwAssignProcessToJobObject
SSDT 898FC100 ZwDebugActiveProcess
SSDT 898FBB30 ZwDuplicateObject
SSDT 898FACC0 ZwOpenProcess
SSDT 898FAFC0 ZwOpenThread
SSDT 898FB9C0 ZwProtectVirtualMemory
SSDT 898FB860 ZwSetContextThread
SSDT 898FB6E0 ZwSetInformationThread
SSDT 898F8700 ZwSetSecurityObject
SSDT 898FB420 ZwSuspendProcess
SSDT 898FB2C0 ZwSuspendThread
SSDT 898FAE50 ZwTerminateProcess
SSDT 898FB150 ZwTerminateThread
SSDT 898FBF50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7E59360, 0x388D2D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351F8F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351F54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351E9C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351ED6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E351FCA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[432] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35218C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 432

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@Status 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@RsopStatus -2147024846
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@LastPolicyTime 15960427
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@PrevSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@PrevRsopLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ForceRefreshFG 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@ Group Policy Environment
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@ProcessGroupPolicy ProcessGroupPolicyEnviron
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@GenerateGroupPolicy GenerateGroupPolicyEnviron
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@ProcessGroupPolicyEx 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@EventSources (Group Policy Environment,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@DisplayName @gpprefcl.dll,-1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@ Group Policy Local Users and Groups
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@ProcessGroupPolicy ProcessGroupPolicyLocUsAndGroups
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@GenerateGroupPolicy GenerateGroupPolicyLocUsAndGroups
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@ProcessGroupPolicyEx ProcessGroupPolicyExLocUsAndGroups
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@EventSources (Group Policy Local Users and Groups,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@DisplayName @gpprefcl.dll,-2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@ Group Policy Device Settings
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@ProcessGroupPolicy ProcessGroupPolicyDevices
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@GenerateGroupPolicy GenerateGroupPolicyDevices
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@ProcessGroupPolicyEx ProcessGroupPolicyExDevices
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@EventSources (Group Policy Device Settings,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@DisplayName @gpprefcl.dll,-3
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}@Status 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}@RsopStatus 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}@LastPolicyTime 15960427
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}@PrevSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}@PrevRsopLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}@ForceRefreshFG 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@Status -2147024894
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RsopStatus -2147024846
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@LastPolicyTime 15960439
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PrevSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PrevRsopLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ForceRefreshFG 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@ Group Policy Network Options
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@ProcessGroupPolicy ProcessGroupPolicyNetworkOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@GenerateGroupPolicy GenerateGroupPolicyNetworkOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@ProcessGroupPolicyEx ProcessGroupPolicyExNetworkOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@EventSources (Group Policy Network Options,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@DisplayName @gpprefcl.dll,-4
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @iedkcs32.dll,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@ Group Policy Drive Maps
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@ProcessGroupPolicy ProcessGroupPolicyDrives
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@GenerateGroupPolicy GenerateGroupPolicyDrives
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@ProcessGroupPolicyEx ProcessGroupPolicyExDrives
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@EventSources (Group Policy Drive Maps,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@DisplayName @gpprefcl.dll,-5
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@ Group Policy Folders
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@ProcessGroupPolicy ProcessGroupPolicyFolders
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@GenerateGroupPolicy GenerateGroupPolicyFolders
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@ProcessGroupPolicyEx ProcessGroupPolicyExFolders
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@EventSources (Group Policy Folders,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@DisplayName @gpprefcl.dll,-6
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}@EnableAsynchronousProcessing
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@ Group Policy Network Shares
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@ProcessGroupPolicy ProcessGroupPolicyNetShares
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@GenerateGroupPolicy GenerateGroupPolicyNetShares
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@ProcessGroupPolicyEx ProcessGroupPolicyExNetShares
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@EventSources (Group Policy Network Shares,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@DisplayName @gpprefcl.dll,-7
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@ Group Policy Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@ProcessGroupPolicy ProcessGroupPolicyFiles
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@GenerateGroupPolicy GenerateGroupPolicyFiles
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@ProcessGroupPolicyEx ProcessGroupPolicyExFiles
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@EventSources (Group Policy Files,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@DisplayName @gpprefcl.dll,-8
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@ Group Policy Data Sources
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@ProcessGroupPolicy ProcessGroupPolicyDataSources
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@GenerateGroupPolicy GenerateGroupPolicyDataSources
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@ProcessGroupPolicyEx ProcessGroupPolicyExDataSources
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@EventSources (Group Policy Data Sources,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@DisplayName @gpprefcl.dll,-9
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@ Group Policy Ini Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@ProcessGroupPolicy ProcessGroupPolicyIniFile
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@GenerateGroupPolicy GenerateGroupPolicyIniFile
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@ProcessGroupPolicyEx ProcessGroupPolicyExIniFile
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@EventSources (Group Policy Ini Files,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@DisplayName @gpprefcl.dll,-10
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@PreviousPolicyAreas 137
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@Status 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@RsopStatus 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@LastPolicyTime 15977870
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@PrevSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@PrevRsopLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ForceRefreshFG 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@ Group Policy Services
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@ProcessGroupPolicy ProcessGroupPolicyServices
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@GenerateGroupPolicy GenerateGroupPolicyServices
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@ProcessGroupPolicyEx ProcessGroupPolicyExServices
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@EventSources (Group Policy Services,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@DisplayName @gpprefcl.dll,-11
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @iedkcs32.dll,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@ Group Policy Folder Options
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@ProcessGroupPolicy ProcessGroupPolicyFolderOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@GenerateGroupPolicy GenerateGroupPolicyFolderOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@ProcessGroupPolicyEx ProcessGroupPolicyExFolderOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@EventSources (Group Policy Folder Options,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@DisplayName @gpprefcl.dll,-12
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@ Group Policy Scheduled Tasks
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@ProcessGroupPolicy ProcessGroupPolicySchedTasks
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@GenerateGroupPolicy GenerateGroupPolicySchedTasks
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@ProcessGroupPolicyEx ProcessGroupPolicyExSchedTasks
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@EventSources (Group Policy Scheduled Tasks,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@DisplayName @gpprefcl.dll,-13
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@ Group Policy Registry
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@ProcessGroupPolicy ProcessGroupPolicyRegistry
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@GenerateGroupPolicy GenerateGroupPolicyRegistry
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@ProcessGroupPolicyEx ProcessGroupPolicyExRegistry
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@EventSources (Group Policy Registry,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@DisplayName @gpprefcl.dll,-14
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@Status 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RsopStatus -2147024846
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@LastPolicyTime 15960427
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@PrevSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@PrevRsopLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ForceRefreshFG 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@ Group Policy Printers
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@ProcessGroupPolicy ProcessGroupPolicyPrinters
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@GenerateGroupPolicy GenerateGroupPolicyPrinters
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@ProcessGroupPolicyEx ProcessGroupPolicyExPrinters
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@EventSources (Group Policy Printers,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@DisplayName @gpprefcl.dll,-16
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@ Group Policy Shortcuts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@ProcessGroupPolicy ProcessGroupPolicyShortcuts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@GenerateGroupPolicy GenerateGroupPolicyShortcuts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@ProcessGroupPolicyEx ProcessGroupPolicyExShortcuts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@EventSources (Group Policy Shortcuts,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@DisplayName @gpprefcl.dll,-17
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@ Group Policy Internet Settings
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@ProcessGroupPolicy ProcessGroupPolicyShortcuts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@GenerateGroupPolicy GenerateGroupPolicyInternet
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@ProcessGroupPolicyEx ProcessGroupPolicyExInternet
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@EventSources (Group Policy Internet Settings,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@DisplayName @gpprefcl.dll,-18
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@ Group Policy Start Menu Settings
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@ProcessGroupPolicy ProcessGroupPolicyStartMenu
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@GenerateGroupPolicy GenerateGroupPolicyStartMenu
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@ProcessGroupPolicyEx ProcessGroupPolicyExStartMenu
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@EventSources (Group Policy Start Menu Settings,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@DisplayName @gpprefcl.dll,-19
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@ Group Policy Regional Options
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@ProcessGroupPolicy ProcessGroupPolicyRegionOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@GenerateGroupPolicy GenerateGroupPolicyRegionOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@ProcessGroupPolicyEx ProcessGroupPolicyExRegionOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@EventSources (Group Policy Regional Options,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@DisplayName @gpprefcl.dll,-20
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@ Group Policy Power Options
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@ProcessGroupPolicy ProcessGroupPolicyPowerOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@GenerateGroupPolicy GenerateGroupPolicyPowerOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@ProcessGroupPolicyEx ProcessGroupPolicyExPowerOptions
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@EventSources (Group Policy Power Options,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@DisplayName @gpprefcl.dll,-21
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@ Group Policy Applications
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@ProcessGroupPolicy ProcessGroupPolicyApplications
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@DllName gpprefcl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@GenerateGroupPolicy GenerateGroupPolicyApplications
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@ProcessGroupPolicyEx ProcessGroupPolicyExApplications
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@EventSources (Group Policy Applications,Application)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@DisplayName @gpprefcl.dll,-15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2@DllName C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2@Unlock Unlock_Notify_fnf2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@DllName C:\Program Files\Lenovo\HOTKEY\tphklock.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Startup WLEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Shutdown WLEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Logon WLEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Lock WLEventLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Unlock WLEventUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc@DllName TPSvc.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Logon WLEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Startup WLEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Shutdown WLEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@StartScreenSaver WLEventStartScreenSaver
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@StopScreenSaver WLEventStopScreenSaver
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Lock WLEventLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Unlock WLEventUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@StartShell WLEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@PostShell WLEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Disconnect WLEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Reconnect WLEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@SafeMode 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@MaxWait -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DllName WgaLogon.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Event 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@InstallEvent 1.9.0040.0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings@Data 0x01 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@Status 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RsopStatus 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@LastPolicyTime 15960697
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PrevSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PrevRsopLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-1644491937-682003330-725345543-182332\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ForceRefreshFG 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536

---- Files - GMER 1.0.15 ----

File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.2.1]\lv82rte\chs.mst 194560 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.2.1]\lv82rte\deu.mst 202752 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.2.1]\lv82rte\fra.mst 203776 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.2.1]\lv82rte\jpn.mst 38912 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.2.1]\lv82rte\kor.mst 202240 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.2.1]\lv82rte\lv82runtime.msi 24752640 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.5.1]\lv85rte\chs.mst 154624 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.5.1]\lv85rte\deu.mst 102400 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.5.1]\lv85rte\fra.mst 111616 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.5.1]\lv85rte\jpn.mst 746496 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.5.1]\lv85rte\kor.mst 309248 bytes
File C:\Program Files\National Instruments\Shared\ProductCache\NI LabVIEW Rutime Engine [8.5.1]\lv85rte\lv85runtime.msi 24762880 bytes

---- EOF - GMER 1.0.15 ----


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 19 August 2010 - 03:39 PM

Hi,

please also post the log from MBRCheck I asked for.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 25 August 2010 - 08:50 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users