Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firewall, av & mw apps disabled & unable to open or dl anythin


  • This topic is locked This topic is locked

#1
slimc33

slimc33

    Member

  • Member
  • PipPip
  • 25 posts
Hi there,

yesterday I noticed that my outpost firewall was disabled, avg was not protecting either. I tried to open the respective apps but was a no go. I then tried to open spybot this did not open either. I tried to activate the windows firewall through the control panel however was unable to do this 'due to an unidentified problem'. I uninstalled avg as it was failing to update and respond to requests to scan, avg kept popping to inform me that the computer was unprotected. I went to majorgeeks to dl a new av app, everytime i go to the dl page for any av app the 'internet explorer can not display the web page' comes up. I am however able to freely surf for anything else and stream but not dl any security software. I followed the instructions to ensure tls and ssl enabled which they were.

I have been able to use ccleaner effectively clearin almost everything including a manual run command to clean the DNS. I also have advanced systemcare 6 installed and for what help that may offer ive ran that a couple of times too. I have also reset my router and disconnected the power to it for several minutes before reconnecting alas no difference.

Ive tried to open in safe mode to see if i can run apps from there but will only boot when i press start with last good config. I tried all the others like safe mode and safe mode with networking but not booting them. I was still unable to start any security apps by doing this. I also tried to system restore but said after that it was able to restore back.


please find below the OTL log requested

PRC - [2001/05/09 19:07:08 | 000,065,536 | ---- | M] (Aiptek) -- C:\WINDOWS\system32\wt32exe.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/26 10:22:42 | 001,228,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\Scan.dll
MOD - [2012/06/25 13:33:22 | 008,648,064 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\WebUI.dll
MOD - [2012/06/20 19:07:36 | 000,140,672 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012/06/10 10:21:44 | 000,516,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/05 00:17:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2001/05/09 19:07:08 | 000,065,536 | ---- | M] (Aiptek) [Auto | Running] -- C:\WINDOWS\system32\wt32exe.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\admin\LOCALS~1\Temp\xrdqfhoy.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ddnt.sys -- (ddnt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/10/27 19:13:54 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/10/27 19:13:52 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/10/27 19:13:30 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2005/11/25 13:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2005/06/08 07:13:00 | 000,025,088 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2005/06/08 04:02:06 | 000,033,280 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2005/03/09 06:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/15 13:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5)
DRV - [2004/09/15 13:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m)
DRV - [2001/07/05 14:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp)
DRV - [2001/07/05 14:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 14:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud)
DRV - [2000/06/07 16:50:28 | 000,023,125 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tablet.sys -- (tablet)
DRV - [2000/06/07 14:13:44 | 000,007,383 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbfilter.sys -- (tbfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...1I7BBKB_enGB508
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2013/01/04 14:20:59 | 000,444,947 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15285 more lines...
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (Advanced SystemCare Surfing Protection) - {C262D7CF-4AE3-41C8-937A-BC727ABE907F} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [tblfunc] C:\WINDOWS\System32\tblmouse.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\wpbt0.dll ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [RreKiwyv] C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Update] C:\WINDOWS\system32\wpbt0.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340800224473 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340800215926 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43CA179-1B95-4671-B012-3AC86E772627}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe) - C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/28 15:14:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 14:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/15 14:13:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2013/01/14 16:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Avg2013
[2013/01/14 16:47:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/13 13:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\noels ideas
[2013/01/12 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\one day
[2013/01/09 09:37:17 | 000,021,376 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/01/09 09:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Opera
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\AppData
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\IObit
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
[2013/01/09 09:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/01/09 09:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/01/08 11:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\New Folder
[2013/01/07 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\New Folder
[2013/01/06 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\XnView
[2013/01/06 11:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XnView
[2013/01/06 11:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2013/01/04 14:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Craig's
[2013/01/04 14:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Jo's
[2013/01/04 14:24:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2013/01/03 21:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2013/01/03 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/03 21:27:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
[2013/01/03 20:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/01/03 20:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/01/03 20:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Real
[2013/01/03 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\CyberLink
[2013/01/03 20:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\CyberLink
[2013/01/03 19:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/01/03 19:35:39 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2013/01/03 19:35:21 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2013/01/03 19:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2013/01/03 19:31:52 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2013/01/03 19:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2013/01/03 19:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2013/01/03 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Lasui
[2013/01/03 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Bipuu
[2013/01/03 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ahon
[2013/01/03 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Xyicdu
[2013/01/03 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Lamu
[2013/01/03 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ciryg
[2013/01/02 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Zaxye
[2013/01/02 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uqekci
[2013/01/02 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Igyhfu
[2013/01/02 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Xalyu
[2013/01/02 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Vozi
[2013/01/02 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Bimaf
[2012/12/30 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ypfizy
[2012/12/30 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Imdy
[2012/12/30 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Eqve
[2012/12/30 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Spotify
[2012/12/30 15:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/12/30 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Deployment
[2012/12/30 10:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Omnu
[2012/12/30 10:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mugyuv
[2012/12/30 10:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Aquqyb
[2012/12/30 02:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Skype
[2012/12/30 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Suqie
[2012/12/30 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ovcuso
[2012/12/30 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ipem
[2012/12/23 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Otyzok
[2012/12/23 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Moekir
[2012/12/23 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Iflo
[2012/12/23 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uhit
[2012/12/23 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Fiavid
[2012/12/23 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Fesafa
[2012/12/22 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ycxypi
[2012/12/22 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Gyov
[2012/12/22 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Exton
[2012/12/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Piriform
[2012/12/21 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ruqok
[2012/12/21 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ogdy
[2012/12/21 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Obcu
[2012/12/21 14:20:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\RocketLifeNetwork
[2012/12/21 14:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Visan
[2012/12/21 14:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/12/21 13:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2012/12/21 13:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2012/12/21 13:57:26 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2012/12/21 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Wajam
[2012/12/21 13:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/15 14:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/15 14:07:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 13:10:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/15 13:09:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/15 13:09:51 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/15 13:09:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/15 12:15:49 | 000,136,840 | ---- | M] () -- C:\WINDOWS\System32\wpbt0.dll
[2013/01/14 20:58:05 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/14 15:58:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/13 13:55:36 | 000,390,806 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:24 | 000,162,317 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/12 22:33:05 | 000,099,684 | ---- | M] () -- C:\Documents and Settings\admin\39535593.exe
[2013/01/10 10:58:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/09 09:17:02 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:34:22 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/04 14:23:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Windows Media Player.lnk
[2013/01/04 14:20:59 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/03 20:54:32 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130104-142059.backup
[2013/01/03 20:35:51 | 000,006,458 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 20:12:21 | 000,000,050 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013/01/03 19:43:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/12/21 17:02:59 | 000,432,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/15 12:15:51 | 000,136,840 | ---- | C] () -- C:\WINDOWS\System32\wpbt0.dll
[2013/01/13 13:56:04 | 000,390,806 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:49 | 000,162,317 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/12 22:33:05 | 000,099,684 | ---- | C] () -- C:\Documents and Settings\admin\39535593.exe
[2013/01/09 09:17:02 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:32:44 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/03 20:49:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/03 20:48:39 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/03 20:48:38 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/03 20:35:48 | 000,006,458 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 19:43:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2013/01/03 19:31:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2012/12/30 15:50:30 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Spotify.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/06/28 12:23:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/27 08:14:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2006/03/29 16:02:35 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/03/29 16:04:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/04/25 14:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/03 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ahon
[2012/12/30 10:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Aquqyb
[2013/01/02 10:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Bimaf
[2013/01/03 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Bipuu
[2013/01/03 08:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ciryg
[2012/12/30 18:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Eqve
[2012/12/22 00:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Exton
[2012/12/23 13:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Fesafa
[2013/01/03 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Fiavid
[2013/01/03 22:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Gyov
[2012/12/23 14:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Iflo
[2013/01/02 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Igyhfu
[2013/01/03 22:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Imdy
[2013/01/09 09:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\IObit
[2013/01/03 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ipem
[2013/01/03 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Lamu
[2013/01/03 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Lasui
[2013/01/03 22:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Moekir
[2012/12/30 10:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mugyuv
[2013/01/03 21:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Obcu
[2013/01/03 21:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ogdy
[2013/01/03 22:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Omnu
[2012/12/23 14:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Otyzok
[2012/12/30 01:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ovcuso
[2012/12/21 13:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2012/12/21 14:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ruqok
[2013/01/14 16:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/12/30 01:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Suqie
[2013/01/03 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2012/12/23 13:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Uhit
[2013/01/03 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Uqekci
[2012/12/21 14:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Visan
[2013/01/02 10:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Vozi
[2013/01/03 22:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Xalyu
[2013/01/06 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\XnView
[2013/01/03 08:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Xyicdu
[2012/12/22 00:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ycxypi
[2012/12/30 18:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ypfizy
[2013/01/02 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Zaxye
[2006/04/06 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACTIV Software
[2013/01/11 12:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/06/28 13:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2013/01/03 21:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/28 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/12/21 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013/01/09 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/28 12:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2013/01/15 13:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/04/06 15:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research Machines
[2012/12/21 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

========== Purity Check ==========



< End of report >

Any assistance would be appreciated as I am reluctant to run the pc without any protection at all. Thanks in advance whoever you are.

Cheers, Craig.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get the show on the road
Once you have completed these runs try to update

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\admin\LOCALS~1\Temp\xrdqfhoy.sys -- (Micorsoft Windows Service)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [RreKiwyv] C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
O4 - HKCU..\Run: [Update] C:\WINDOWS\system32\wpbt0.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe) - C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
[2013/01/03 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Lasui
[2013/01/03 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Bipuu
[2013/01/03 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ahon
[2013/01/03 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Xyicdu
[2013/01/03 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Lamu
[2013/01/03 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ciryg
[2013/01/02 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Zaxye
[2013/01/02 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uqekci
[2013/01/02 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Igyhfu
[2013/01/02 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Xalyu
[2013/01/02 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Vozi
[2013/01/02 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Bimaf
[2012/12/30 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ypfizy
[2012/12/30 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Imdy
[2012/12/30 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Eqve
[2012/12/30 10:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Omnu
[2012/12/30 10:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mugyuv
[2012/12/30 10:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Aquqyb
[2012/12/30 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Suqie
[2012/12/30 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ovcuso
[2012/12/30 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ipem
[2012/12/23 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Otyzok
[2012/12/23 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Moekir
[2012/12/23 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Iflo
[2012/12/23 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uhit
[2012/12/23 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Fiavid
[2012/12/23 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Fesafa
[2012/12/22 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ycxypi
[2012/12/22 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Gyov
[2012/12/22 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Exton
[2012/12/21 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ruqok
[2012/12/21 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ogdy
[2012/12/21 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Obcu
[2013/01/15 12:15:49 | 000,136,840 | ---- | M] () -- C:\WINDOWS\System32\wpbt0.dll
[2013/01/12 22:33:05 | 000,099,684 | ---- | M] () -- C:\Documents and Settings\admin\39535593.exe

:Files
C:\WINDOWS\system32\wt32exe.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Morning Essexboy

thanks for taking the time to assist.

I have followed the instructions and unfortunatly i am unable to run combofix. Link 1 was cannot display webpage and link 2 at first would dl combofix as far as backing up the reg but then cut off. I then saved to my desktop and tried to run the but it wont even start. Any ideas on getting it going?

please find otl log as requested

OTL logfile created on: 16/01/2013 08:39:55 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.44 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 60.57% Memory free
4.95 Gb Paging File | 4.53 Gb Available in Paging File | 91.38% Paging File free
Paging file location(s): C:\pagefile.sys 3750 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 57.47 Gb Free Space | 77.11% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: EXITSUITE11 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2012/06/20 19:07:46 | 000,305,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/28 15:42:03 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/10/01 08:31:54 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/06/21 18:57:16 | 000,143,360 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Wt32exe.exe -- (TabletService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/05 00:17:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\admin\LOCALS~1\Temp\xrdqfhoy.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ddnt.sys -- (ddnt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/10/27 19:13:54 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/10/27 19:13:52 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/10/27 19:13:30 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2005/11/25 13:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2005/06/08 07:13:00 | 000,025,088 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2005/06/08 04:02:06 | 000,033,280 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2005/03/09 06:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/15 13:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5)
DRV - [2004/09/15 13:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m)
DRV - [2001/07/05 14:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp)
DRV - [2001/07/05 14:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 14:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud)
DRV - [2000/06/07 16:50:28 | 000,023,125 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tablet.sys -- (tablet)
DRV - [2000/06/07 14:13:44 | 000,007,383 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbfilter.sys -- (tbfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...1I7BBKB_enGB508
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2013/01/15 16:25:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (Advanced SystemCare Surfing Protection) - {C262D7CF-4AE3-41C8-937A-BC727ABE907F} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [tblfunc] C:\WINDOWS\System32\tblmouse.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\wpbt0.dll File not found
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [RreKiwyv] C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340800224473 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340800215926 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43CA179-1B95-4671-B012-3AC86E772627}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe) - C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/28 15:14:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 08:38:51 | 005,022,074 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2013/01/16 08:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/16 08:32:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/01/15 16:25:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 14:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/15 14:13:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2013/01/14 16:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Avg2013
[2013/01/14 16:47:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/13 13:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\noels ideas
[2013/01/12 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\one day
[2013/01/09 09:37:17 | 000,021,376 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/01/09 09:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Opera
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\AppData
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\IObit
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
[2013/01/09 09:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/01/09 09:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/01/08 11:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\New Folder
[2013/01/07 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\New Folder
[2013/01/06 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\XnView
[2013/01/06 11:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XnView
[2013/01/06 11:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2013/01/04 14:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Craig's
[2013/01/04 14:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Jo's
[2013/01/04 14:24:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2013/01/03 21:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2013/01/03 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/03 21:27:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
[2013/01/03 20:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/01/03 20:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/01/03 20:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Real
[2013/01/03 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\CyberLink
[2013/01/03 20:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\CyberLink
[2013/01/03 19:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/01/03 19:35:39 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2013/01/03 19:35:21 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2013/01/03 19:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2013/01/03 19:31:52 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2013/01/03 19:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2013/01/03 19:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/12/30 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Spotify
[2012/12/30 15:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/12/30 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Deployment
[2012/12/30 02:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Skype
[2012/12/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Piriform
[2012/12/21 14:20:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\RocketLifeNetwork
[2012/12/21 14:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Visan
[2012/12/21 14:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/12/21 13:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2012/12/21 13:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2012/12/21 13:57:26 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2012/12/21 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Wajam
[2012/12/21 13:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak

========== Files - Modified Within 30 Days ==========

[2013/01/16 08:39:07 | 005,022,074 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2013/01/16 08:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 08:23:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/16 08:23:08 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/16 08:23:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 08:22:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/15 23:07:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 20:59:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/15 16:25:36 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/14 15:58:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/13 13:55:36 | 000,390,806 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:24 | 000,162,317 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/10 10:58:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/09 09:17:02 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:34:22 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/04 14:23:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Windows Media Player.lnk
[2013/01/03 20:54:32 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130104-142059.backup
[2013/01/03 20:35:51 | 000,006,458 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 20:12:21 | 000,000,050 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013/01/03 19:43:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/12/21 17:02:59 | 000,432,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/13 13:56:04 | 000,390,806 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:49 | 000,162,317 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/09 09:17:02 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:32:44 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/03 20:49:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/03 20:48:39 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/03 20:48:38 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/03 20:35:48 | 000,006,458 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 19:43:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2013/01/03 19:31:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2012/12/30 15:50:30 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Spotify.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/06/28 12:23:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/27 08:14:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2006/03/29 16:02:35 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/03/29 16:04:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/04/25 14:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/09 09:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\IObit
[2012/12/21 13:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2013/01/14 16:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify
[2013/01/03 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2012/12/21 14:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Visan
[2013/01/06 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\XnView
[2006/04/06 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACTIV Software
[2013/01/11 12:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/06/28 13:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2013/01/03 21:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/28 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/12/21 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013/01/09 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/28 12:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2013/01/15 13:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/04/06 15:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research Machines
[2012/12/21 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

========== Purity Check ==========



< End of report >

Cheers, Craig
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that did not want to go when told so lets use a different method

Reboot to safe mode with networking
Reboot the computer and repeatedly press and release F8
At the menu that appears select "Safe mode with networking"
Rename combofix to Gotcha
Re-run Combofix
  • 0

#5
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ok so i've tried to do what you instructed and no good. I tried all options to start safe mode and the only 2 that let me were last good config and start normally. No safe mode start was allowed it just kept rebooting the drive back to the safe mode screen. As a result still not able to use combofix.

What can you suggest please?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We have ways ... OK ensure that combofix is still renamed

Then try again from normal mode, if that does not work then do the following

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#7
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
sorry to mess about but combofix is running. i tried to send you a message to that effect but the browser closed mid message. I uninstalled combofix then reinstalled by saving to the desktop and changing the name to gotcha at the install. it took a couple of attempts but its running for now. fingers crossed i'll be able to follow the instructions as per your previous message.
  • 0

#8
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
combofix log txt as requsted

ComboFix 13-01-14.01 - admin 16/01/2013 18:42:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1471.953 [GMT 0:00]
Running from: c:\documents and settings\admin\Desktop\gotcha.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Local Settings\Application Data\fnreulcg.log
c:\documents and settings\admin\Local Settings\Application Data\hgibhkgj.log
c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe
c:\documents and settings\admin\Local Settings\Application Data\lubqmtgh.log
c:\documents and settings\admin\Local Settings\Application Data\sxqdbvts.log
c:\documents and settings\admin\Local Settings\Application Data\toxqwsxp.log
c:\documents and settings\admin\Local Settings\Application Data\ulnguabg.log
c:\documents and settings\admin\Local Settings\Application Data\xelxgokk.log
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\program files\INSTALL.LOG
c:\windows\system32\ijl11.dll
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 18:26 . 2013-01-16 18:27 -------- d-----w- C:\gotcha
2013-01-15 16:25 . 2013-01-15 16:25 -------- d-----w- C:\_OTL
2013-01-14 16:49 . 2013-01-15 13:09 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Avg2013
2013-01-09 18:50 . 2013-01-09 18:50 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2013-01-09 09:37 . 2012-06-19 19:24 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\IObit
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\admin\AppData
2013-01-09 09:17 . 2013-01-09 09:19 -------- d-----w- c:\documents and settings\admin\Application Data\IObit
2013-01-09 09:16 . 2013-01-09 09:16 -------- d-----w- c:\program files\IObit
2013-01-06 11:33 . 2013-01-06 12:00 -------- d-----w- c:\documents and settings\admin\Application Data\XnView
2013-01-06 11:32 . 2013-01-06 11:32 -------- d-----w- c:\program files\XnView
2013-01-03 21:30 . 2013-01-03 21:30 -------- d-----w- c:\documents and settings\admin\Application Data\TuneUp Software
2013-01-03 21:28 . 2013-01-03 21:28 -------- d-----w- c:\program files\AVG
2013-01-03 21:27 . 2013-01-15 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-01-03 21:27 . 2013-01-03 21:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-01-03 21:27 . 2013-01-03 21:27 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\MFAData
2013-01-03 20:42 . 2013-01-03 20:43 -------- d-----w- c:\windows\system32\NtmsData
2013-01-03 20:06 . 2013-01-03 20:06 -------- d-----w- c:\documents and settings\admin\Application Data\CyberLink
2013-01-03 19:42 . 2013-01-06 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-01-03 19:42 . 2013-01-03 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-01-03 19:35 . 2009-04-06 11:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2013-01-03 19:35 . 2009-02-10 16:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2013-01-03 19:31 . 2009-02-18 17:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2013-01-03 19:31 . 2013-01-03 19:31 -------- d-----w- c:\program files\Agnitum
2013-01-03 19:31 . 2013-01-11 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2012-12-30 15:50 . 2013-01-14 12:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Spotify
2012-12-30 15:49 . 2013-01-14 16:44 -------- d-----w- c:\documents and settings\admin\Application Data\Spotify
2012-12-30 15:47 . 2012-12-30 15:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Deployment
2012-12-30 02:02 . 2012-12-30 02:02 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Skype
2012-12-21 14:51 . 2012-12-21 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Piriform
2012-12-21 14:20 . 2012-12-21 14:20 -------- d-----w- c:\documents and settings\admin\Application Data\Visan
2012-12-21 14:18 . 2012-12-21 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan
2012-12-21 13:57 . 2012-12-21 13:58 -------- d-----w- c:\documents and settings\admin\Application Data\PerformerSoft
2012-12-21 13:57 . 2012-12-21 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-12-21 13:56 . 2012-12-21 13:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Wajam
2012-12-21 13:55 . 2012-12-21 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-03 23:56 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-03 22:17 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-05 00:17 . 2012-11-05 00:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-05 00:17 . 2012-11-05 00:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-02 02:02 . 2004-08-03 23:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-03 23:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2004-08-03 21:59 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-06-20 305536]
"Spotify Web Helper"="c:\documents and settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-12-30 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 143360]
"VTTimer"="VTTimer.exe" [2004-10-01 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"tblfunc"="tblmouse.exe" [2001-08-21 49152]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-28 180269]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1460\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1463\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1470\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1474\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1478\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2222\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2223\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2230\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2234\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2235\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2236\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2241\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2243\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2249\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2255\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2256\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2259\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2262\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2267\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2277\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2278\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2279\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2280\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2282\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2283\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2290\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2303\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2306\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2311\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2325\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2327\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2331\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2342\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2343\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2351\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2354\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2362\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2366\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2379\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2381\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2382\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2383\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2389\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2390\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2396\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2403\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2410\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2411\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2419\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2423\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2425\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2426\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2428\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2433\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2434\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2437\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2440\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2447\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2452\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2453\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2468\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2477\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2479\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2481\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2484\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2490\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2497\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2498\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2501\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2505\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2507\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2509\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2520\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2521\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2523\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2524\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2525\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2530\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2531\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2532\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2537\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2538\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2539\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2543\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2550\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2552\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2553\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2558\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2584\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2592\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2626\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2660\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2666\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2667\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2668\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2671\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2674\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2676\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2677\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2678\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2679\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2681\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2683\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2684\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2685\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2686\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2687\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2688\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2689\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2690\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2691\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2692\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2693\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2695\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2696\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2697\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2698\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2701\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2703\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2706\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2708\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2711\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2712\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2714\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2716\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2717\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2718\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2720\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2722\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2723\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2726\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2729\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2730\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2732\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2738\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2740\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2742\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2746\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2747\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2749\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2755\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2757\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2759\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2760\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2764\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2766\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2768\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2773\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2775\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2776\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2777\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2778\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2780\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2781\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2785\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2786\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2788\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2789\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2790\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2791\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2792\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2793\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2794\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2795\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2796\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2797\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2799\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2800\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2801\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2802\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2803\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2804\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2808\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2809\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2811\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2813\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2814\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2815\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2816\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2818\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2819\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2821\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2822\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2823\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2824\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2826\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2827\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2828\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2829\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2831\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2832\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2834\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2835\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2836\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2837\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2838\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2840\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2843\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2844\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2845\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2848\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2849\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2850\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2854\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2855\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2856\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2857\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2858\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2859\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2860\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2863\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2870\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2871\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2872\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2875\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2876\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2881\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2883\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2885\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2886\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2887\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2888\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2890\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2893\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2898\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2900\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2901\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2902\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2903\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2904\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2905\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2906\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2908\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2910\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2911\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2912\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2914\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2915\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2916\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2918\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2920\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2922\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2923\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2924\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2928\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2929\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2930\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2931\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2932\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2934\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2935\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2937\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2944\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2945\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2946\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2948\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2949\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2951\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2952\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2953\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2956\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2957\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2958\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2960\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2961\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2963\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2966\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2968\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2969\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2971\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2972\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2973\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2975\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2976\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2977\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2978\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2979\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2980\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2982\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2990\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2995\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2997\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3000\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3001\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3003\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3007\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3008\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3009\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3011\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3012\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3014\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3015\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3018\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3020\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3021\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3023\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3026\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3028\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3029\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3030\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3031\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3033\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3034\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3037\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3039\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3040\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3041\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3043\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3045\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3047\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3049\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3050\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3058\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3064\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3071\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-500\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
2009-04-14 18:02 428032 ----a-w- c:\program files\Agnitum\Outpost Firewall\feedback.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-10-19 16:18 17875120 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-12-30 15:50 7880664 ----a-w- c:\documents and settings\admin\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-12-30 15:50 1199576 ----a-w- c:\documents and settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-02 13:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [28/06/2012 12:37 56208]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/01/2013 19:35 704384]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [09/01/2013 09:16 1010560]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/12/2012 14:26 3290896]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/01/2013 19:31 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/01/2013 19:35 257432]
S2 ddnt;ddnt;\??\c:\windows\system32\drivers\ddnt.sys --> c:\windows\system32\drivers\ddnt.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19/10/2012 16:14 160944]
S3 idmc1aud;Intel® Play™ USB Audio Filter (WDM);c:\windows\system32\drivers\idmc1aud.sys [06/04/2006 13:08 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver;c:\windows\system32\drivers\IDMC1Blk.sys [06/04/2006 13:08 14628]
S3 IDMC1Vxp;Intel® Play™ DMC Camera;c:\windows\system32\drivers\idmc1vme.sys [06/04/2006 13:08 416564]
S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [28/03/2006 15:23 25088]
S3 STVqx5;Digital Blue QX5™ Microscope;c:\windows\system32\drivers\STVqx5.sys [06/04/2006 13:24 64512]
S3 STVqx5m;Digital Blue QX5™ Microscopem;c:\windows\system32\drivers\STVqx5m.sys [06/04/2006 13:24 6144]
S3 tablet;Serial Tablet Driver;c:\windows\system32\drivers\tablet.sys [06/04/2006 17:19 23125]
S3 tbfilter;Tablet Filter Driver;c:\windows\system32\drivers\tbfilter.sys [06/04/2006 17:19 7383]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 00:17]
.
2013-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 00:18]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 00:17]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 00:17]
.
2013-01-14 c:\windows\Tasks\ReclaimerUpdateFiles_admin.job
- c:\documents and settings\admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-03 20:43]
.
2013-01-15 c:\windows\Tasks\ReclaimerUpdateXML_admin.job
- c:\documents and settings\admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-03 20:43]
.
2013-01-16 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_admin.job
- c:\documents and settings\admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-03 20:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RreKiwyv - c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\admin\Start Menu\Programs\Startup\rrekiwyv.exe 99684 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\VTtrayp.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\tblmouse.exe
.
**************************************************************************
.
Completion time: 2013-01-16 19:09:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-16 19:09
.
Pre-Run: 67,413,438,464 bytes free
Post-Run: 67,266,908,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A956F036DAA0D336752E3BFF34BAE283
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill the rest, on completion could you try updates

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\admin\Start Menu\Programs\Startup\rrekiwyv.exe

Folder::
c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#10
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
combofix log as requested


ComboFix 13-01-14.01 - admin 16/01/2013 19:46:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1471.953 [GMT 0:00]
Running from: c:\documents and settings\admin\Desktop\gotcha.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
FILE ::
"c:\documents and settings\admin\Start Menu\Programs\Startup\rrekiwyv.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Local Settings\Application Data\fnreulcg.log
c:\documents and settings\admin\Local Settings\Application Data\hgibhkgj.log
c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv
c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe
c:\documents and settings\admin\Local Settings\Application Data\lubqmtgh.log
c:\documents and settings\admin\Local Settings\Application Data\toxqwsxp.log
c:\documents and settings\admin\Local Settings\Application Data\ulnguabg.log
c:\documents and settings\admin\Local Settings\Application Data\xelxgokk.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 18:26 . 2013-01-16 18:27 -------- d-----w- C:\gotcha
2013-01-15 16:25 . 2013-01-15 16:25 -------- d-----w- C:\_OTL
2013-01-14 16:49 . 2013-01-15 13:09 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Avg2013
2013-01-09 18:50 . 2013-01-09 18:50 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2013-01-09 09:37 . 2012-06-19 19:24 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\IObit
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
2013-01-09 09:17 . 2013-01-09 09:17 -------- d-----w- c:\documents and settings\admin\AppData
2013-01-09 09:17 . 2013-01-09 09:19 -------- d-----w- c:\documents and settings\admin\Application Data\IObit
2013-01-09 09:16 . 2013-01-09 09:16 -------- d-----w- c:\program files\IObit
2013-01-06 11:33 . 2013-01-06 12:00 -------- d-----w- c:\documents and settings\admin\Application Data\XnView
2013-01-06 11:32 . 2013-01-06 11:32 -------- d-----w- c:\program files\XnView
2013-01-03 21:30 . 2013-01-03 21:30 -------- d-----w- c:\documents and settings\admin\Application Data\TuneUp Software
2013-01-03 21:28 . 2013-01-03 21:28 -------- d-----w- c:\program files\AVG
2013-01-03 21:27 . 2013-01-15 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-01-03 21:27 . 2013-01-03 21:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-01-03 21:27 . 2013-01-03 21:27 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\MFAData
2013-01-03 20:42 . 2013-01-03 20:43 -------- d-----w- c:\windows\system32\NtmsData
2013-01-03 20:06 . 2013-01-03 20:06 -------- d-----w- c:\documents and settings\admin\Application Data\CyberLink
2013-01-03 19:42 . 2013-01-06 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-01-03 19:42 . 2013-01-03 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-01-03 19:35 . 2009-04-06 11:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2013-01-03 19:35 . 2009-02-10 16:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2013-01-03 19:31 . 2009-02-18 17:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2013-01-03 19:31 . 2013-01-03 19:31 -------- d-----w- c:\program files\Agnitum
2013-01-03 19:31 . 2013-01-11 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2012-12-30 15:50 . 2013-01-14 12:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Spotify
2012-12-30 15:49 . 2013-01-14 16:44 -------- d-----w- c:\documents and settings\admin\Application Data\Spotify
2012-12-30 15:47 . 2012-12-30 15:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Deployment
2012-12-30 02:02 . 2012-12-30 02:02 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Skype
2012-12-21 14:51 . 2012-12-21 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Piriform
2012-12-21 14:20 . 2012-12-21 14:20 -------- d-----w- c:\documents and settings\admin\Application Data\Visan
2012-12-21 14:18 . 2012-12-21 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan
2012-12-21 13:57 . 2012-12-21 13:58 -------- d-----w- c:\documents and settings\admin\Application Data\PerformerSoft
2012-12-21 13:57 . 2012-12-21 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-12-21 13:56 . 2012-12-21 13:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Wajam
2012-12-21 13:55 . 2012-12-21 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-03 23:56 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-03 22:17 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-05 00:17 . 2012-11-05 00:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-05 00:17 . 2012-11-05 00:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-02 02:02 . 2004-08-03 23:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-03 23:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2004-08-03 21:59 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-06-20 305536]
"Spotify Web Helper"="c:\documents and settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-12-30 1199576]
"RreKiwyv"="c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 143360]
"VTTimer"="VTTimer.exe" [2004-10-01 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"tblfunc"="tblmouse.exe" [2001-08-21 49152]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-28 180269]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1460\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1463\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1470\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1474\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-1478\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2222\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2223\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2230\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2234\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2235\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2236\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2241\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2243\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2249\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2255\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2256\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2259\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2262\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2267\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2277\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2278\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2279\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2280\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2282\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2283\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2290\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2303\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2306\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2311\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2325\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2327\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2331\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2342\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2343\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2351\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2354\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2362\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2366\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2379\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2381\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2382\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2383\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2389\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2390\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2396\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2403\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2410\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2411\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2419\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2423\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2425\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2426\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2428\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2433\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2434\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2437\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2440\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2447\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2452\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2453\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2468\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2477\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2479\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2481\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2484\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2490\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2497\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2498\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2501\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2505\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2507\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2509\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2520\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2521\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2523\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2524\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2525\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2530\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2531\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2532\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2537\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2538\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2539\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2543\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2550\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2552\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2553\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2558\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2584\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2592\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2626\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2660\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2666\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2667\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2668\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2671\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2674\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2676\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2677\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2678\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2679\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2681\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2683\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2684\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2685\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2686\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2687\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2688\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2689\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2690\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2691\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2692\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2693\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2695\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2696\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2697\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2698\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2701\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2703\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2706\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2708\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2711\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2712\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2714\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2716\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2717\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2718\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2720\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2722\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2723\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2726\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2729\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2730\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2732\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2738\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2740\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2742\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2746\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2747\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2749\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2755\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2757\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2759\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2760\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2764\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2766\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2768\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2773\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2775\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2776\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2777\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2778\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2780\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2781\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2785\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2786\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2788\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2789\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2790\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2791\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2792\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2793\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2794\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2795\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2796\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2797\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2799\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2800\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2801\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2802\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2803\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2804\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2808\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2809\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2811\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2813\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2814\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2815\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2816\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2818\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2819\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2821\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2822\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2823\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2824\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2826\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2827\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2828\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2829\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2831\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2832\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2834\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2835\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2836\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2837\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2838\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2840\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2843\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2844\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2845\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2848\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2849\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2850\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2854\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2855\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2856\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2857\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2858\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2859\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2860\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2863\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2870\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2871\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2872\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2875\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2876\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2881\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2883\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2885\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2886\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2887\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2888\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2890\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2893\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2898\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2900\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2901\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2902\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2903\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2904\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2905\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2906\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2908\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2910\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2911\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2912\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2914\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2915\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2916\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2918\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2920\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2922\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2923\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2924\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2928\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2929\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2930\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2931\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2932\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2934\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2935\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2937\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2944\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2945\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2946\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2948\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2949\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2951\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2952\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2953\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2956\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2957\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2958\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2960\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2961\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2963\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2966\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2968\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2969\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2971\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2972\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2973\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2975\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2976\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2977\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2978\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2979\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2980\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2982\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2990\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2995\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-2997\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3000\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3001\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3003\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3007\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3008\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3009\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3011\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3012\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3014\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3015\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3018\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3020\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3021\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3023\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3026\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3028\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3029\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3030\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3031\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3033\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3034\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3037\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3039\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3040\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3041\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3043\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3045\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3047\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3049\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3050\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3058\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3064\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-3071\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2078540614-805346387-1883520330-500\Scripts\Logon\0\0]
"Script"=\\Overdale1\NETLOGON\SchoolPrinters.vbs
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
2009-04-14 18:02 428032 ----a-w- c:\program files\Agnitum\Outpost Firewall\feedback.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-10-19 16:18 17875120 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-12-30 15:50 7880664 ----a-w- c:\documents and settings\admin\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-12-30 15:50 1199576 ----a-w- c:\documents and settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-02 13:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [28/06/2012 12:37 56208]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/01/2013 19:35 704384]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [09/01/2013 09:16 1010560]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/12/2012 14:26 3290896]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/01/2013 19:31 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/01/2013 19:35 257432]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\admin\LOCALS~1\Temp\xrdqfhoy.sys --> c:\docume~1\admin\LOCALS~1\Temp\xrdqfhoy.sys [?]
S2 ddnt;ddnt;\??\c:\windows\system32\drivers\ddnt.sys --> c:\windows\system32\drivers\ddnt.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19/10/2012 16:14 160944]
S3 idmc1aud;Intel® Play™ USB Audio Filter (WDM);c:\windows\system32\drivers\idmc1aud.sys [06/04/2006 13:08 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver;c:\windows\system32\drivers\IDMC1Blk.sys [06/04/2006 13:08 14628]
S3 IDMC1Vxp;Intel® Play™ DMC Camera;c:\windows\system32\drivers\idmc1vme.sys [06/04/2006 13:08 416564]
S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [28/03/2006 15:23 25088]
S3 STVqx5;Digital Blue QX5™ Microscope;c:\windows\system32\drivers\STVqx5.sys [06/04/2006 13:24 64512]
S3 STVqx5m;Digital Blue QX5™ Microscopem;c:\windows\system32\drivers\STVqx5m.sys [06/04/2006 13:24 6144]
S3 tablet;Serial Tablet Driver;c:\windows\system32\drivers\tablet.sys [06/04/2006 17:19 23125]
S3 tbfilter;Tablet Filter Driver;c:\windows\system32\drivers\tbfilter.sys [06/04/2006 17:19 7383]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 00:17]
.
2013-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 00:18]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 00:17]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 00:17]
.
2013-01-14 c:\windows\Tasks\ReclaimerUpdateFiles_admin.job
- c:\documents and settings\admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-03 20:43]
.
2013-01-15 c:\windows\Tasks\ReclaimerUpdateXML_admin.job
- c:\documents and settings\admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-03 20:43]
.
2013-01-16 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_admin.job
- c:\documents and settings\admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-03 20:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\admin\Start Menu\Programs\Startup\rrekiwyv.exe 99684 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\VTtrayp.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\tblmouse.exe
.
**************************************************************************
.
Completion time: 2013-01-16 20:12:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-16 20:11
ComboFix2.txt 2013-01-16 19:09
.
Pre-Run: 67,280,097,280 bytes free
Post-Run: 67,258,990,592 bytes free
.
- - End Of File - - 2D47E2378FE0F81CEC3EE5017B41A65C
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one still wants to stay , After Avenger has run, then re-run combofix

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Posted Image
Begin copying here: 
Files to delete:
c:\documents and settings\admin\Start Menu\Programs\Startup\rrekiwyv.exe
c:\docume~1\admin\LOCALS~1\Temp\xrdqfhoy.sys 

Drivers to delete:
Micorsoft Windows Service


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a freshOTL log .
  • 0

#12
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\admin\Start Menu\Programs\Startup\rrekiwyv.exe" deleted successfully.

Error: file "c:\docume~1\admin\LOCALS~1\Temp\xrdqfhoy.sys" not found!
Deletion of file "c:\docume~1\admin\LOCALS~1\Temp\xrdqfhoy.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Micorsoft Windows Service" not found!
Deletion of driver "Micorsoft Windows Service" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


also the fresh otl log as requested

OTL logfile created on: 16/01/2013 20:52:15 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.44 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.54% Memory free
4.95 Gb Paging File | 4.67 Gb Available in Paging File | 94.20% Paging File free
Paging file location(s): C:\pagefile.sys 3750 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.58 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: EXITSUITE11 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2012/12/30 15:50:29 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/20 19:07:46 | 000,305,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/28 15:42:03 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/10/01 08:31:54 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/06/21 18:57:16 | 000,143,360 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 19:07:36 | 000,140,672 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Wt32exe.exe -- (TabletService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/05 00:17:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ddnt.sys -- (ddnt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/27 19:13:54 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/10/27 19:13:52 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/10/27 19:13:30 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2005/11/25 13:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2005/06/08 07:13:00 | 000,025,088 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2005/06/08 04:02:06 | 000,033,280 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2005/03/09 06:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/15 13:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5)
DRV - [2004/09/15 13:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m)
DRV - [2001/07/05 14:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp)
DRV - [2001/07/05 14:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 14:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud)
DRV - [2000/06/07 16:50:28 | 000,023,125 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tablet.sys -- (tablet)
DRV - [2000/06/07 14:13:44 | 000,007,383 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbfilter.sys -- (tbfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...1I7BBKB_enGB508
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2013/01/16 20:02:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (Advanced SystemCare Surfing Protection) - {C262D7CF-4AE3-41C8-937A-BC727ABE907F} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [tblfunc] C:\WINDOWS\System32\tblmouse.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [RreKiwyv] C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340800224473 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340800215926 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43CA179-1B95-4671-B012-3AC86E772627}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe) - C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/28 15:14:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 20:49:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/16 20:46:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/01/16 20:46:10 | 000,000,000 | ---D | C] -- C:\IObit
[2013/01/16 20:12:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/16 20:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv
[2013/01/16 18:38:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/16 18:35:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/16 18:35:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/16 18:35:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/16 18:35:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/16 18:26:56 | 000,000,000 | ---D | C] -- C:\gotcha
[2013/01/16 18:20:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 18:20:04 | 005,022,074 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\gotcha.exe
[2013/01/16 09:12:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2013/01/16 08:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/15 16:25:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 14:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/14 16:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Avg2013
[2013/01/14 16:47:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/13 13:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\noels ideas
[2013/01/12 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\one day
[2013/01/09 09:37:17 | 000,021,376 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/01/09 09:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Opera
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\AppData
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\IObit
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
[2013/01/09 09:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/01/09 09:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/01/08 11:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\New Folder
[2013/01/07 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\New Folder
[2013/01/06 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\XnView
[2013/01/06 11:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XnView
[2013/01/06 11:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2013/01/04 14:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Craig's
[2013/01/04 14:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Jo's
[2013/01/04 14:24:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2013/01/03 21:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2013/01/03 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/03 21:27:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
[2013/01/03 20:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/01/03 20:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/01/03 20:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Real
[2013/01/03 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\CyberLink
[2013/01/03 20:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\CyberLink
[2013/01/03 19:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/01/03 19:35:39 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2013/01/03 19:35:21 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2013/01/03 19:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2013/01/03 19:31:52 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2013/01/03 19:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2013/01/03 19:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/12/30 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Spotify
[2012/12/30 15:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/12/30 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Deployment
[2012/12/30 02:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Skype
[2012/12/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Piriform
[2012/12/21 14:20:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\RocketLifeNetwork
[2012/12/21 14:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Visan
[2012/12/21 14:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/12/21 13:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2012/12/21 13:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2012/12/21 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Wajam
[2012/12/21 13:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak

========== Files - Modified Within 30 Days ==========

[2013/01/16 20:48:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/16 20:46:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/16 20:46:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 20:46:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/16 20:45:06 | 000,001,447 | ---- | M] () -- C:\backup.reg
[2013/01/16 20:45:04 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2013/01/16 20:45:04 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2013/01/16 20:45:04 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2013/01/16 20:43:37 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\avenger.exe
[2013/01/16 20:43:01 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\avenger.zip
[2013/01/16 20:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 20:07:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/16 20:02:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/16 18:38:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/16 18:20:21 | 005,022,074 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\gotcha.exe
[2013/01/15 20:59:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/14 15:58:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/13 13:55:36 | 000,390,806 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:24 | 000,162,317 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/10 10:58:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/09 09:17:02 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:34:22 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/04 14:23:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Windows Media Player.lnk
[2013/01/03 20:54:32 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130104-142059.backup
[2013/01/03 20:35:51 | 000,006,458 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 20:12:21 | 000,000,050 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013/01/03 19:43:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/12/21 17:02:59 | 000,432,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/16 20:45:06 | 000,001,447 | ---- | C] () -- C:\backup.reg
[2013/01/16 20:45:04 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2013/01/16 20:45:04 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2013/01/16 20:45:04 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2013/01/16 20:42:59 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\avenger.zip
[2013/01/16 18:38:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/01/16 18:38:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/16 18:35:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/16 18:35:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/16 18:35:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/16 18:35:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/16 18:35:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/13 13:56:04 | 000,390,806 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:49 | 000,162,317 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/09 09:17:02 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:32:44 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/03 20:49:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/03 20:48:39 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/03 20:48:38 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/03 20:35:48 | 000,006,458 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 19:43:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2013/01/03 19:31:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2012/12/30 15:50:30 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Spotify.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/06/28 12:23:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/27 08:14:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2006/03/29 16:02:35 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/03/29 16:04:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/04/25 14:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/09 09:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\IObit
[2012/12/21 13:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2013/01/14 16:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify
[2013/01/03 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2012/12/21 14:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Visan
[2013/01/06 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\XnView
[2006/04/06 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACTIV Software
[2013/01/11 12:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/06/28 13:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2013/01/03 21:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/28 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/12/21 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013/01/09 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/28 12:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2013/01/15 13:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/04/06 15:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research Machines
[2012/12/21 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

========== Purity Check ==========



< End of report >
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After this could you test the system including updates and let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2013/01/16 20:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
slimc33

slimc33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
quick question, during all this process an icon has appeared on my tray it is s3tray plus utility. Should this be there, ive never seen it before?

otl as requested


OTL logfile created on: 16/01/2013 21:17:55 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.44 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 75.06% Memory free
4.95 Gb Paging File | 4.75 Gb Available in Paging File | 95.97% Paging File free
Paging file location(s): C:\pagefile.sys 3750 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.49 Gb Free Space | 83.85% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: EXITSUITE11 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2012/12/30 15:50:29 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/06/20 19:07:46 | 000,305,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/28 15:42:03 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/10/01 08:31:54 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/06/21 18:57:16 | 000,143,360 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2001/08/21 12:56:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\tblmouse.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Wt32exe.exe -- (TabletService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/05 00:17:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/10 10:18:52 | 001,010,560 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ddnt.sys -- (ddnt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/27 19:13:54 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/10/27 19:13:52 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/10/27 19:13:30 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2005/11/25 13:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2005/06/08 07:13:00 | 000,025,088 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2005/06/08 04:02:06 | 000,033,280 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2005/03/09 06:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/15 13:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5)
DRV - [2004/09/15 13:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m)
DRV - [2001/07/05 14:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp)
DRV - [2001/07/05 14:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 14:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud)
DRV - [2000/06/07 16:50:28 | 000,023,125 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tablet.sys -- (tablet)
DRV - [2000/06/07 14:13:44 | 000,007,383 | ---- | M] (Aiptek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbfilter.sys -- (tbfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {E32AA30F-2144-4F6D-A9BD-32613F9C438F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{E32AA30F-2144-4F6D-A9BD-32613F9C438F}: "URL" = http://www.google.co...1I7BBKB_enGB508
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2013/01/16 21:15:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (Advanced SystemCare Surfing Protection) - {C262D7CF-4AE3-41C8-937A-BC727ABE907F} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [tblfunc] C:\WINDOWS\System32\tblmouse.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [RreKiwyv] C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340800224473 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340800215926 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43CA179-1B95-4671-B012-3AC86E772627}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/28 15:14:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 20:49:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/16 20:46:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/01/16 20:46:10 | 000,000,000 | ---D | C] -- C:\IObit
[2013/01/16 20:12:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/16 18:38:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/16 18:35:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/16 18:35:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/16 18:35:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/16 18:35:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/16 18:26:56 | 000,000,000 | ---D | C] -- C:\gotcha
[2013/01/16 18:20:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 18:20:04 | 005,022,074 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\gotcha.exe
[2013/01/16 09:12:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2013/01/16 08:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/15 16:25:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 14:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/14 16:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Avg2013
[2013/01/14 16:47:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/13 13:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\noels ideas
[2013/01/12 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\one day
[2013/01/09 09:37:17 | 000,021,376 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/01/09 09:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Opera
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/01/09 09:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\AppData
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\IObit
[2013/01/09 09:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
[2013/01/09 09:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/01/09 09:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/01/08 11:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\New Folder
[2013/01/07 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\New Folder
[2013/01/06 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\XnView
[2013/01/06 11:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XnView
[2013/01/06 11:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2013/01/04 14:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Craig's
[2013/01/04 14:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\Jo's
[2013/01/04 14:24:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2013/01/03 21:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2013/01/03 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/03 21:27:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/03 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
[2013/01/03 20:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/01/03 20:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/01/03 20:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Real
[2013/01/03 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\CyberLink
[2013/01/03 20:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\CyberLink
[2013/01/03 19:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/03 19:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/01/03 19:35:39 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2013/01/03 19:35:21 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2013/01/03 19:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2013/01/03 19:31:52 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2013/01/03 19:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2013/01/03 19:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/12/30 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Spotify
[2012/12/30 15:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/12/30 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Deployment
[2012/12/30 02:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Skype
[2012/12/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Piriform
[2012/12/21 14:20:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\RocketLifeNetwork
[2012/12/21 14:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Visan
[2012/12/21 14:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/12/21 13:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2012/12/21 13:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2012/12/21 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Wajam
[2012/12/21 13:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak

========== Files - Modified Within 30 Days ==========

[2013/01/16 21:17:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/16 21:16:52 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 21:16:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/16 21:16:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/16 21:15:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/01/16 21:07:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/16 21:00:01 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/16 20:45:06 | 000,001,447 | ---- | M] () -- C:\backup.reg
[2013/01/16 20:45:04 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2013/01/16 20:45:04 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2013/01/16 20:45:04 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2013/01/16 20:43:37 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\avenger.exe
[2013/01/16 20:43:01 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\avenger.zip
[2013/01/16 20:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 18:38:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/16 18:20:21 | 005,022,074 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\gotcha.exe
[2013/01/15 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2013/01/14 15:58:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/13 13:55:36 | 000,390,806 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:24 | 000,162,317 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/10 10:58:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/09 09:17:02 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:34:22 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/04 14:23:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Windows Media Player.lnk
[2013/01/03 20:54:32 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130104-142059.backup
[2013/01/03 20:35:51 | 000,006,458 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 20:12:21 | 000,000,050 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013/01/03 19:43:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/12/21 17:02:59 | 000,432,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/16 20:45:06 | 000,001,447 | ---- | C] () -- C:\backup.reg
[2013/01/16 20:45:04 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2013/01/16 20:45:04 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2013/01/16 20:45:04 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2013/01/16 20:42:59 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\avenger.zip
[2013/01/16 18:38:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/01/16 18:38:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/16 18:35:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/16 18:35:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/16 18:35:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/16 18:35:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/16 18:35:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/13 13:56:04 | 000,390,806 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas3
[2013/01/13 13:50:49 | 000,162,317 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\noels ideas.jpg
[2013/01/09 09:17:02 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/01/06 11:32:44 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\XnView.lnk
[2013/01/04 14:23:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/03 20:49:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_admin.job
[2013/01/03 20:48:39 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_admin.job
[2013/01/03 20:48:38 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_admin.job
[2013/01/03 20:35:48 | 000,006,458 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20130103_203540.reg
[2013/01/03 19:43:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2013/01/03 19:31:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2012/12/30 15:50:30 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Spotify.lnk
[2012/12/30 15:50:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spotify.lnk
[2012/06/28 12:23:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/27 08:14:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2006/03/29 16:02:35 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/03/29 16:04:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/04/25 14:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/09 09:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\IObit
[2012/12/21 13:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PerformerSoft
[2013/01/14 16:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify
[2013/01/03 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2012/12/21 14:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Visan
[2013/01/06 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\XnView
[2006/04/06 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACTIV Software
[2013/01/11 12:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/06/28 13:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2013/01/03 21:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/28 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/12/21 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013/01/09 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/28 12:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2013/01/15 13:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/04/06 15:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research Machines
[2012/12/21 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

========== Purity Check ==========



< End of report >
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is for your video card, it can be disabled if you wish - last one to kill I feel

Are the updates and firewall working now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKCU..\Run: [RreKiwyv] C:\Documents and Settings\admin\Local Settings\Application Data\iakwrkmv\rrekiwyv.exe File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP