Thinkpoint. Can't start xp, any mode. Please help.

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 2:14 am

I got Thinkpoint trojan a few days ago. I ran Malwarebytes for a couple hours, then had to leave for a couple days. MB caught 4 pieces of Thinkpoint. I came home today, started the computer to run MB to completion, and the computer won't boot. Safe Mode, DOS prompt, Normal start, all fail. Thanks in advance for help.
edlacerra

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 2:17 am

Hi,

Welcome to GeekPolice.net!

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download ISOBurner

This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
See the instructions page for more info.

Step 2: download the OTLPE REATOGO Windows Recovery Environment.

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:28 am

Thanks! Scanning now. I changed Drivers to None, as my only choices were None, Use Safe List, and All. I will post when scan is over.

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:35 am

Thanks again for all your help Sneakyone. Here's the scan result:

OTL logfile created on: 10/28/2010 11:25:22 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 77.73 Gb Free Space | 69.59% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/10/28 19:22:39 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/09/10 16:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/30 18:36:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 18:36:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\edward_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/21 20:18:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{59EDC053-1427-4A77-8583-9C9B343F73B3}: C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\ [2010/10/25 18:10:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 18:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 18:51:08 | 000,000,000 | ---D | M]

[2010/10/25 16:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/24 07:52:18 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\edward_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} http://www.dvrstation.com/pdvratl.cab (PdvrOcx Class)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\edward_ON_C Winlogon: Shell - (C:\Documents and Settings\edward\Application Data\hotfix.exe) - C:\Documents and Settings\edward\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: chkntcut - (C:\WINDOWS\system32\fixmsmss.dll) - C:\WINDOWS\system32\fixmsmss.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/10/26 14:52:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/10/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Malwarebytes
[2010/10/26 13:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/26 13:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/26 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 13:56:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/25 20:49:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/10/25 20:35:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\edward\Recent
[2010/10/25 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 18:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}
[2010/10/25 18:08:36 | 000,760,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\tqqgk.sys
[2010/10/25 15:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Laundry 10-22-10
[2010/10/19 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Customers Porcessed in Little Rock
[2010/10/16 11:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\DivX
[2010/10/16 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\War Eagle Mill and Craft Fair 10-14-10
[2010/10/03 12:10:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/10/01 10:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Info. for Insurance Co
[2007/09/09 17:46:44 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Controllers.dll
[2007/09/09 17:46:42 | 000,229,376 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Billy.dll
[2007/09/09 17:46:42 | 000,208,896 | ---- | C] ( ) -- C:\Program Files\ti.jazzie.dll
[2007/09/09 17:46:42 | 000,163,840 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\ScrappyText.dll
[2007/09/09 17:46:42 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.HostInterface.exe
[2007/09/09 17:46:40 | 000,851,968 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.dll
[2007/09/09 17:46:40 | 000,049,152 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Gracie.dll
[2007/09/09 17:46:40 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.dll
[2007/09/09 17:46:38 | 000,466,944 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Georgia.dll
[2007/09/09 17:46:38 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.Res.dll
[2007/09/09 17:46:38 | 000,086,016 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\ps20resources.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\pmwresources.dll
[2007/09/09 17:46:28 | 000,081,920 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Rescue.exe
[2007/09/09 17:46:28 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.dll
[2007/09/09 17:46:26 | 000,126,976 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Aardvark.dll
[2007/09/09 17:46:26 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.dll
[2007/09/09 17:46:26 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.Dispatch.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.Target.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Target.dll
[2007/09/09 17:46:24 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Beast.ICs.dll
[2007/09/09 17:46:24 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.IC.dll
[2007/09/09 17:46:24 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.IC.dll
[2007/09/09 17:46:22 | 000,073,728 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.dll
[2007/09/09 17:46:22 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.dll
[2007/09/09 17:46:22 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\CustomControlsLib.dll
[2007/09/09 17:46:22 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.dll
[2007/09/09 17:46:22 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\PlatformUtils.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.ICs.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\IC.dll
[2007/09/09 17:46:22 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\RainMan.dll
[2007/09/09 17:46:20 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Framework.dll
[2007/09/09 17:46:10 | 000,006,656 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Win32UI.dll
[2007/09/09 17:45:36 | 000,069,632 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\GreenleafArchiveLib.dll
[2007/09/09 17:45:34 | 000,041,984 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.ZLibWrapper.dll
[2007/09/09 17:45:32 | 000,011,776 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.DriveInfo.dll
[2007/09/09 17:44:40 | 006,541,312 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMW.exe
[2007/09/09 17:42:30 | 009,707,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\pmwres32.dll
[2007/09/09 17:42:24 | 000,114,688 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ConnMgr.dll
[2007/09/09 17:42:18 | 000,061,440 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AboutBoxdll.dll
[2007/09/09 17:41:44 | 000,040,960 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\CustToolbar.dll
[2007/09/09 17:41:40 | 000,155,648 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\border.dll
[2007/09/09 17:41:34 | 000,303,104 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PSToolbar.dll
[2007/09/09 17:41:16 | 000,057,344 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AccessAB.dll
[2007/09/09 17:41:12 | 000,021,504 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Thesaurus.dll
[2007/09/09 17:40:50 | 000,098,304 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMWTrueType.dll
[2007/09/09 17:40:48 | 000,380,928 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\advdraw.exe
[2007/09/09 17:36:02 | 000,344,064 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Remind.exe
[2007/09/09 17:33:54 | 001,003,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMAppBuilder.dll
[2007/09/09 17:23:22 | 000,602,112 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportPW.dll
[2007/09/09 17:22:48 | 000,262,144 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\LaunchDLL.dll
[2007/09/09 17:22:26 | 000,479,232 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportWSD.dll
[2007/09/09 17:20:10 | 000,561,152 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\UICustomizer.dll
[2007/09/09 17:19:28 | 000,643,072 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImport.dll
[2007/09/09 17:18:28 | 001,462,272 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Framework.dll
[2007/09/09 17:17:06 | 000,022,016 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ImageServer.dll
[2007/07/19 15:07:02 | 003,186,688 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files\cdintf.dll
[2007/07/19 15:07:02 | 000,527,872 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfuamd64.dll
[2007/07/19 15:07:02 | 000,423,373 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfu.dll
[2007/07/19 15:07:02 | 000,389,120 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfuiamd64.dll
[2007/07/19 15:07:02 | 000,370,783 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfui.dll
[2005/11/30 17:06:42 | 000,045,056 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\MSRUN32.EXE
[2005/07/07 19:12:51 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn12n.dll
[2005/07/07 19:12:51 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfcmp12n.dll
[2005/07/07 19:12:51 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdis12n.dll
[2005/07/07 19:12:51 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg12n.dll
[2005/07/07 19:12:51 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpng12n.dll
[2005/07/07 19:12:51 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif12n.dll
[2005/07/07 19:12:51 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil12n.dll
[2005/07/07 19:12:51 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffax12n.dll
[2005/07/07 19:12:51 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwmf12n.dll
[2005/07/07 19:12:51 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps12n.dll
[2005/07/07 19:12:51 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd12n.dll
[2005/07/07 19:12:51 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif12n.dll
[2005/07/07 19:12:51 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp12n.dll
[2005/07/07 19:12:51 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx12n.dll
[2005/07/07 19:12:51 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwpg12n.dll
[2005/07/07 19:12:51 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2005/07/07 18:12:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\pcdlib32.dll
[2005/07/07 18:12:52 | 000,122,880 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\Program Files\ssce4132.dll
[2005/07/07 18:12:52 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,028,672 | ---- | C] ( ) -- C:\Program Files\Interop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,014,848 | ---- | C] ( ) -- C:\Program Files\AxInterop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,007,680 | ---- | C] ( ) -- C:\Program Files\Ti.PMAppBuilder.dll
[2005/07/07 18:12:52 | 000,006,144 | ---- | C] ( ) -- C:\Program Files\Interop.CONNMGRLib.dll
[2005/07/07 18:12:52 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\AxInterop.CONNMGRLib.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 23:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 22:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/03/18 21:05:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2001/09/05 23:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:35 am

========== Files - Modified Within 30 Days ==========

[2010/10/28 19:55:54 | 000,760,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\tqqgk.sys
[2010/10/28 19:55:07 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/28 19:51:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 19:22:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/28 19:19:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/10/28 19:18:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/10/28 19:15:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/28 19:11:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 19:04:15 | 000,442,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/28 19:04:15 | 000,071,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/28 19:02:56 | 066,961,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/28 19:01:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/28 19:00:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/28 18:59:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 18:59:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/26 15:09:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/26 14:58:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/10/26 13:57:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/26 10:29:13 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Odometer Readings.xls
[2010/10/25 20:40:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/25 20:38:08 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/10/25 20:38:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/10/25 19:52:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:43:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/25 18:09:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 18:08:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 18:08:43 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 18:08:34 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 15:19:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/25 14:59:54 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\GLS-PWs.xls
[2010/10/25 14:39:05 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Sales Tax Not Charged.xls
[2010/10/22 20:40:24 | 000,607,408 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/22 12:45:58 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/22 10:29:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/20 10:25:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 12:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 11:51:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:26 | 000,194,270 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:30:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 11:11:34 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 17:37:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Mileage Reimb..xls
[2010/10/07 16:36:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:32 | 000,046,612 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/05 12:59:07 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/03 19:18:52 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:41:11 | 000,009,221 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Letterhead.wpd
[2010/10/01 10:10:38 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/10/01 10:06:40 | 009,240,280 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Harleysville Ins. Policy.zip
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 19:22:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/25 19:52:06 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:09:41 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/10/25 18:09:41 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/10/25 18:09:39 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/10/25 18:09:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/10/25 18:09:36 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/10/25 18:09:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/10/25 18:09:35 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/10/25 18:09:34 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/10/25 18:09:34 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/10/25 18:09:34 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/10/25 18:09:34 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/10/25 18:09:25 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/10/25 18:09:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/10/25 18:09:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/10/25 18:09:22 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/25 18:09:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/25 18:09:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/25 18:09:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/25 18:09:19 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/25 18:09:19 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/25 18:09:18 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/25 18:09:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/25 18:09:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/25 18:09:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/25 18:09:15 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/25 18:09:15 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/25 18:09:15 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/25 18:09:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/25 18:09:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 18:09:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 18:09:01 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 18:08:49 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 18:08:34 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 18:08:20 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 17:42:06 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/25 17:41:52 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/25 17:41:47 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/25 15:12:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/22 10:29:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 11:51:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:23 | 000,194,270 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:04:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 16:36:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:29 | 000,046,612 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/03 19:18:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:09:51 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/09/03 12:44:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JPR.{PB
[2010/09/03 12:44:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JCM.{PB
[2010/09/01 14:38:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 20:42:11 | 000,607,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/17 12:33:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\fusioncache.dat
[2010/01/01 15:53:19 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/03 18:40:19 | 000,001,876 | ---- | C] () -- C:\Program Files\Register Your Software.lnk
[2009/01/18 13:13:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/01/01 18:56:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2009/01/01 18:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2008/07/15 17:17:53 | 000,001,516 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/06 13:28:23 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/06/11 21:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/11 15:38:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 14:56:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\imx32.dll
[2008/05/27 17:40:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/27 17:40:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/27 17:40:22 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/27 17:40:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/27 17:40:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 21:43:55 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 09:35:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fusioncache.dat
[2008/05/16 11:56:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 11:51:55 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/16 11:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/16 11:46:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/16 11:23:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/16 09:57:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\msimp32.dll
[2007/09/09 17:46:40 | 000,008,192 | ---- | C] () -- C:\Program Files\ScrappyText.Glue.dll
[2007/09/09 17:46:08 | 000,012,288 | ---- | C] () -- C:\Program Files\Flip.dll
[2007/09/09 17:45:44 | 000,038,400 | ---- | C] () -- C:\Program Files\HostObjects.dll
[2007/09/09 17:22:34 | 000,438,272 | ---- | C] () -- C:\Program Files\PMUserApp.exe
[2007/09/09 17:04:54 | 001,299,835 | ---- | C] () -- C:\Program Files\SKUResources.dat
[2007/08/31 14:08:30 | 000,032,306 | ---- | C] () -- C:\Program Files\ReadMe.htm
[2007/08/10 15:42:56 | 001,697,287 | ---- | C] () -- C:\Program Files\pmw.chm
[2007/08/07 13:47:04 | 000,038,961 | ---- | C] () -- C:\Program Files\License.rtf
[2007/07/26 16:12:26 | 000,001,597 | ---- | C] () -- C:\Program Files\startup.cfg
[2007/07/19 15:07:02 | 000,139,264 | ---- | C] () -- C:\Program Files\Install.exe
[2007/07/19 15:07:02 | 000,000,048 | ---- | C] () -- C:\Program Files\acfpdf.txt
[2007/07/10 14:42:50 | 000,000,464 | ---- | C] () -- C:\Program Files\MSREG.INI
[2006/05/15 14:50:54 | 000,038,277 | ---- | C] () -- C:\Program Files\PMWSHAPE.bin
[2006/02/17 15:43:44 | 000,024,325 | ---- | C] () -- C:\Program Files\Labels.dat
[2006/02/17 15:43:44 | 000,004,349 | ---- | C] () -- C:\Program Files\Stickers.dat
[2006/02/17 15:43:44 | 000,002,418 | ---- | C] () -- C:\Program Files\HalfCard.dat
[2006/02/17 15:43:44 | 000,001,221 | ---- | C] () -- C:\Program Files\BizCard.dat
[2006/02/17 15:43:44 | 000,000,899 | ---- | C] () -- C:\Program Files\NoteCard.dat
[2006/02/14 15:52:32 | 000,007,255 | ---- | C] () -- C:\Program Files\Photoprj.dat
[2006/02/14 15:52:32 | 000,001,963 | ---- | C] () -- C:\Program Files\PostCard.dat
[2006/02/08 17:31:50 | 000,000,811 | ---- | C] () -- C:\Program Files\ScrapBookPage.dat
[2006/02/07 18:52:00 | 000,046,888 | ---- | C] () -- C:\Program Files\hints.hnt
[2006/02/03 20:44:44 | 000,000,916 | ---- | C] () -- C:\Program Files\FeaturedArt.ini
[2006/02/03 15:18:00 | 000,002,042 | ---- | C] () -- C:\Program Files\envelope.dat
[2006/02/03 15:18:00 | 000,000,557 | ---- | C] () -- C:\Program Files\ironon.dat
[2006/01/24 17:26:18 | 000,018,648 | ---- | C] () -- C:\Program Files\PageLayout.DB
[2006/01/24 17:26:18 | 000,011,264 | ---- | C] () -- C:\Program Files\PageLayout.IDX
[2006/01/24 13:45:28 | 000,022,206 | ---- | C] () -- C:\Program Files\PMW.ico
[2006/01/05 11:41:34 | 000,005,937 | ---- | C] () -- C:\Program Files\Peanut.xml
[2006/01/05 11:41:34 | 000,000,639 | ---- | C] () -- C:\Program Files\miniapps.xml
[2005/11/29 15:55:18 | 000,017,534 | ---- | C] () -- C:\Program Files\crown.ico
[2005/11/29 15:55:18 | 000,000,049 | ---- | C] () -- C:\Program Files\Broderbund
[2005/07/07 18:12:52 | 006,729,715 | ---- | C] () -- C:\Program Files\InterfaceComponents.DB
[2005/07/07 18:12:52 | 000,386,720 | ---- | C] () -- C:\Program Files\MasterColorSets.dat
[2005/07/07 18:12:52 | 000,375,808 | ---- | C] () -- C:\Program Files\reutr300.dat
[2005/07/07 18:12:52 | 000,352,322 | ---- | C] () -- C:\Program Files\pmw.clx
[2005/07/07 18:12:52 | 000,089,655 | ---- | C] () -- C:\Program Files\symbol.otl
[2005/07/07 18:12:52 | 000,081,920 | ---- | C] () -- C:\Program Files\RunPlayer.exe
[2005/07/07 18:12:52 | 000,067,013 | ---- | C] () -- C:\Program Files\pspeprojects.dat
[2005/07/07 18:12:52 | 000,065,294 | ---- | C] () -- C:\Program Files\pmwshape.dat
[2005/07/07 18:12:52 | 000,059,143 | ---- | C] () -- C:\Program Files\MLSSYM.TT
[2005/07/07 18:12:52 | 000,057,344 | ---- | C] () -- C:\Program Files\Interop.MessengerAPI.DLL
[2005/07/07 18:12:52 | 000,055,385 | ---- | C] () -- C:\Program Files\MLSZA.TT
[2005/07/07 18:12:52 | 000,031,744 | ---- | C] () -- C:\Program Files\InterfaceComponents.IDX
[2005/07/07 18:12:52 | 000,011,264 | ---- | C] () -- C:\Program Files\Lists.IDX
[2005/07/07 18:12:52 | 000,008,420 | ---- | C] () -- C:\Program Files\Lists.DB
[2005/07/07 18:12:52 | 000,003,067 | ---- | C] () -- C:\Program Files\sigdup.lay
[2005/07/07 18:12:52 | 000,002,948 | ---- | C] () -- C:\Program Files\bandup.lay
[2005/07/07 18:12:52 | 000,002,874 | ---- | C] () -- C:\Program Files\pmw.wrp
[2005/07/07 18:12:52 | 000,002,849 | ---- | C] () -- C:\Program Files\siggra.lay
[2005/07/07 18:12:52 | 000,002,753 | ---- | C] () -- C:\Program Files\cardup.lay
[2005/07/07 18:12:52 | 000,002,724 | ---- | C] () -- C:\Program Files\caldup.lay
[2005/07/07 18:12:52 | 000,002,656 | ---- | C] () -- C:\Program Files\sigtxt.lay
[2005/07/07 18:12:52 | 000,002,183 | ---- | C] () -- C:\Program Files\cargra.lay
[2005/07/07 18:12:52 | 000,002,172 | ---- | C] () -- C:\Program Files\cartxt.lay
[2005/07/07 18:12:52 | 000,002,037 | ---- | C] () -- C:\Program Files\pmw.clr
[2005/07/07 18:12:52 | 000,001,997 | ---- | C] () -- C:\Program Files\bantxt.lay
[2005/07/07 18:12:52 | 000,001,910 | ---- | C] () -- C:\Program Files\bangra.lay
[2005/07/07 18:12:52 | 000,001,809 | ---- | C] () -- C:\Program Files\calgra.lay
[2005/07/07 18:12:52 | 000,001,648 | ---- | C] () -- C:\Program Files\caltxt.lay
[2005/07/07 18:12:52 | 000,001,576 | ---- | C] () -- C:\Program Files\crafttypes.dat
[2005/07/07 18:12:52 | 000,001,024 | ---- | C] () -- C:\Program Files\netl.pm
[2005/07/07 18:12:52 | 000,000,955 | ---- | C] () -- C:\Program Files\Billy.xml
[2005/07/07 18:12:52 | 000,000,766 | ---- | C] () -- C:\Program Files\HandCursor.cur
[2005/07/07 18:12:52 | 000,000,630 | ---- | C] () -- C:\Program Files\colors.clr
[2005/07/07 18:12:52 | 000,000,147 | ---- | C] () -- C:\Program Files\pmwini.def
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:23 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003080_.tmp.dll
[2004/08/10 13:51:10 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003112_.tmp.dll
[2004/08/10 13:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/10/28 19:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/09/07 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Canon
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/25 18:08:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/10/28 19:19:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/25 18:09:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/10/28 19:18:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/10/26 15:09:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/10/25 18:43:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/10/25 20:38:08 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/10/25 20:38:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2010/10/28 19:55:07 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/28 19:11:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 19:15:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/28 19:00:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

< End of report >

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:59 am

Hi,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - [2010/10/28 19:22:39 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
O20 - HKU\edward_ON_C Winlogon: Shell - (C:\Documents and Settings\edward\Application Data\hotfix.exe) - C:\Documents and Settings\edward\Application Data\hotfix.exe File not found
[2010/10/25 18:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}
[2010/10/25 18:08:36 | 000,760,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\tqqgk.sys
[2010/10/28 19:22:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/28 19:15:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/28 19:11:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2004/08/10 13:51:23 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003080_.tmp.dll
[2004/08/10 13:51:10 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003112_.tmp.dll
[2010/10/28 19:00:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

:Files
C:\WINDOWS\tasks\At*.job

:commands
[emptytemp]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix Thinkpoint. Can't start xp, any mode. Please help. Combofix

Thinkpoint. Can't start xp, any mode. Please help. Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Thinkpoint. Can't start xp, any mode. Please help. Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Thinkpoint. Can't start xp, any mode. Please help. RC_successful

Thinkpoint. Can't start xp, any mode. Please help. RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 4:07 am

Thanks again Sneakyone! I'll have to do this tomorrow as it is 11:00 p.m. here and I can't keep my eyes open, afraid I'll get sloppy and make a mistake. Your help is above and beyond!!! I'll post results tomorrow.

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 1:54 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 deleted successfully.
C:\WINDOWS\system32\6to4v32.dll moved successfully.
Registry value HKEY_USERS\edward_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\edward\Application Data\hotfix.exe deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\chrome\content folder moved successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\chrome folder moved successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3} folder moved successfully.
C:\WINDOWS\system32\drivers\tqqgk.sys moved successfully.
File C:\WINDOWS\System32\6to4v32.dll not found.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\system32\_003080_.tmp.dll moved successfully.
C:\WINDOWS\system32\_003112_.tmp.dll moved successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: ann
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: edward
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 242688 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1125538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28225774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 28.00 mb

OTLPE by OldTimer - Version 3.1.43.0 log created on 10292010_105204

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 2:46 pm

Hi, thanks for all the help so far. When I try to install Combofix (Commy.exe), I get an error message, "some files could not be created" restart computer. I also can not find the firewall or AVG running, but have no way of checking to make sure it's off, as there is no icon on the taskbar. Please advise as I may be doing something wrong. Thanks!

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 4:36 pm

Hi,

Thinkpoint. Can't start xp, any mode. Please help. Bf_new

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 4:51 pm

Hi Sneakyone! I've restarted the computer a number of times trying to get combofix to install, now I seem to be back to square one. I did another OTL scan, please advise:

OTL logfile created on: 10/29/2010 12:39:24 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 77.75 Gb Free Space | 69.61% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 16:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/30 18:36:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 18:36:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\edward_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/21 20:18:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{59EDC053-1427-4A77-8583-9C9B343F73B3}: C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 18:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 18:51:08 | 000,000,000 | ---D | M]

[2010/10/25 16:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/24 07:52:18 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\edward_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} http://www.dvrstation.com/pdvratl.cab (PdvrOcx Class)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 12:15:21 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/29 11:35:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 11:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\New Folder
[2010/10/29 10:52:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/10/26 14:52:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/10/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Malwarebytes
[2010/10/26 13:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/26 13:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/26 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 13:56:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/25 20:49:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/10/25 20:35:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\edward\Recent
[2010/10/25 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 15:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Laundry 10-22-10
[2010/10/19 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Customers Porcessed in Little Rock
[2010/10/16 11:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\DivX
[2010/10/16 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\War Eagle Mill and Craft Fair 10-14-10
[2010/10/03 12:10:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/10/01 10:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Info. for Insurance Co
[2007/09/09 17:46:44 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Controllers.dll
[2007/09/09 17:46:42 | 000,229,376 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Billy.dll
[2007/09/09 17:46:42 | 000,208,896 | ---- | C] ( ) -- C:\Program Files\ti.jazzie.dll
[2007/09/09 17:46:42 | 000,163,840 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\ScrappyText.dll
[2007/09/09 17:46:42 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.HostInterface.exe
[2007/09/09 17:46:40 | 000,851,968 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.dll
[2007/09/09 17:46:40 | 000,049,152 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Gracie.dll
[2007/09/09 17:46:40 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.dll
[2007/09/09 17:46:38 | 000,466,944 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Georgia.dll
[2007/09/09 17:46:38 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.Res.dll
[2007/09/09 17:46:38 | 000,086,016 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\ps20resources.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\pmwresources.dll
[2007/09/09 17:46:28 | 000,081,920 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Rescue.exe
[2007/09/09 17:46:28 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.dll
[2007/09/09 17:46:26 | 000,126,976 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Aardvark.dll
[2007/09/09 17:46:26 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.dll
[2007/09/09 17:46:26 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.Dispatch.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.Target.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Target.dll
[2007/09/09 17:46:24 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Beast.ICs.dll
[2007/09/09 17:46:24 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.IC.dll
[2007/09/09 17:46:24 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.IC.dll
[2007/09/09 17:46:22 | 000,073,728 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.dll
[2007/09/09 17:46:22 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.dll
[2007/09/09 17:46:22 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\CustomControlsLib.dll
[2007/09/09 17:46:22 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.dll
[2007/09/09 17:46:22 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\PlatformUtils.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.ICs.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\IC.dll
[2007/09/09 17:46:22 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\RainMan.dll
[2007/09/09 17:46:20 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Framework.dll
[2007/09/09 17:46:10 | 000,006,656 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Win32UI.dll
[2007/09/09 17:45:36 | 000,069,632 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\GreenleafArchiveLib.dll
[2007/09/09 17:45:34 | 000,041,984 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.ZLibWrapper.dll
[2007/09/09 17:45:32 | 000,011,776 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.DriveInfo.dll
[2007/09/09 17:44:40 | 006,541,312 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMW.exe
[2007/09/09 17:42:30 | 009,707,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\pmwres32.dll
[2007/09/09 17:42:24 | 000,114,688 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ConnMgr.dll
[2007/09/09 17:42:18 | 000,061,440 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AboutBoxdll.dll
[2007/09/09 17:41:44 | 000,040,960 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\CustToolbar.dll
[2007/09/09 17:41:40 | 000,155,648 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\border.dll
[2007/09/09 17:41:34 | 000,303,104 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PSToolbar.dll
[2007/09/09 17:41:16 | 000,057,344 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AccessAB.dll
[2007/09/09 17:41:12 | 000,021,504 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Thesaurus.dll
[2007/09/09 17:40:50 | 000,098,304 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMWTrueType.dll
[2007/09/09 17:40:48 | 000,380,928 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\advdraw.exe
[2007/09/09 17:36:02 | 000,344,064 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Remind.exe
[2007/09/09 17:33:54 | 001,003,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMAppBuilder.dll
[2007/09/09 17:23:22 | 000,602,112 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportPW.dll
[2007/09/09 17:22:48 | 000,262,144 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\LaunchDLL.dll
[2007/09/09 17:22:26 | 000,479,232 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportWSD.dll
[2007/09/09 17:20:10 | 000,561,152 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\UICustomizer.dll
[2007/09/09 17:19:28 | 000,643,072 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImport.dll
[2007/09/09 17:18:28 | 001,462,272 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Framework.dll
[2007/09/09 17:17:06 | 000,022,016 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ImageServer.dll
[2007/07/19 15:07:02 | 003,186,688 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files\cdintf.dll
[2007/07/19 15:07:02 | 000,527,872 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfuamd64.dll
[2007/07/19 15:07:02 | 000,423,373 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfu.dll
[2007/07/19 15:07:02 | 000,389,120 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfuiamd64.dll
[2007/07/19 15:07:02 | 000,370,783 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfui.dll
[2005/11/30 17:06:42 | 000,045,056 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\MSRUN32.EXE
[2005/07/07 19:12:51 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn12n.dll
[2005/07/07 19:12:51 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfcmp12n.dll
[2005/07/07 19:12:51 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdis12n.dll
[2005/07/07 19:12:51 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg12n.dll
[2005/07/07 19:12:51 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpng12n.dll
[2005/07/07 19:12:51 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif12n.dll
[2005/07/07 19:12:51 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil12n.dll
[2005/07/07 19:12:51 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffax12n.dll
[2005/07/07 19:12:51 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwmf12n.dll
[2005/07/07 19:12:51 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps12n.dll
[2005/07/07 19:12:51 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd12n.dll
[2005/07/07 19:12:51 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif12n.dll
[2005/07/07 19:12:51 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp12n.dll
[2005/07/07 19:12:51 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx12n.dll
[2005/07/07 19:12:51 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwpg12n.dll
[2005/07/07 19:12:51 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2005/07/07 18:12:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\pcdlib32.dll
[2005/07/07 18:12:52 | 000,122,880 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\Program Files\ssce4132.dll
[2005/07/07 18:12:52 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,028,672 | ---- | C] ( ) -- C:\Program Files\Interop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,014,848 | ---- | C] ( ) -- C:\Program Files\AxInterop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,007,680 | ---- | C] ( ) -- C:\Program Files\Ti.PMAppBuilder.dll
[2005/07/07 18:12:52 | 000,006,144 | ---- | C] ( ) -- C:\Program Files\Interop.CONNMGRLib.dll
[2005/07/07 18:12:52 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\AxInterop.CONNMGRLib.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 23:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 22:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/03/18 21:05:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2001/09/05 23:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll

========== Files - Modified Within 30 Days ==========

[2010/10/29 12:30:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/29 12:27:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 12:13:42 | 003,894,257 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/29 11:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 11:53:57 | 000,442,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/29 11:53:57 | 000,071,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 11:49:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/29 11:49:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 11:49:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 19:02:56 | 066,961,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/26 13:57:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/26 10:29:13 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Odometer Readings.xls
[2010/10/25 20:40:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/25 19:52:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:08:43 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 18:08:34 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 15:19:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/25 14:59:54 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\GLS-PWs.xls
[2010/10/25 14:39:05 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Sales Tax Not Charged.xls
[2010/10/22 20:40:24 | 000,607,408 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/22 12:45:58 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/22 10:29:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/20 10:25:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 12:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 11:51:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:26 | 000,194,270 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:30:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 11:11:34 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 17:37:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Mileage Reimb..xls
[2010/10/07 16:36:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:32 | 000,046,612 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/05 12:59:07 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/03 19:18:52 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:41:11 | 000,009,221 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Letterhead.wpd
[2010/10/01 10:10:38 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/10/01 10:06:40 | 009,240,280 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Harleysville Ins. Policy.zip

========== Files Created - No Company Name ==========

[2010/10/29 12:14:45 | 003,894,257 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/25 19:52:06 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:08:34 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 18:08:20 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 15:12:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/22 10:29:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 11:51:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:23 | 000,194,270 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:04:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 16:36:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:29 | 000,046,612 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/03 19:18:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:09:51 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/09/03 12:44:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JPR.{PB
[2010/09/03 12:44:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JCM.{PB
[2010/09/01 14:38:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 20:42:11 | 000,607,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/17 12:33:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\fusioncache.dat
[2010/01/01 15:53:19 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/03 18:40:19 | 000,001,876 | ---- | C] () -- C:\Program Files\Register Your Software.lnk
[2009/01/18 13:13:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/01/01 18:56:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2009/01/01 18:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2008/07/15 17:17:53 | 000,001,516 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/06 13:28:23 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/06/11 21:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/11 15:38:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 14:56:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\imx32.dll
[2008/05/27 17:40:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/27 17:40:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/27 17:40:22 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/27 17:40:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/27 17:40:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 21:43:55 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 09:35:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fusioncache.dat
[2008/05/16 11:56:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 11:51:55 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/16 11:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/16 11:46:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/16 11:23:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/16 09:57:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\msimp32.dll
[2007/09/09 17:46:40 | 000,008,192 | ---- | C] () -- C:\Program Files\ScrappyText.Glue.dll
[2007/09/09 17:46:08 | 000,012,288 | ---- | C] () -- C:\Program Files\Flip.dll
[2007/09/09 17:45:44 | 000,038,400 | ---- | C] () -- C:\Program Files\HostObjects.dll
[2007/09/09 17:22:34 | 000,438,272 | ---- | C] () -- C:\Program Files\PMUserApp.exe
[2007/09/09 17:04:54 | 001,299,835 | ---- | C] () -- C:\Program Files\SKUResources.dat
[2007/08/31 14:08:30 | 000,032,306 | ---- | C] () -- C:\Program Files\ReadMe.htm
[2007/08/10 15:42:56 | 001,697,287 | ---- | C] () -- C:\Program Files\pmw.chm
[2007/08/07 13:47:04 | 000,038,961 | ---- | C] () -- C:\Program Files\License.rtf
[2007/07/26 16:12:26 | 000,001,597 | ---- | C] () -- C:\Program Files\startup.cfg
[2007/07/19 15:07:02 | 000,139,264 | ---- | C] () -- C:\Program Files\Install.exe
[2007/07/19 15:07:02 | 000,000,048 | ---- | C] () -- C:\Program Files\acfpdf.txt
[2007/07/10 14:42:50 | 000,000,464 | ---- | C] () -- C:\Program Files\MSREG.INI
[2006/05/15 14:50:54 | 000,038,277 | ---- | C] () -- C:\Program Files\PMWSHAPE.bin
[2006/02/17 15:43:44 | 000,024,325 | ---- | C] () -- C:\Program Files\Labels.dat
[2006/02/17 15:43:44 | 000,004,349 | ---- | C] () -- C:\Program Files\Stickers.dat
[2006/02/17 15:43:44 | 000,002,418 | ---- | C] () -- C:\Program Files\HalfCard.dat
[2006/02/17 15:43:44 | 000,001,221 | ---- | C] () -- C:\Program Files\BizCard.dat
[2006/02/17 15:43:44 | 000,000,899 | ---- | C] () -- C:\Program Files\NoteCard.dat
[2006/02/14 15:52:32 | 000,007,255 | ---- | C] () -- C:\Program Files\Photoprj.dat
[2006/02/14 15:52:32 | 000,001,963 | ---- | C] () -- C:\Program Files\PostCard.dat
[2006/02/08 17:31:50 | 000,000,811 | ---- | C] () -- C:\Program Files\ScrapBookPage.dat
[2006/02/07 18:52:00 | 000,046,888 | ---- | C] () -- C:\Program Files\hints.hnt
[2006/02/03 20:44:44 | 000,000,916 | ---- | C] () -- C:\Program Files\FeaturedArt.ini
[2006/02/03 15:18:00 | 000,002,042 | ---- | C] () -- C:\Program Files\envelope.dat
[2006/02/03 15:18:00 | 000,000,557 | ---- | C] () -- C:\Program Files\ironon.dat
[2006/01/24 17:26:18 | 000,018,648 | ---- | C] () -- C:\Program Files\PageLayout.DB
[2006/01/24 17:26:18 | 000,011,264 | ---- | C] () -- C:\Program Files\PageLayout.IDX
[2006/01/24 13:45:28 | 000,022,206 | ---- | C] () -- C:\Program Files\PMW.ico
[2006/01/05 11:41:34 | 000,005,937 | ---- | C] () -- C:\Program Files\Peanut.xml
[2006/01/05 11:41:34 | 000,000,639 | ---- | C] () -- C:\Program Files\miniapps.xml
[2005/11/29 15:55:18 | 000,017,534 | ---- | C] () -- C:\Program Files\crown.ico
[2005/11/29 15:55:18 | 000,000,049 | ---- | C] () -- C:\Program Files\Broderbund
[2005/07/07 18:12:52 | 006,729,715 | ---- | C] () -- C:\Program Files\InterfaceComponents.DB
[2005/07/07 18:12:52 | 000,386,720 | ---- | C] () -- C:\Program Files\MasterColorSets.dat
[2005/07/07 18:12:52 | 000,375,808 | ---- | C] () -- C:\Program Files\reutr300.dat
[2005/07/07 18:12:52 | 000,352,322 | ---- | C] () -- C:\Program Files\pmw.clx
[2005/07/07 18:12:52 | 000,089,655 | ---- | C] () -- C:\Program Files\symbol.otl
[2005/07/07 18:12:52 | 000,081,920 | ---- | C] () -- C:\Program Files\RunPlayer.exe
[2005/07/07 18:12:52 | 000,067,013 | ---- | C] () -- C:\Program Files\pspeprojects.dat
[2005/07/07 18:12:52 | 000,065,294 | ---- | C] () -- C:\Program Files\pmwshape.dat
[2005/07/07 18:12:52 | 000,059,143 | ---- | C] () -- C:\Program Files\MLSSYM.TT
[2005/07/07 18:12:52 | 000,057,344 | ---- | C] () -- C:\Program Files\Interop.MessengerAPI.DLL
[2005/07/07 18:12:52 | 000,055,385 | ---- | C] () -- C:\Program Files\MLSZA.TT
[2005/07/07 18:12:52 | 000,031,744 | ---- | C] () -- C:\Program Files\InterfaceComponents.IDX
[2005/07/07 18:12:52 | 000,011,264 | ---- | C] () -- C:\Program Files\Lists.IDX
[2005/07/07 18:12:52 | 000,008,420 | ---- | C] () -- C:\Program Files\Lists.DB
[2005/07/07 18:12:52 | 000,003,067 | ---- | C] () -- C:\Program Files\sigdup.lay
[2005/07/07 18:12:52 | 000,002,948 | ---- | C] () -- C:\Program Files\bandup.lay
[2005/07/07 18:12:52 | 000,002,874 | ---- | C] () -- C:\Program Files\pmw.wrp
[2005/07/07 18:12:52 | 000,002,849 | ---- | C] () -- C:\Program Files\siggra.lay
[2005/07/07 18:12:52 | 000,002,753 | ---- | C] () -- C:\Program Files\cardup.lay
[2005/07/07 18:12:52 | 000,002,724 | ---- | C] () -- C:\Program Files\caldup.lay
[2005/07/07 18:12:52 | 000,002,656 | ---- | C] () -- C:\Program Files\sigtxt.lay
[2005/07/07 18:12:52 | 000,002,183 | ---- | C] () -- C:\Program Files\cargra.lay
[2005/07/07 18:12:52 | 000,002,172 | ---- | C] () -- C:\Program Files\cartxt.lay
[2005/07/07 18:12:52 | 000,002,037 | ---- | C] () -- C:\Program Files\pmw.clr
[2005/07/07 18:12:52 | 000,001,997 | ---- | C] () -- C:\Program Files\bantxt.lay
[2005/07/07 18:12:52 | 000,001,910 | ---- | C] () -- C:\Program Files\bangra.lay
[2005/07/07 18:12:52 | 000,001,809 | ---- | C] () -- C:\Program Files\calgra.lay
[2005/07/07 18:12:52 | 000,001,648 | ---- | C] () -- C:\Program Files\caltxt.lay
[2005/07/07 18:12:52 | 000,001,576 | ---- | C] () -- C:\Program Files\crafttypes.dat
[2005/07/07 18:12:52 | 000,001,024 | ---- | C] () -- C:\Program Files\netl.pm
[2005/07/07 18:12:52 | 000,000,955 | ---- | C] () -- C:\Program Files\Billy.xml
[2005/07/07 18:12:52 | 000,000,766 | ---- | C] () -- C:\Program Files\HandCursor.cur
[2005/07/07 18:12:52 | 000,000,630 | ---- | C] () -- C:\Program Files\colors.clr
[2005/07/07 18:12:52 | 000,000,147 | ---- | C] () -- C:\Program Files\pmwini.def
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/10/29 12:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/09/07 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Canon
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/29 12:30:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

Re: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 8:55 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Re: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 1:38 am

Hi, log file from Malwarebytes, please advise:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4980

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/29/2010 8:28:08 PM
mbam-log-2010-10-29 (20-28-08).txt

Scan type: Quick scan
Objects scanned: 158178
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\edward\Application Data\Bitrix Security\podzce.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\2L4NOI3W05 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\ScrappyText.Glue.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\edward\Application Data\Bitrix Security\podzce.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Flip.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\HostObjects.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Interop.MessengerAPI.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\ScrappyText.Glue.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

Re: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 4:47 am

Hi,
I ran Malwarebytes again and it shows 0 malware. I still have a window pop up every now and then telling me I need to get new anti-virus software, seems like remnants of the trojan. I also get a message that "Generic Host Process for Win32" crashes. Other oddball things like sometimes after booting there's no sound, sometimes it won't boot up at all, sometimes a window that's open will crash, etc. Thanks for your assistance so far, it definitely is a lot better than when we started!
Ed

Re: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 3:32 pm

Hi,

Please run a free online scan with ESET Online Scanner by downloading it from 'here' and save it to your Desktop.

Please ensure that you're logged into an Administrator account before running the scanner. The ESET Online Scanner will not work if you're on a limited account.
Double-click esetsmartinstaller_enu.exe to execute the program.
Check the box next to 'YES, I accept the Terms of Use'. Press 'Start'.
If this is your first time installing the scanner, allow the ActiveX Control to install.
Database download may take some time.
On the next page, ensure the box next to 'Remove found threads' has been checked. Also ensure that the box next to 'Scan unwanted applications' is checked. Proceed by clicking on 'Start'.
- The ESET Online Scanner will update the Virus Signature Database and begin the scan.
- Please allow it to complete successfully and ensure that any current downloads are stopped.
Once the scan's completed, please open 'Notepad' by navigating to 'Start', then 'Run', and type in 'Notepad'. Open the file located at 'C:\Program Files\ESET\ESET Online Scanner\log.txt'.
Please Copy & Paste this log into your next reply.
Press 'Finish'.

Re: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 5:43 pm

Hi Sneakyone!
Here is the log file from ESET scan:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5bdc943be3615c41ab39bd71caef5e13
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-30 04:19:18
# local_time=2010-10-30 11:19:18 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 76617357 76617357 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5bdc943be3615c41ab39bd71caef5e13
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-30 05:41:00
# local_time=2010-10-30 12:41:00 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 76618032 76618032 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=69196
# found=5
# cleaned=5
# scan_time=4248
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\fixmsmss.dll a variant of Win32/Kryptik.HTA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ujifapiti.dll a variant of Win32/Cimag.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fixmsmss.dll a variant of Win32/Kryptik.HTA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10292010_105204\C_WINDOWS\system32\drivers\tqqgk.sys a variant of Win32/Bubnix.BE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: Thinkpoint. Can't start xp, any mode. Please help.31st October 2010, 2:50 pm

Hi,

How is your computer running now?

Re: Thinkpoint. Can't start xp, any mode. Please help.31st October 2010, 7:13 pm

Hi Sneakyone,
Thanks again for ALL your help! Computer is running a little slow. I still get a pop-up tab in Firefox that I have to "Ok" to get it closed. After about 5 or 10 minutes of being on, I get the "Generic Host Process for Win32 Services has Encountered a problem and needs to close" warning. So it seems like there's still a piece hidden somewhere.
Thanks,
Ed

Re: Thinkpoint. Can't start xp, any mode. Please help.31st October 2010, 11:14 pm

Hi,

Please run ComboFix again and post the log here.

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 12:46 am

Hi Sneakyone,
I still can't run Combofix. When I try to open it I get the same error message I got before "Some files could not be created. Please close all applications, reboot Windows and restart the installation" I tried Combofix on another computer and it worked just fine.
Thanks,
Ed

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 2:30 am

Hi,

Please run OTL again and post the logs here.

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 3:26 am

Hi Sneakyone,
Thanks again. Here is the OTL log:

OTL logfile created on: 10/31/2010 10:45:33 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 77.21 Gb Free Space | 69.13% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 16:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/30 18:36:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 18:36:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\wmcrbq.sys -- (xjxtiyc)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (tqqgk)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\upcavq.sys -- (mmfik)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/11/29 16:23:17 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/30 18:36:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/30 18:36:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/02 18:06:31 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/30 21:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 15:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/09 05:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/05/23 15:07:28 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2007/04/23 22:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/23 22:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/25 11:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/10/14 23:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/26 14:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2003/09/20 10:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\edward_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/21 20:18:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 18:31:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 23:32:29 | 000,000,000 | ---D | M]

[2010/10/31 15:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/24 07:52:18 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\edward_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} http://www.dvrstation.com/pdvratl.cab (PdvrOcx Class)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 21:48:38 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/31 18:36:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\edward\Recent
[2010/10/30 12:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/30 11:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/29 11:35:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 10:52:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/10/26 14:52:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/10/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Malwarebytes
[2010/10/26 13:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/26 13:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/26 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 20:49:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/10/25 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 15:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Laundry 10-22-10
[2010/10/19 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Customers Porcessed in Little Rock
[2010/10/16 11:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\DivX
[2010/10/16 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\War Eagle Mill and Craft Fair 10-14-10
[2010/10/03 12:10:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2007/09/09 17:46:44 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Controllers.dll
[2007/09/09 17:46:42 | 000,229,376 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Billy.dll
[2007/09/09 17:46:42 | 000,208,896 | ---- | C] ( ) -- C:\Program Files\ti.jazzie.dll
[2007/09/09 17:46:42 | 000,163,840 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\ScrappyText.dll
[2007/09/09 17:46:42 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.HostInterface.exe
[2007/09/09 17:46:40 | 000,851,968 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.dll
[2007/09/09 17:46:40 | 000,049,152 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Gracie.dll
[2007/09/09 17:46:40 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.dll
[2007/09/09 17:46:38 | 000,466,944 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Georgia.dll
[2007/09/09 17:46:38 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.Res.dll
[2007/09/09 17:46:38 | 000,086,016 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\ps20resources.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\pmwresources.dll
[2007/09/09 17:46:28 | 000,081,920 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Rescue.exe
[2007/09/09 17:46:28 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.dll
[2007/09/09 17:46:26 | 000,126,976 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Aardvark.dll
[2007/09/09 17:46:26 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.dll
[2007/09/09 17:46:26 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.Dispatch.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.Target.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Target.dll
[2007/09/09 17:46:24 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Beast.ICs.dll
[2007/09/09 17:46:24 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.IC.dll
[2007/09/09 17:46:24 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.IC.dll
[2007/09/09 17:46:22 | 000,073,728 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.dll
[2007/09/09 17:46:22 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.dll
[2007/09/09 17:46:22 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\CustomControlsLib.dll
[2007/09/09 17:46:22 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.dll
[2007/09/09 17:46:22 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\PlatformUtils.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.ICs.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\IC.dll
[2007/09/09 17:46:22 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\RainMan.dll
[2007/09/09 17:46:20 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Framework.dll
[2007/09/09 17:46:10 | 000,006,656 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Win32UI.dll
[2007/09/09 17:45:36 | 000,069,632 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\GreenleafArchiveLib.dll
[2007/09/09 17:45:34 | 000,041,984 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.ZLibWrapper.dll
[2007/09/09 17:45:32 | 000,011,776 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.DriveInfo.dll
[2007/09/09 17:44:40 | 006,541,312 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMW.exe
[2007/09/09 17:42:30 | 009,707,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\pmwres32.dll
[2007/09/09 17:42:24 | 000,114,688 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ConnMgr.dll
[2007/09/09 17:42:18 | 000,061,440 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AboutBoxdll.dll
[2007/09/09 17:41:44 | 000,040,960 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\CustToolbar.dll
[2007/09/09 17:41:40 | 000,155,648 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\border.dll
[2007/09/09 17:41:34 | 000,303,104 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PSToolbar.dll
[2007/09/09 17:41:16 | 000,057,344 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AccessAB.dll
[2007/09/09 17:41:12 | 000,021,504 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Thesaurus.dll
[2007/09/09 17:40:50 | 000,098,304 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMWTrueType.dll
[2007/09/09 17:40:48 | 000,380,928 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\advdraw.exe
[2007/09/09 17:36:02 | 000,344,064 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Remind.exe
[2007/09/09 17:33:54 | 001,003,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMAppBuilder.dll
[2007/09/09 17:23:22 | 000,602,112 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportPW.dll
[2007/09/09 17:22:48 | 000,262,144 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\LaunchDLL.dll
[2007/09/09 17:22:26 | 000,479,232 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportWSD.dll
[2007/09/09 17:20:10 | 000,561,152 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\UICustomizer.dll
[2007/09/09 17:19:28 | 000,643,072 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImport.dll
[2007/09/09 17:18:28 | 001,462,272 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Framework.dll
[2007/09/09 17:17:06 | 000,022,016 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ImageServer.dll
[2007/07/19 15:07:02 | 003,186,688 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files\cdintf.dll
[2007/07/19 15:07:02 | 000,527,872 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfuamd64.dll
[2007/07/19 15:07:02 | 000,423,373 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfu.dll
[2007/07/19 15:07:02 | 000,389,120 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfuiamd64.dll
[2007/07/19 15:07:02 | 000,370,783 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files\acfpdfui.dll
[2005/11/30 17:06:42 | 000,045,056 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\MSRUN32.EXE
[2005/07/07 19:12:51 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn12n.dll
[2005/07/07 19:12:51 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfcmp12n.dll
[2005/07/07 19:12:51 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdis12n.dll
[2005/07/07 19:12:51 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg12n.dll
[2005/07/07 19:12:51 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpng12n.dll
[2005/07/07 19:12:51 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif12n.dll
[2005/07/07 19:12:51 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil12n.dll
[2005/07/07 19:12:51 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffax12n.dll
[2005/07/07 19:12:51 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwmf12n.dll
[2005/07/07 19:12:51 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps12n.dll
[2005/07/07 19:12:51 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd12n.dll
[2005/07/07 19:12:51 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif12n.dll
[2005/07/07 19:12:51 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp12n.dll
[2005/07/07 19:12:51 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx12n.dll
[2005/07/07 19:12:51 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwpg12n.dll
[2005/07/07 19:12:51 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2005/07/07 18:12:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\pcdlib32.dll
[2005/07/07 18:12:52 | 000,122,880 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\Program Files\ssce4132.dll
[2005/07/07 18:12:52 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,028,672 | ---- | C] ( ) -- C:\Program Files\Interop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,014,848 | ---- | C] ( ) -- C:\Program Files\AxInterop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,007,680 | ---- | C] ( ) -- C:\Program Files\Ti.PMAppBuilder.dll
[2005/07/07 18:12:52 | 000,006,144 | ---- | C] ( ) -- C:\Program Files\Interop.CONNMGRLib.dll
[2005/07/07 18:12:52 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\AxInterop.CONNMGRLib.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 23:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 22:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/03/18 21:05:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2001/09/05 23:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll

========== Files - Modified Within 30 Days ==========

[2010/10/31 21:51:22 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 21:51:22 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 21:50:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/31 21:47:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 20:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:37:58 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/31 20:37:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/31 20:00:08 | 000,607,408 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/31 19:23:17 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\AMX Log.xls
[2010/10/31 17:33:48 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/10/31 17:27:37 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Sales Tax Not Charged.xls
[2010/10/31 14:57:13 | 067,040,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/31 14:53:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/30 00:05:47 | 000,001,194 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101029_230543.reg
[2010/10/29 09:43:14 | 003,894,304 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/26 10:29:13 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Odometer Readings.xls
[2010/10/25 20:40:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/25 19:52:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 15:19:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/25 14:59:54 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\GLS-PWs.xls
[2010/10/22 12:45:58 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/22 10:29:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 12:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 11:51:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:26 | 000,194,270 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:30:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 11:11:34 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 17:37:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Mileage Reimb..xls
[2010/10/07 16:36:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:32 | 000,046,612 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/05 12:59:07 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/03 19:18:52 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc

========== Files Created - No Company Name ==========

[2010/10/31 20:06:01 | 003,894,304 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/30 00:05:45 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101029_230543.reg
[2010/10/25 19:52:06 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 15:12:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/22 10:29:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 11:51:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:23 | 000,194,270 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:04:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 16:36:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:29 | 000,046,612 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/03 19:18:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/09/03 12:44:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JPR.{PB
[2010/09/03 12:44:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JCM.{PB
[2010/09/01 14:38:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 20:42:11 | 000,607,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/17 12:33:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\fusioncache.dat
[2010/01/01 15:53:19 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/03 18:40:19 | 000,001,876 | ---- | C] () -- C:\Program Files\Register Your Software.lnk
[2009/01/18 13:13:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/01/01 18:56:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2009/01/01 18:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2008/07/15 17:17:53 | 000,001,516 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/06 13:28:23 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/06/11 21:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/11 15:38:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 14:56:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\imx32.dll
[2008/05/27 17:40:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/27 17:40:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/27 17:40:22 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/27 17:40:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/27 17:40:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 21:43:55 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 09:35:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fusioncache.dat
[2008/05/16 11:56:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 11:51:55 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/16 11:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/16 11:46:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/16 11:23:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/16 09:57:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\msimp32.dll
[2007/09/09 17:22:34 | 000,438,272 | ---- | C] () -- C:\Program Files\PMUserApp.exe
[2007/09/09 17:04:54 | 001,299,835 | ---- | C] () -- C:\Program Files\SKUResources.dat
[2007/08/31 14:08:30 | 000,032,306 | ---- | C] () -- C:\Program Files\ReadMe.htm
[2007/08/10 15:42:56 | 001,697,287 | ---- | C] () -- C:\Program Files\pmw.chm
[2007/08/07 13:47:04 | 000,038,961 | ---- | C] () -- C:\Program Files\License.rtf
[2007/07/26 16:12:26 | 000,001,597 | ---- | C] () -- C:\Program Files\startup.cfg
[2007/07/19 15:07:02 | 000,139,264 | ---- | C] () -- C:\Program Files\Install.exe
[2007/07/19 15:07:02 | 000,000,048 | ---- | C] () -- C:\Program Files\acfpdf.txt
[2007/07/10 14:42:50 | 000,000,464 | ---- | C] () -- C:\Program Files\MSREG.INI
[2006/05/15 14:50:54 | 000,038,277 | ---- | C] () -- C:\Program Files\PMWSHAPE.bin
[2006/02/17 15:43:44 | 000,024,325 | ---- | C] () -- C:\Program Files\Labels.dat
[2006/02/17 15:43:44 | 000,004,349 | ---- | C] () -- C:\Program Files\Stickers.dat
[2006/02/17 15:43:44 | 000,002,418 | ---- | C] () -- C:\Program Files\HalfCard.dat
[2006/02/17 15:43:44 | 000,001,221 | ---- | C] () -- C:\Program Files\BizCard.dat
[2006/02/17 15:43:44 | 000,000,899 | ---- | C] () -- C:\Program Files\NoteCard.dat
[2006/02/14 15:52:32 | 000,007,255 | ---- | C] () -- C:\Program Files\Photoprj.dat
[2006/02/14 15:52:32 | 000,001,963 | ---- | C] () -- C:\Program Files\PostCard.dat
[2006/02/08 17:31:50 | 000,000,811 | ---- | C] () -- C:\Program Files\ScrapBookPage.dat
[2006/02/07 18:52:00 | 000,046,888 | ---- | C] () -- C:\Program Files\hints.hnt
[2006/02/03 20:44:44 | 000,000,916 | ---- | C] () -- C:\Program Files\FeaturedArt.ini
[2006/02/03 15:18:00 | 000,002,042 | ---- | C] () -- C:\Program Files\envelope.dat
[2006/02/03 15:18:00 | 000,000,557 | ---- | C] () -- C:\Program Files\ironon.dat
[2006/01/24 17:26:18 | 000,018,648 | ---- | C] () -- C:\Program Files\PageLayout.DB
[2006/01/24 17:26:18 | 000,011,264 | ---- | C] () -- C:\Program Files\PageLayout.IDX
[2006/01/24 13:45:28 | 000,022,206 | ---- | C] () -- C:\Program Files\PMW.ico
[2006/01/05 11:41:34 | 000,005,937 | ---- | C] () -- C:\Program Files\Peanut.xml
[2006/01/05 11:41:34 | 000,000,639 | ---- | C] () -- C:\Program Files\miniapps.xml
[2005/11/29 15:55:18 | 000,017,534 | ---- | C] () -- C:\Program Files\crown.ico
[2005/11/29 15:55:18 | 000,000,049 | ---- | C] () -- C:\Program Files\Broderbund
[2005/07/07 18:12:52 | 006,729,715 | ---- | C] () -- C:\Program Files\InterfaceComponents.DB
[2005/07/07 18:12:52 | 000,386,720 | ---- | C] () -- C:\Program Files\MasterColorSets.dat
[2005/07/07 18:12:52 | 000,375,808 | ---- | C] () -- C:\Program Files\reutr300.dat
[2005/07/07 18:12:52 | 000,352,322 | ---- | C] () -- C:\Program Files\pmw.clx
[2005/07/07 18:12:52 | 000,089,655 | ---- | C] () -- C:\Program Files\symbol.otl
[2005/07/07 18:12:52 | 000,081,920 | ---- | C] () -- C:\Program Files\RunPlayer.exe
[2005/07/07 18:12:52 | 000,067,013 | ---- | C] () -- C:\Program Files\pspeprojects.dat
[2005/07/07 18:12:52 | 000,065,294 | ---- | C] () -- C:\Program Files\pmwshape.dat
[2005/07/07 18:12:52 | 000,059,143 | ---- | C] () -- C:\Program Files\MLSSYM.TT
[2005/07/07 18:12:52 | 000,055,385 | ---- | C] () -- C:\Program Files\MLSZA.TT
[2005/07/07 18:12:52 | 000,031,744 | ---- | C] () -- C:\Program Files\InterfaceComponents.IDX
[2005/07/07 18:12:52 | 000,011,264 | ---- | C] () -- C:\Program Files\Lists.IDX
[2005/07/07 18:12:52 | 000,008,420 | ---- | C] () -- C:\Program Files\Lists.DB
[2005/07/07 18:12:52 | 000,003,067 | ---- | C] () -- C:\Program Files\sigdup.lay
[2005/07/07 18:12:52 | 000,002,948 | ---- | C] () -- C:\Program Files\bandup.lay
[2005/07/07 18:12:52 | 000,002,874 | ---- | C] () -- C:\Program Files\pmw.wrp
[2005/07/07 18:12:52 | 000,002,849 | ---- | C] () -- C:\Program Files\siggra.lay
[2005/07/07 18:12:52 | 000,002,753 | ---- | C] () -- C:\Program Files\cardup.lay
[2005/07/07 18:12:52 | 000,002,724 | ---- | C] () -- C:\Program Files\caldup.lay
[2005/07/07 18:12:52 | 000,002,656 | ---- | C] () -- C:\Program Files\sigtxt.lay
[2005/07/07 18:12:52 | 000,002,183 | ---- | C] () -- C:\Program Files\cargra.lay
[2005/07/07 18:12:52 | 000,002,172 | ---- | C] () -- C:\Program Files\cartxt.lay
[2005/07/07 18:12:52 | 000,002,037 | ---- | C] () -- C:\Program Files\pmw.clr
[2005/07/07 18:12:52 | 000,001,997 | ---- | C] () -- C:\Program Files\bantxt.lay
[2005/07/07 18:12:52 | 000,001,910 | ---- | C] () -- C:\Program Files\bangra.lay
[2005/07/07 18:12:52 | 000,001,809 | ---- | C] () -- C:\Program Files\calgra.lay
[2005/07/07 18:12:52 | 000,001,648 | ---- | C] () -- C:\Program Files\caltxt.lay
[2005/07/07 18:12:52 | 000,001,576 | ---- | C] () -- C:\Program Files\crafttypes.dat
[2005/07/07 18:12:52 | 000,001,024 | ---- | C] () -- C:\Program Files\netl.pm
[2005/07/07 18:12:52 | 000,000,955 | ---- | C] () -- C:\Program Files\Billy.xml
[2005/07/07 18:12:52 | 000,000,766 | ---- | C] () -- C:\Program Files\HandCursor.cur
[2005/07/07 18:12:52 | 000,000,630 | ---- | C] () -- C:\Program Files\colors.clr
[2005/07/07 18:12:52 | 000,000,147 | ---- | C] () -- C:\Program Files\pmwini.def
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/10/29 21:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/09/07 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Canon
[2010/10/30 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/31 21:50:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/31 21:19:37 | 000,002,994 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 5:03 pm

Hi,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\wmcrbq.sys -- (xjxtiyc)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (tqqgk)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\upcavq.sys -- (mmfik)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
[2010/10/29 21:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security

:commands
[emptytemp]
[resethosts]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==========

Now please try and run ComboFix.

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 5:35 pm

Hi Sneakyone,
Thank you. Here is the OTL log file. I'll try Combofix and let you know.
Ed

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xjxtiyc deleted successfully.
File C:\WINDOWS\System32\drivers\wmcrbq.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WDICA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tqqgk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRELI deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDCOMP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIDump deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mmfik deleted successfully.
File C:\WINDOWS\System32\drivers\upcavq.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lbrtfdc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Changer deleted successfully.
C:\Documents and Settings\edward\Application Data\Bitrix Security folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: ann
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: edward
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3995308 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 4.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.43.0 log created on 11012010_142449

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 6:39 pm

Sneakyone,
Thanks for the help. Combofix won't start. any ideas?
Thanks,
Ed

Re: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 8:36 pm

Hi,

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Re: Thinkpoint. Can't start xp, any mode. Please help.2nd November 2010, 12:50 am

Hi Sneakyone,
Thanks again for your help. Here's the Kaspersky scan report.
Thanks,
Ed

Gathering system information: completed 3 minutes ago (events: 15)
11/1/2010 9:34:38 PM Gathering system information Task completed
11/1/2010 9:33:17 PM >> Windows Explorer - show extensions of known file types
11/1/2010 9:33:17 PM >> Disable removable media autorun
11/1/2010 9:33:17 PM >> Disable CD/DVD autorun
11/1/2010 9:33:17 PM >> Disable autorun from network drives
11/1/2010 9:33:17 PM >> Disable HDD autorun
11/1/2010 9:33:00 PM IAT modification detected: FreeLibrary - 00C20400<>7C80ABEE
11/1/2010 9:33:00 PM IAT modification detected: GetProcAddress - 00C20390<>7C80ADB0
11/1/2010 9:33:00 PM IAT modification detected: LoadLibraryA - 00C20320<>7C801D77
11/1/2010 9:33:00 PM IAT modification detected: LoadLibraryW - 00C20240<>7C80AE5B
11/1/2010 9:33:00 PM IAT modification detected: CreateProcessW - 00C20160<>7C802332
11/1/2010 9:33:00 PM IAT modification detected: GetModuleFileNameW - 00C200F0<>7C80B3E5
11/1/2010 9:33:00 PM IAT modification detected: GetModuleFileNameA - 00C20080<>7C80B4DF
11/1/2010 9:33:00 PM IAT modification detected: CreateProcessA - 00C20010<>7C802367
11/1/2010 9:32:56 PM Gathering system information Task started

Re: Thinkpoint. Can't start xp, any mode. Please help.2nd November 2010, 2:51 pm

Hi Sneakyone,
Good news, malware's gone! I downloaded Loaris Trojan Remover and deleted what it found. All better now! Thank you so much for all your efforts, and more importantly my wife thanks you, as it was her computer.
Thanks again,
Ed

Re: Thinkpoint. Can't start xp, any mode. Please help.2nd November 2010, 5:11 pm

Hi,

You're welcome, glad to help.

If you have anymore issues tell me and I will be happy to help. Smile...

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do a calculation of temporary/old files, and then display a dialogue box.
Select the More Options Tab.
At the bottom will be a System Restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit Here

Thinkpoint. Can't start xp, any mode. Please help.

descriptionThinkpoint. Can't start xp, any mode. Please help.29th October 2010, 2:14 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 2:17 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:28 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:35 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:35 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 3:59 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 4:07 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 1:54 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 2:46 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 4:36 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 4:51 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.29th October 2010, 8:55 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 1:38 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 4:47 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 3:32 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.30th October 2010, 5:43 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.31st October 2010, 2:50 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.31st October 2010, 7:13 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.31st October 2010, 11:14 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 12:46 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 2:30 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 3:26 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 5:03 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 5:35 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 6:39 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.1st November 2010, 8:36 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.2nd November 2010, 12:50 am

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.2nd November 2010, 2:51 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.2nd November 2010, 5:11 pm

descriptionRe: Thinkpoint. Can't start xp, any mode. Please help.