Thinkpoint. Can't start xp, any mode. Please help.

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Fri 29 Oct 2010, 1:14 pm

I got Thinkpoint trojan a few days ago. I ran Malwarebytes for a couple hours, then had to leave for a couple days. MB caught 4 pieces of Thinkpoint. I came home today, started the computer to run MB to completion, and the computer won't boot. Safe Mode, DOS prompt, Normal start, all fail. Thanks in advance for help.
edlacerra

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Fri 29 Oct 2010, 1:17 pm

Hi,

Welcome to GeekPolice.net!

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download ISOBurner
  • This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
  • See the instructions page for more info.
Step 2: download the OTLPE REATOGO Windows Recovery Environment.
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Fri 29 Oct 2010, 2:28 pm

Thanks! Scanning now. I changed Drivers to None, as my only choices were None, Use Safe List, and All. I will post when scan is over.

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Fri 29 Oct 2010, 2:35 pm

Thanks again for all your help Sneakyone. Here's the scan result:

OTL logfile created on: 10/28/2010 11:25:22 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 77.73 Gb Free Space | 69.59% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/10/28 19:22:39 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/09/10 16:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/30 18:36:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 18:36:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\edward_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/21 20:18:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{59EDC053-1427-4A77-8583-9C9B343F73B3}: C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\ [2010/10/25 18:10:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 18:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 18:51:08 | 000,000,000 | ---D | M]

[2010/10/25 16:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/24 07:52:18 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\edward_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} [You must be registered and logged in to see this link.] (PdvrOcx Class)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\edward_ON_C Winlogon: Shell - (C:\Documents and Settings\edward\Application Data\hotfix.exe) - C:\Documents and Settings\edward\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: chkntcut - (C:\WINDOWS\system32\fixmsmss.dll) - C:\WINDOWS\system32\fixmsmss.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/10/26 14:52:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/10/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Malwarebytes
[2010/10/26 13:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/26 13:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/26 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 13:56:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/25 20:49:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/10/25 20:35:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\edward\Recent
[2010/10/25 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 18:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}
[2010/10/25 18:08:36 | 000,760,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\tqqgk.sys
[2010/10/25 15:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Laundry 10-22-10
[2010/10/19 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Customers Porcessed in Little Rock
[2010/10/16 11:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\DivX
[2010/10/16 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\War Eagle Mill and Craft Fair 10-14-10
[2010/10/03 12:10:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/10/01 10:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Info. for Insurance Co
[2007/09/09 17:46:44 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Controllers.dll
[2007/09/09 17:46:42 | 000,229,376 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Billy.dll
[2007/09/09 17:46:42 | 000,208,896 | ---- | C] ( ) -- C:\Program Files\ti.jazzie.dll
[2007/09/09 17:46:42 | 000,163,840 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\ScrappyText.dll
[2007/09/09 17:46:42 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.HostInterface.exe
[2007/09/09 17:46:40 | 000,851,968 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.dll
[2007/09/09 17:46:40 | 000,049,152 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Gracie.dll
[2007/09/09 17:46:40 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.dll
[2007/09/09 17:46:38 | 000,466,944 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Georgia.dll
[2007/09/09 17:46:38 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.Res.dll
[2007/09/09 17:46:38 | 000,086,016 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\ps20resources.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\pmwresources.dll
[2007/09/09 17:46:28 | 000,081,920 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Rescue.exe
[2007/09/09 17:46:28 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.dll
[2007/09/09 17:46:26 | 000,126,976 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Aardvark.dll
[2007/09/09 17:46:26 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.dll
[2007/09/09 17:46:26 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.Dispatch.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.Target.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Target.dll
[2007/09/09 17:46:24 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Beast.ICs.dll
[2007/09/09 17:46:24 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.IC.dll
[2007/09/09 17:46:24 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.IC.dll
[2007/09/09 17:46:22 | 000,073,728 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.dll
[2007/09/09 17:46:22 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.dll
[2007/09/09 17:46:22 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\CustomControlsLib.dll
[2007/09/09 17:46:22 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.dll
[2007/09/09 17:46:22 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\PlatformUtils.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.ICs.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\IC.dll
[2007/09/09 17:46:22 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\RainMan.dll
[2007/09/09 17:46:20 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Framework.dll
[2007/09/09 17:46:10 | 000,006,656 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Win32UI.dll
[2007/09/09 17:45:36 | 000,069,632 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\GreenleafArchiveLib.dll
[2007/09/09 17:45:34 | 000,041,984 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.ZLibWrapper.dll
[2007/09/09 17:45:32 | 000,011,776 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.DriveInfo.dll
[2007/09/09 17:44:40 | 006,541,312 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMW.exe
[2007/09/09 17:42:30 | 009,707,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\pmwres32.dll
[2007/09/09 17:42:24 | 000,114,688 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ConnMgr.dll
[2007/09/09 17:42:18 | 000,061,440 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AboutBoxdll.dll
[2007/09/09 17:41:44 | 000,040,960 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\CustToolbar.dll
[2007/09/09 17:41:40 | 000,155,648 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\border.dll
[2007/09/09 17:41:34 | 000,303,104 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PSToolbar.dll
[2007/09/09 17:41:16 | 000,057,344 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AccessAB.dll
[2007/09/09 17:41:12 | 000,021,504 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Thesaurus.dll
[2007/09/09 17:40:50 | 000,098,304 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMWTrueType.dll
[2007/09/09 17:40:48 | 000,380,928 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\advdraw.exe
[2007/09/09 17:36:02 | 000,344,064 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Remind.exe
[2007/09/09 17:33:54 | 001,003,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMAppBuilder.dll
[2007/09/09 17:23:22 | 000,602,112 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportPW.dll
[2007/09/09 17:22:48 | 000,262,144 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\LaunchDLL.dll
[2007/09/09 17:22:26 | 000,479,232 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportWSD.dll
[2007/09/09 17:20:10 | 000,561,152 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\UICustomizer.dll
[2007/09/09 17:19:28 | 000,643,072 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImport.dll
[2007/09/09 17:18:28 | 001,462,272 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Framework.dll
[2007/09/09 17:17:06 | 000,022,016 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ImageServer.dll
[2007/07/19 15:07:02 | 003,186,688 | ---- | C] (Amyuni Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\cdintf.dll
[2007/07/19 15:07:02 | 000,527,872 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfuamd64.dll
[2007/07/19 15:07:02 | 000,423,373 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfu.dll
[2007/07/19 15:07:02 | 000,389,120 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfuiamd64.dll
[2007/07/19 15:07:02 | 000,370,783 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfui.dll
[2005/11/30 17:06:42 | 000,045,056 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\MSRUN32.EXE
[2005/07/07 19:12:51 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn12n.dll
[2005/07/07 19:12:51 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfcmp12n.dll
[2005/07/07 19:12:51 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdis12n.dll
[2005/07/07 19:12:51 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg12n.dll
[2005/07/07 19:12:51 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpng12n.dll
[2005/07/07 19:12:51 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif12n.dll
[2005/07/07 19:12:51 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil12n.dll
[2005/07/07 19:12:51 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffax12n.dll
[2005/07/07 19:12:51 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwmf12n.dll
[2005/07/07 19:12:51 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps12n.dll
[2005/07/07 19:12:51 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd12n.dll
[2005/07/07 19:12:51 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif12n.dll
[2005/07/07 19:12:51 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp12n.dll
[2005/07/07 19:12:51 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx12n.dll
[2005/07/07 19:12:51 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwpg12n.dll
[2005/07/07 19:12:51 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2005/07/07 18:12:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\pcdlib32.dll
[2005/07/07 18:12:52 | 000,122,880 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\Program Files\ssce4132.dll
[2005/07/07 18:12:52 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,028,672 | ---- | C] ( ) -- C:\Program Files\Interop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,014,848 | ---- | C] ( ) -- C:\Program Files\AxInterop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,007,680 | ---- | C] ( ) -- C:\Program Files\Ti.PMAppBuilder.dll
[2005/07/07 18:12:52 | 000,006,144 | ---- | C] ( ) -- C:\Program Files\Interop.CONNMGRLib.dll
[2005/07/07 18:12:52 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\AxInterop.CONNMGRLib.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 23:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 22:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/03/18 21:05:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2001/09/05 23:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Fri 29 Oct 2010, 2:35 pm

========== Files - Modified Within 30 Days ==========

[2010/10/28 19:55:54 | 000,760,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\tqqgk.sys
[2010/10/28 19:55:07 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/28 19:51:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 19:22:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/28 19:19:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/10/28 19:18:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/10/28 19:15:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/28 19:11:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 19:04:15 | 000,442,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/28 19:04:15 | 000,071,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/28 19:02:56 | 066,961,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/28 19:01:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/28 19:00:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/28 18:59:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 18:59:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/26 15:09:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/26 14:58:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/10/26 13:57:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/26 10:29:13 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Odometer Readings.xls
[2010/10/25 20:40:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/25 20:38:08 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/10/25 20:38:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/10/25 19:52:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:43:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/25 18:09:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 18:08:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 18:08:43 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 18:08:34 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 15:19:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/25 14:59:54 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\GLS-PWs.xls
[2010/10/25 14:39:05 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Sales Tax Not Charged.xls
[2010/10/22 20:40:24 | 000,607,408 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/22 12:45:58 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/22 10:29:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/20 10:25:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 12:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 11:51:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:26 | 000,194,270 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:30:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 11:11:34 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 17:37:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Mileage Reimb..xls
[2010/10/07 16:36:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:32 | 000,046,612 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/05 12:59:07 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/03 19:18:52 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:41:11 | 000,009,221 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Letterhead.wpd
[2010/10/01 10:10:38 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/10/01 10:06:40 | 009,240,280 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Harleysville Ins. Policy.zip
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 19:22:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/25 19:52:06 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:09:41 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/10/25 18:09:41 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/10/25 18:09:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/10/25 18:09:39 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/10/25 18:09:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/10/25 18:09:36 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/10/25 18:09:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/10/25 18:09:35 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/10/25 18:09:35 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/10/25 18:09:34 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/10/25 18:09:34 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/10/25 18:09:34 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/10/25 18:09:34 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/10/25 18:09:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/10/25 18:09:25 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/10/25 18:09:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/10/25 18:09:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/10/25 18:09:23 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/10/25 18:09:23 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/10/25 18:09:22 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/10/25 18:09:22 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/10/25 18:09:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/25 18:09:21 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/25 18:09:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/25 18:09:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/25 18:09:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/25 18:09:19 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/25 18:09:19 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/25 18:09:18 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/25 18:09:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/25 18:09:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/25 18:09:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/25 18:09:15 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/25 18:09:15 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/25 18:09:15 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/25 18:09:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/25 18:09:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 18:09:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 18:09:01 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 18:08:49 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 18:08:34 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 18:08:20 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 17:42:06 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/25 17:41:52 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/25 17:41:47 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/25 15:12:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/22 10:29:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 11:51:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:23 | 000,194,270 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:04:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 16:36:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:29 | 000,046,612 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/03 19:18:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:09:51 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/09/03 12:44:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JPR.{PB
[2010/09/03 12:44:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JCM.{PB
[2010/09/01 14:38:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 20:42:11 | 000,607,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/17 12:33:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\fusioncache.dat
[2010/01/01 15:53:19 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/03 18:40:19 | 000,001,876 | ---- | C] () -- C:\Program Files\Register Your Software.lnk
[2009/01/18 13:13:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/01/01 18:56:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2009/01/01 18:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2008/07/15 17:17:53 | 000,001,516 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/06 13:28:23 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/06/11 21:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/11 15:38:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 14:56:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\imx32.dll
[2008/05/27 17:40:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/27 17:40:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/27 17:40:22 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/27 17:40:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/27 17:40:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 21:43:55 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 09:35:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fusioncache.dat
[2008/05/16 11:56:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 11:51:55 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/16 11:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/16 11:46:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/16 11:23:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/16 09:57:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\msimp32.dll
[2007/09/09 17:46:40 | 000,008,192 | ---- | C] () -- C:\Program Files\ScrappyText.Glue.dll
[2007/09/09 17:46:08 | 000,012,288 | ---- | C] () -- C:\Program Files\Flip.dll
[2007/09/09 17:45:44 | 000,038,400 | ---- | C] () -- C:\Program Files\HostObjects.dll
[2007/09/09 17:22:34 | 000,438,272 | ---- | C] () -- C:\Program Files\PMUserApp.exe
[2007/09/09 17:04:54 | 001,299,835 | ---- | C] () -- C:\Program Files\SKUResources.dat
[2007/08/31 14:08:30 | 000,032,306 | ---- | C] () -- C:\Program Files\ReadMe.htm
[2007/08/10 15:42:56 | 001,697,287 | ---- | C] () -- C:\Program Files\pmw.chm
[2007/08/07 13:47:04 | 000,038,961 | ---- | C] () -- C:\Program Files\License.rtf
[2007/07/26 16:12:26 | 000,001,597 | ---- | C] () -- C:\Program Files\startup.cfg
[2007/07/19 15:07:02 | 000,139,264 | ---- | C] () -- C:\Program Files\Install.exe
[2007/07/19 15:07:02 | 000,000,048 | ---- | C] () -- C:\Program Files\acfpdf.txt
[2007/07/10 14:42:50 | 000,000,464 | ---- | C] () -- C:\Program Files\MSREG.INI
[2006/05/15 14:50:54 | 000,038,277 | ---- | C] () -- C:\Program Files\PMWSHAPE.bin
[2006/02/17 15:43:44 | 000,024,325 | ---- | C] () -- C:\Program Files\Labels.dat
[2006/02/17 15:43:44 | 000,004,349 | ---- | C] () -- C:\Program Files\Stickers.dat
[2006/02/17 15:43:44 | 000,002,418 | ---- | C] () -- C:\Program Files\HalfCard.dat
[2006/02/17 15:43:44 | 000,001,221 | ---- | C] () -- C:\Program Files\BizCard.dat
[2006/02/17 15:43:44 | 000,000,899 | ---- | C] () -- C:\Program Files\NoteCard.dat
[2006/02/14 15:52:32 | 000,007,255 | ---- | C] () -- C:\Program Files\Photoprj.dat
[2006/02/14 15:52:32 | 000,001,963 | ---- | C] () -- C:\Program Files\PostCard.dat
[2006/02/08 17:31:50 | 000,000,811 | ---- | C] () -- C:\Program Files\ScrapBookPage.dat
[2006/02/07 18:52:00 | 000,046,888 | ---- | C] () -- C:\Program Files\hints.hnt
[2006/02/03 20:44:44 | 000,000,916 | ---- | C] () -- C:\Program Files\FeaturedArt.ini
[2006/02/03 15:18:00 | 000,002,042 | ---- | C] () -- C:\Program Files\envelope.dat
[2006/02/03 15:18:00 | 000,000,557 | ---- | C] () -- C:\Program Files\ironon.dat
[2006/01/24 17:26:18 | 000,018,648 | ---- | C] () -- C:\Program Files\PageLayout.DB
[2006/01/24 17:26:18 | 000,011,264 | ---- | C] () -- C:\Program Files\PageLayout.IDX
[2006/01/24 13:45:28 | 000,022,206 | ---- | C] () -- C:\Program Files\PMW.ico
[2006/01/05 11:41:34 | 000,005,937 | ---- | C] () -- C:\Program Files\Peanut.xml
[2006/01/05 11:41:34 | 000,000,639 | ---- | C] () -- C:\Program Files\miniapps.xml
[2005/11/29 15:55:18 | 000,017,534 | ---- | C] () -- C:\Program Files\crown.ico
[2005/11/29 15:55:18 | 000,000,049 | ---- | C] () -- C:\Program Files\Broderbund
[2005/07/07 18:12:52 | 006,729,715 | ---- | C] () -- C:\Program Files\InterfaceComponents.DB
[2005/07/07 18:12:52 | 000,386,720 | ---- | C] () -- C:\Program Files\MasterColorSets.dat
[2005/07/07 18:12:52 | 000,375,808 | ---- | C] () -- C:\Program Files\reutr300.dat
[2005/07/07 18:12:52 | 000,352,322 | ---- | C] () -- C:\Program Files\pmw.clx
[2005/07/07 18:12:52 | 000,089,655 | ---- | C] () -- C:\Program Files\symbol.otl
[2005/07/07 18:12:52 | 000,081,920 | ---- | C] () -- C:\Program Files\RunPlayer.exe
[2005/07/07 18:12:52 | 000,067,013 | ---- | C] () -- C:\Program Files\pspeprojects.dat
[2005/07/07 18:12:52 | 000,065,294 | ---- | C] () -- C:\Program Files\pmwshape.dat
[2005/07/07 18:12:52 | 000,059,143 | ---- | C] () -- C:\Program Files\MLSSYM.TT
[2005/07/07 18:12:52 | 000,057,344 | ---- | C] () -- C:\Program Files\Interop.MessengerAPI.DLL
[2005/07/07 18:12:52 | 000,055,385 | ---- | C] () -- C:\Program Files\MLSZA.TT
[2005/07/07 18:12:52 | 000,031,744 | ---- | C] () -- C:\Program Files\InterfaceComponents.IDX
[2005/07/07 18:12:52 | 000,011,264 | ---- | C] () -- C:\Program Files\Lists.IDX
[2005/07/07 18:12:52 | 000,008,420 | ---- | C] () -- C:\Program Files\Lists.DB
[2005/07/07 18:12:52 | 000,003,067 | ---- | C] () -- C:\Program Files\sigdup.lay
[2005/07/07 18:12:52 | 000,002,948 | ---- | C] () -- C:\Program Files\bandup.lay
[2005/07/07 18:12:52 | 000,002,874 | ---- | C] () -- C:\Program Files\pmw.wrp
[2005/07/07 18:12:52 | 000,002,849 | ---- | C] () -- C:\Program Files\siggra.lay
[2005/07/07 18:12:52 | 000,002,753 | ---- | C] () -- C:\Program Files\cardup.lay
[2005/07/07 18:12:52 | 000,002,724 | ---- | C] () -- C:\Program Files\caldup.lay
[2005/07/07 18:12:52 | 000,002,656 | ---- | C] () -- C:\Program Files\sigtxt.lay
[2005/07/07 18:12:52 | 000,002,183 | ---- | C] () -- C:\Program Files\cargra.lay
[2005/07/07 18:12:52 | 000,002,172 | ---- | C] () -- C:\Program Files\cartxt.lay
[2005/07/07 18:12:52 | 000,002,037 | ---- | C] () -- C:\Program Files\pmw.clr
[2005/07/07 18:12:52 | 000,001,997 | ---- | C] () -- C:\Program Files\bantxt.lay
[2005/07/07 18:12:52 | 000,001,910 | ---- | C] () -- C:\Program Files\bangra.lay
[2005/07/07 18:12:52 | 000,001,809 | ---- | C] () -- C:\Program Files\calgra.lay
[2005/07/07 18:12:52 | 000,001,648 | ---- | C] () -- C:\Program Files\caltxt.lay
[2005/07/07 18:12:52 | 000,001,576 | ---- | C] () -- C:\Program Files\crafttypes.dat
[2005/07/07 18:12:52 | 000,001,024 | ---- | C] () -- C:\Program Files\netl.pm
[2005/07/07 18:12:52 | 000,000,955 | ---- | C] () -- C:\Program Files\Billy.xml
[2005/07/07 18:12:52 | 000,000,766 | ---- | C] () -- C:\Program Files\HandCursor.cur
[2005/07/07 18:12:52 | 000,000,630 | ---- | C] () -- C:\Program Files\colors.clr
[2005/07/07 18:12:52 | 000,000,147 | ---- | C] () -- C:\Program Files\pmwini.def
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:23 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003080_.tmp.dll
[2004/08/10 13:51:10 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003112_.tmp.dll
[2004/08/10 13:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/10/28 19:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/09/07 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Canon
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/25 18:08:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/10/28 19:19:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/10/25 18:09:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/10/25 18:09:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/25 18:09:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/25 18:09:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 18:08:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/25 18:09:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/10/25 18:08:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/10/25 18:09:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/10/25 18:09:03 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/10/26 15:09:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/10/28 19:18:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/10/26 15:09:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/10/25 18:09:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/10/25 18:09:26 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/10/25 18:43:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/10/25 20:28:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/10/25 18:09:32 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/10/25 18:09:04 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/10/26 14:29:07 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/10/25 18:43:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/10/25 18:09:32 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/10/25 20:38:08 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/10/25 18:09:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/10/25 20:38:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2010/10/28 19:55:07 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/28 19:11:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 19:15:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/28 19:00:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========


< End of report >

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Fri 29 Oct 2010, 2:59 pm

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    SRV - [2010/10/28 19:22:39 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
    O20 - HKU\edward_ON_C Winlogon: Shell - (C:\Documents and Settings\edward\Application Data\hotfix.exe) - C:\Documents and Settings\edward\Application Data\hotfix.exe File not found
    [2010/10/25 18:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}
    [2010/10/25 18:08:36 | 000,760,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\tqqgk.sys
    [2010/10/28 19:22:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
    [2010/10/28 19:15:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/10/28 19:11:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2004/08/10 13:51:23 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003080_.tmp.dll
    [2004/08/10 13:51:10 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003112_.tmp.dll
    [2010/10/28 19:00:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

    :Files
    C:\WINDOWS\tasks\At*.job

    :commands
    [emptytemp]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Fri 29 Oct 2010, 3:07 pm

Thanks again Sneakyone! I'll have to do this tomorrow as it is 11:00 p.m. here and I can't keep my eyes open, afraid I'll get sloppy and make a mistake. Your help is above and beyond!!! I'll post results tomorrow.

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Sat 30 Oct 2010, 12:54 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 deleted successfully.
C:\WINDOWS\system32\6to4v32.dll moved successfully.
Registry value HKEY_USERS\edward_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\edward\Application Data\hotfix.exe deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\chrome\content folder moved successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\chrome folder moved successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3} folder moved successfully.
C:\WINDOWS\system32\drivers\tqqgk.sys moved successfully.
File C:\WINDOWS\System32\6to4v32.dll not found.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\system32\_003080_.tmp.dll moved successfully.
C:\WINDOWS\system32\_003112_.tmp.dll moved successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: ann
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: edward
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 242688 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1125538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28225774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 28.00 mb


OTLPE by OldTimer - Version 3.1.43.0 log created on 10292010_105204

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Sat 30 Oct 2010, 1:46 am

Hi, thanks for all the help so far. When I try to install Combofix (Commy.exe), I get an error message, "some files could not be created" restart computer. I also can not find the firewall or AVG running, but have no way of checking to make sure it's off, as there is no icon on the taskbar. Please advise as I may be doing something wrong. Thanks!

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Sat 30 Oct 2010, 3:36 am

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Sat 30 Oct 2010, 3:51 am

Hi Sneakyone! I've restarted the computer a number of times trying to get combofix to install, now I seem to be back to square one. I did another OTL scan, please advise:

OTL logfile created on: 10/29/2010 12:39:24 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 77.75 Gb Free Space | 69.61% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 16:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/30 18:36:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 18:36:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\edward_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/21 20:18:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{59EDC053-1427-4A77-8583-9C9B343F73B3}: C:\Documents and Settings\edward\Local Settings\Application Data\{59EDC053-1427-4A77-8583-9C9B343F73B3}\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 18:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 18:51:08 | 000,000,000 | ---D | M]

[2010/10/25 16:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/24 07:52:18 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\edward_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} [You must be registered and logged in to see this link.] (PdvrOcx Class)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 12:15:21 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/29 11:35:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 11:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\New Folder
[2010/10/29 10:52:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/10/26 14:52:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/10/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Malwarebytes
[2010/10/26 13:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/26 13:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/26 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 13:56:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/25 20:49:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/10/25 20:35:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\edward\Recent
[2010/10/25 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 15:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Laundry 10-22-10
[2010/10/19 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Customers Porcessed in Little Rock
[2010/10/16 11:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\DivX
[2010/10/16 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\War Eagle Mill and Craft Fair 10-14-10
[2010/10/03 12:10:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/10/01 10:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Info. for Insurance Co
[2007/09/09 17:46:44 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Controllers.dll
[2007/09/09 17:46:42 | 000,229,376 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Billy.dll
[2007/09/09 17:46:42 | 000,208,896 | ---- | C] ( ) -- C:\Program Files\ti.jazzie.dll
[2007/09/09 17:46:42 | 000,163,840 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\ScrappyText.dll
[2007/09/09 17:46:42 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.HostInterface.exe
[2007/09/09 17:46:40 | 000,851,968 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.dll
[2007/09/09 17:46:40 | 000,049,152 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Gracie.dll
[2007/09/09 17:46:40 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.dll
[2007/09/09 17:46:38 | 000,466,944 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Georgia.dll
[2007/09/09 17:46:38 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.Res.dll
[2007/09/09 17:46:38 | 000,086,016 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\ps20resources.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\pmwresources.dll
[2007/09/09 17:46:28 | 000,081,920 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Rescue.exe
[2007/09/09 17:46:28 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.dll
[2007/09/09 17:46:26 | 000,126,976 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Aardvark.dll
[2007/09/09 17:46:26 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.dll
[2007/09/09 17:46:26 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.Dispatch.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.Target.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Target.dll
[2007/09/09 17:46:24 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Beast.ICs.dll
[2007/09/09 17:46:24 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.IC.dll
[2007/09/09 17:46:24 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.IC.dll
[2007/09/09 17:46:22 | 000,073,728 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.dll
[2007/09/09 17:46:22 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.dll
[2007/09/09 17:46:22 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\CustomControlsLib.dll
[2007/09/09 17:46:22 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.dll
[2007/09/09 17:46:22 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\PlatformUtils.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.ICs.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\IC.dll
[2007/09/09 17:46:22 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\RainMan.dll
[2007/09/09 17:46:20 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Framework.dll
[2007/09/09 17:46:10 | 000,006,656 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Win32UI.dll
[2007/09/09 17:45:36 | 000,069,632 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\GreenleafArchiveLib.dll
[2007/09/09 17:45:34 | 000,041,984 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.ZLibWrapper.dll
[2007/09/09 17:45:32 | 000,011,776 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.DriveInfo.dll
[2007/09/09 17:44:40 | 006,541,312 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMW.exe
[2007/09/09 17:42:30 | 009,707,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\pmwres32.dll
[2007/09/09 17:42:24 | 000,114,688 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ConnMgr.dll
[2007/09/09 17:42:18 | 000,061,440 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AboutBoxdll.dll
[2007/09/09 17:41:44 | 000,040,960 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\CustToolbar.dll
[2007/09/09 17:41:40 | 000,155,648 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\border.dll
[2007/09/09 17:41:34 | 000,303,104 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PSToolbar.dll
[2007/09/09 17:41:16 | 000,057,344 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AccessAB.dll
[2007/09/09 17:41:12 | 000,021,504 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Thesaurus.dll
[2007/09/09 17:40:50 | 000,098,304 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMWTrueType.dll
[2007/09/09 17:40:48 | 000,380,928 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\advdraw.exe
[2007/09/09 17:36:02 | 000,344,064 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Remind.exe
[2007/09/09 17:33:54 | 001,003,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMAppBuilder.dll
[2007/09/09 17:23:22 | 000,602,112 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportPW.dll
[2007/09/09 17:22:48 | 000,262,144 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\LaunchDLL.dll
[2007/09/09 17:22:26 | 000,479,232 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportWSD.dll
[2007/09/09 17:20:10 | 000,561,152 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\UICustomizer.dll
[2007/09/09 17:19:28 | 000,643,072 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImport.dll
[2007/09/09 17:18:28 | 001,462,272 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Framework.dll
[2007/09/09 17:17:06 | 000,022,016 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ImageServer.dll
[2007/07/19 15:07:02 | 003,186,688 | ---- | C] (Amyuni Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\cdintf.dll
[2007/07/19 15:07:02 | 000,527,872 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfuamd64.dll
[2007/07/19 15:07:02 | 000,423,373 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfu.dll
[2007/07/19 15:07:02 | 000,389,120 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfuiamd64.dll
[2007/07/19 15:07:02 | 000,370,783 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfui.dll
[2005/11/30 17:06:42 | 000,045,056 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\MSRUN32.EXE
[2005/07/07 19:12:51 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn12n.dll
[2005/07/07 19:12:51 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfcmp12n.dll
[2005/07/07 19:12:51 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdis12n.dll
[2005/07/07 19:12:51 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg12n.dll
[2005/07/07 19:12:51 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpng12n.dll
[2005/07/07 19:12:51 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif12n.dll
[2005/07/07 19:12:51 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil12n.dll
[2005/07/07 19:12:51 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffax12n.dll
[2005/07/07 19:12:51 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwmf12n.dll
[2005/07/07 19:12:51 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps12n.dll
[2005/07/07 19:12:51 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd12n.dll
[2005/07/07 19:12:51 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif12n.dll
[2005/07/07 19:12:51 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp12n.dll
[2005/07/07 19:12:51 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx12n.dll
[2005/07/07 19:12:51 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwpg12n.dll
[2005/07/07 19:12:51 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2005/07/07 18:12:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\pcdlib32.dll
[2005/07/07 18:12:52 | 000,122,880 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\Program Files\ssce4132.dll
[2005/07/07 18:12:52 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,028,672 | ---- | C] ( ) -- C:\Program Files\Interop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,014,848 | ---- | C] ( ) -- C:\Program Files\AxInterop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,007,680 | ---- | C] ( ) -- C:\Program Files\Ti.PMAppBuilder.dll
[2005/07/07 18:12:52 | 000,006,144 | ---- | C] ( ) -- C:\Program Files\Interop.CONNMGRLib.dll
[2005/07/07 18:12:52 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\AxInterop.CONNMGRLib.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 23:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 22:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/03/18 21:05:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2001/09/05 23:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll

========== Files - Modified Within 30 Days ==========

[2010/10/29 12:30:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/29 12:27:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 12:13:42 | 003,894,257 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/29 11:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 11:53:57 | 000,442,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/29 11:53:57 | 000,071,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 11:49:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/29 11:49:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 11:49:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 19:02:56 | 066,961,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/26 13:57:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\edward\Desktop\mbam-setup-1.46.exe
[2010/10/26 10:29:13 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Odometer Readings.xls
[2010/10/25 20:40:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/25 19:52:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:08:43 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 18:08:34 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 15:19:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/25 14:59:54 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\GLS-PWs.xls
[2010/10/25 14:39:05 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Sales Tax Not Charged.xls
[2010/10/22 20:40:24 | 000,607,408 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/22 12:45:58 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/22 10:29:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/20 10:25:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 12:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 11:51:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:26 | 000,194,270 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:30:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 11:11:34 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 17:37:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Mileage Reimb..xls
[2010/10/07 16:36:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:32 | 000,046,612 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/05 12:59:07 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/03 19:18:52 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:41:11 | 000,009,221 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Letterhead.wpd
[2010/10/01 10:10:38 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/10/01 10:06:40 | 009,240,280 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Harleysville Ins. Policy.zip

========== Files Created - No Company Name ==========

[2010/10/29 12:14:45 | 003,894,257 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/25 19:52:06 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 18:08:34 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\fixmsmss.dll
[2010/10/25 18:08:20 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\System32\fixmsmss.dll
[2010/10/25 15:12:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/22 10:29:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 11:51:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:23 | 000,194,270 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:04:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 16:36:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:29 | 000,046,612 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/03 19:18:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/10/01 10:09:51 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/09/03 12:44:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JPR.{PB
[2010/09/03 12:44:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JCM.{PB
[2010/09/01 14:38:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 20:42:11 | 000,607,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/17 12:33:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\fusioncache.dat
[2010/01/01 15:53:19 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/03 18:40:19 | 000,001,876 | ---- | C] () -- C:\Program Files\Register Your Software.lnk
[2009/01/18 13:13:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/01/01 18:56:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2009/01/01 18:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2008/07/15 17:17:53 | 000,001,516 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/06 13:28:23 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/06/11 21:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/11 15:38:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 14:56:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\imx32.dll
[2008/05/27 17:40:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/27 17:40:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/27 17:40:22 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/27 17:40:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/27 17:40:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 21:43:55 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 09:35:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fusioncache.dat
[2008/05/16 11:56:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 11:51:55 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/16 11:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/16 11:46:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/16 11:23:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/16 09:57:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\msimp32.dll
[2007/09/09 17:46:40 | 000,008,192 | ---- | C] () -- C:\Program Files\ScrappyText.Glue.dll
[2007/09/09 17:46:08 | 000,012,288 | ---- | C] () -- C:\Program Files\Flip.dll
[2007/09/09 17:45:44 | 000,038,400 | ---- | C] () -- C:\Program Files\HostObjects.dll
[2007/09/09 17:22:34 | 000,438,272 | ---- | C] () -- C:\Program Files\PMUserApp.exe
[2007/09/09 17:04:54 | 001,299,835 | ---- | C] () -- C:\Program Files\SKUResources.dat
[2007/08/31 14:08:30 | 000,032,306 | ---- | C] () -- C:\Program Files\ReadMe.htm
[2007/08/10 15:42:56 | 001,697,287 | ---- | C] () -- C:\Program Files\pmw.chm
[2007/08/07 13:47:04 | 000,038,961 | ---- | C] () -- C:\Program Files\License.rtf
[2007/07/26 16:12:26 | 000,001,597 | ---- | C] () -- C:\Program Files\startup.cfg
[2007/07/19 15:07:02 | 000,139,264 | ---- | C] () -- C:\Program Files\Install.exe
[2007/07/19 15:07:02 | 000,000,048 | ---- | C] () -- C:\Program Files\acfpdf.txt
[2007/07/10 14:42:50 | 000,000,464 | ---- | C] () -- C:\Program Files\MSREG.INI
[2006/05/15 14:50:54 | 000,038,277 | ---- | C] () -- C:\Program Files\PMWSHAPE.bin
[2006/02/17 15:43:44 | 000,024,325 | ---- | C] () -- C:\Program Files\Labels.dat
[2006/02/17 15:43:44 | 000,004,349 | ---- | C] () -- C:\Program Files\Stickers.dat
[2006/02/17 15:43:44 | 000,002,418 | ---- | C] () -- C:\Program Files\HalfCard.dat
[2006/02/17 15:43:44 | 000,001,221 | ---- | C] () -- C:\Program Files\BizCard.dat
[2006/02/17 15:43:44 | 000,000,899 | ---- | C] () -- C:\Program Files\NoteCard.dat
[2006/02/14 15:52:32 | 000,007,255 | ---- | C] () -- C:\Program Files\Photoprj.dat
[2006/02/14 15:52:32 | 000,001,963 | ---- | C] () -- C:\Program Files\PostCard.dat
[2006/02/08 17:31:50 | 000,000,811 | ---- | C] () -- C:\Program Files\ScrapBookPage.dat
[2006/02/07 18:52:00 | 000,046,888 | ---- | C] () -- C:\Program Files\hints.hnt
[2006/02/03 20:44:44 | 000,000,916 | ---- | C] () -- C:\Program Files\FeaturedArt.ini
[2006/02/03 15:18:00 | 000,002,042 | ---- | C] () -- C:\Program Files\envelope.dat
[2006/02/03 15:18:00 | 000,000,557 | ---- | C] () -- C:\Program Files\ironon.dat
[2006/01/24 17:26:18 | 000,018,648 | ---- | C] () -- C:\Program Files\PageLayout.DB
[2006/01/24 17:26:18 | 000,011,264 | ---- | C] () -- C:\Program Files\PageLayout.IDX
[2006/01/24 13:45:28 | 000,022,206 | ---- | C] () -- C:\Program Files\PMW.ico
[2006/01/05 11:41:34 | 000,005,937 | ---- | C] () -- C:\Program Files\Peanut.xml
[2006/01/05 11:41:34 | 000,000,639 | ---- | C] () -- C:\Program Files\miniapps.xml
[2005/11/29 15:55:18 | 000,017,534 | ---- | C] () -- C:\Program Files\crown.ico
[2005/11/29 15:55:18 | 000,000,049 | ---- | C] () -- C:\Program Files\Broderbund
[2005/07/07 18:12:52 | 006,729,715 | ---- | C] () -- C:\Program Files\InterfaceComponents.DB
[2005/07/07 18:12:52 | 000,386,720 | ---- | C] () -- C:\Program Files\MasterColorSets.dat
[2005/07/07 18:12:52 | 000,375,808 | ---- | C] () -- C:\Program Files\reutr300.dat
[2005/07/07 18:12:52 | 000,352,322 | ---- | C] () -- C:\Program Files\pmw.clx
[2005/07/07 18:12:52 | 000,089,655 | ---- | C] () -- C:\Program Files\symbol.otl
[2005/07/07 18:12:52 | 000,081,920 | ---- | C] () -- C:\Program Files\RunPlayer.exe
[2005/07/07 18:12:52 | 000,067,013 | ---- | C] () -- C:\Program Files\pspeprojects.dat
[2005/07/07 18:12:52 | 000,065,294 | ---- | C] () -- C:\Program Files\pmwshape.dat
[2005/07/07 18:12:52 | 000,059,143 | ---- | C] () -- C:\Program Files\MLSSYM.TT
[2005/07/07 18:12:52 | 000,057,344 | ---- | C] () -- C:\Program Files\Interop.MessengerAPI.DLL
[2005/07/07 18:12:52 | 000,055,385 | ---- | C] () -- C:\Program Files\MLSZA.TT
[2005/07/07 18:12:52 | 000,031,744 | ---- | C] () -- C:\Program Files\InterfaceComponents.IDX
[2005/07/07 18:12:52 | 000,011,264 | ---- | C] () -- C:\Program Files\Lists.IDX
[2005/07/07 18:12:52 | 000,008,420 | ---- | C] () -- C:\Program Files\Lists.DB
[2005/07/07 18:12:52 | 000,003,067 | ---- | C] () -- C:\Program Files\sigdup.lay
[2005/07/07 18:12:52 | 000,002,948 | ---- | C] () -- C:\Program Files\bandup.lay
[2005/07/07 18:12:52 | 000,002,874 | ---- | C] () -- C:\Program Files\pmw.wrp
[2005/07/07 18:12:52 | 000,002,849 | ---- | C] () -- C:\Program Files\siggra.lay
[2005/07/07 18:12:52 | 000,002,753 | ---- | C] () -- C:\Program Files\cardup.lay
[2005/07/07 18:12:52 | 000,002,724 | ---- | C] () -- C:\Program Files\caldup.lay
[2005/07/07 18:12:52 | 000,002,656 | ---- | C] () -- C:\Program Files\sigtxt.lay
[2005/07/07 18:12:52 | 000,002,183 | ---- | C] () -- C:\Program Files\cargra.lay
[2005/07/07 18:12:52 | 000,002,172 | ---- | C] () -- C:\Program Files\cartxt.lay
[2005/07/07 18:12:52 | 000,002,037 | ---- | C] () -- C:\Program Files\pmw.clr
[2005/07/07 18:12:52 | 000,001,997 | ---- | C] () -- C:\Program Files\bantxt.lay
[2005/07/07 18:12:52 | 000,001,910 | ---- | C] () -- C:\Program Files\bangra.lay
[2005/07/07 18:12:52 | 000,001,809 | ---- | C] () -- C:\Program Files\calgra.lay
[2005/07/07 18:12:52 | 000,001,648 | ---- | C] () -- C:\Program Files\caltxt.lay
[2005/07/07 18:12:52 | 000,001,576 | ---- | C] () -- C:\Program Files\crafttypes.dat
[2005/07/07 18:12:52 | 000,001,024 | ---- | C] () -- C:\Program Files\netl.pm
[2005/07/07 18:12:52 | 000,000,955 | ---- | C] () -- C:\Program Files\Billy.xml
[2005/07/07 18:12:52 | 000,000,766 | ---- | C] () -- C:\Program Files\HandCursor.cur
[2005/07/07 18:12:52 | 000,000,630 | ---- | C] () -- C:\Program Files\colors.clr
[2005/07/07 18:12:52 | 000,000,147 | ---- | C] () -- C:\Program Files\pmwini.def
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/10/29 12:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/09/07 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Canon
[2010/10/20 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/29 12:30:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Sat 30 Oct 2010, 7:55 am

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Sat 30 Oct 2010, 12:38 pm

Hi, log file from Malwarebytes, please advise:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4980

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/29/2010 8:28:08 PM
mbam-log-2010-10-29 (20-28-08).txt

Scan type: Quick scan
Objects scanned: 158178
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\edward\Application Data\Bitrix Security\podzce.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\2L4NOI3W05 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\ScrappyText.Glue.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\edward\Application Data\Bitrix Security\podzce.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Flip.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\HostObjects.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Interop.MessengerAPI.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\ScrappyText.Glue.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Sat 30 Oct 2010, 3:47 pm

Hi,
I ran Malwarebytes again and it shows 0 malware. I still have a window pop up every now and then telling me I need to get new anti-virus software, seems like remnants of the trojan. I also get a message that "Generic Host Process for Win32" crashes. Other oddball things like sometimes after booting there's no sound, sometimes it won't boot up at all, sometimes a window that's open will crash, etc. Thanks for your assistance so far, it definitely is a lot better than when we started!
Ed

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Sun 31 Oct 2010, 2:32 am

Hi,

Please run a free online scan with ESET Online Scanner by downloading it from 'here' and save it to your Desktop.

  • Please ensure that you're logged into an Administrator account before running the scanner. The ESET Online Scanner will not work if you're on a limited account.
  • Double-click esetsmartinstaller_enu.exe to execute the program.
  • Check the box next to 'YES, I accept the Terms of Use'. Press 'Start'.
  • If this is your first time installing the scanner, allow the ActiveX Control to install.
  • Database download may take some time.
  • On the next page, ensure the box next to 'Remove found threads' has been checked. Also ensure that the box next to 'Scan unwanted applications' is checked. Proceed by clicking on 'Start'.
    • The ESET Online Scanner will update the Virus Signature Database and begin the scan.
    • Please allow it to complete successfully and ensure that any current downloads are stopped.

  • Once the scan's completed, please open 'Notepad' by navigating to 'Start', then 'Run', and type in 'Notepad'. Open the file located at 'C:\Program Files\ESET\ESET Online Scanner\log.txt'.
  • Please Copy & Paste this log into your next reply.
  • Press 'Finish'.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Sun 31 Oct 2010, 4:43 am

Hi Sneakyone!
Here is the log file from ESET scan:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5bdc943be3615c41ab39bd71caef5e13
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-30 04:19:18
# local_time=2010-10-30 11:19:18 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 76617357 76617357 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5bdc943be3615c41ab39bd71caef5e13
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-30 05:41:00
# local_time=2010-10-30 12:41:00 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 76618032 76618032 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=69196
# found=5
# cleaned=5
# scan_time=4248
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\fixmsmss.dll a variant of Win32/Kryptik.HTA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ujifapiti.dll a variant of Win32/Cimag.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fixmsmss.dll a variant of Win32/Kryptik.HTA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10292010_105204\C_WINDOWS\system32\drivers\tqqgk.sys a variant of Win32/Bubnix.BE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Mon 01 Nov 2010, 1:50 am

Hi,

How is your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Mon 01 Nov 2010, 6:13 am

Hi Sneakyone,
Thanks again for ALL your help! Computer is running a little slow. I still get a pop-up tab in Firefox that I have to "Ok" to get it closed. After about 5 or 10 minutes of being on, I get the "Generic Host Process for Win32 Services has Encountered a problem and needs to close" warning. So it seems like there's still a piece hidden somewhere.
Thanks,
Ed

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Mon 01 Nov 2010, 10:14 am

Hi,

Please run ComboFix again and post the log here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Mon 01 Nov 2010, 11:46 am

Hi Sneakyone,
I still can't run Combofix. When I try to open it I get the same error message I got before "Some files could not be created. Please close all applications, reboot Windows and restart the installation" I tried Combofix on another computer and it worked just fine.
Thanks,
Ed

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Mon 01 Nov 2010, 1:30 pm

Hi,

Please run OTL again and post the logs here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Mon 01 Nov 2010, 2:26 pm

Hi Sneakyone,
Thanks again. Here is the OTL log:

OTL logfile created on: 10/31/2010 10:45:33 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 77.21 Gb Free Space | 69.13% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 16:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/30 18:36:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 18:36:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\wmcrbq.sys -- (xjxtiyc)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (tqqgk)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\upcavq.sys -- (mmfik)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/11/29 16:23:17 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/30 18:36:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/30 18:36:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/02 18:06:31 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/30 21:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 15:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/09 05:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/05/23 15:07:28 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2007/04/23 22:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/23 22:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/25 11:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/10/14 23:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/26 14:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2003/09/20 10:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080516
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\edward_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\edward_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/21 20:18:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 18:31:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 23:32:29 | 000,000,000 | ---D | M]

[2010/10/31 15:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/24 07:52:18 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {afdbd48a-9ab9-41da-a160-24fbcd7a35e7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\edward_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} [You must be registered and logged in to see this link.] (PdvrOcx Class)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 21:48:38 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/31 18:36:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\edward\Recent
[2010/10/30 12:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/30 11:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/29 11:35:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 10:52:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/10/26 14:52:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/10/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\Malwarebytes
[2010/10/26 13:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/26 13:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/26 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 20:49:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/10/25 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 19:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 15:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Laundry 10-22-10
[2010/10/19 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\Customers Porcessed in Little Rock
[2010/10/16 11:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Application Data\DivX
[2010/10/16 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edward\Desktop\War Eagle Mill and Craft Fair 10-14-10
[2010/10/03 12:10:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2007/09/09 17:46:44 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Controllers.dll
[2007/09/09 17:46:42 | 000,229,376 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Billy.dll
[2007/09/09 17:46:42 | 000,208,896 | ---- | C] ( ) -- C:\Program Files\ti.jazzie.dll
[2007/09/09 17:46:42 | 000,163,840 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\ScrappyText.dll
[2007/09/09 17:46:42 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.HostInterface.exe
[2007/09/09 17:46:40 | 000,851,968 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.dll
[2007/09/09 17:46:40 | 000,049,152 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Gracie.dll
[2007/09/09 17:46:40 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.dll
[2007/09/09 17:46:38 | 000,466,944 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Georgia.dll
[2007/09/09 17:46:38 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Peanut.Res.dll
[2007/09/09 17:46:38 | 000,086,016 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\ps20resources.dll
[2007/09/09 17:46:36 | 006,688,768 | ---- | C] ( ) -- C:\Program Files\pmwresources.dll
[2007/09/09 17:46:28 | 000,081,920 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Rescue.exe
[2007/09/09 17:46:28 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.dll
[2007/09/09 17:46:26 | 000,126,976 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Aardvark.dll
[2007/09/09 17:46:26 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.dll
[2007/09/09 17:46:26 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.Dispatch.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.Target.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Shadow.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Meg.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Bandit.IC.dll
[2007/09/09 17:46:26 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Target.dll
[2007/09/09 17:46:24 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Beast.ICs.dll
[2007/09/09 17:46:24 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Ginger.IC.dll
[2007/09/09 17:46:24 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.IC.dll
[2007/09/09 17:46:22 | 000,073,728 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.dll
[2007/09/09 17:46:22 | 000,040,960 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.dll
[2007/09/09 17:46:22 | 000,032,768 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\CustomControlsLib.dll
[2007/09/09 17:46:22 | 000,028,672 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Ti.Watson.dll
[2007/09/09 17:46:22 | 000,024,576 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\PlatformUtils.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Venus.ICs.dll
[2007/09/09 17:46:22 | 000,020,480 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\IC.dll
[2007/09/09 17:46:22 | 000,016,384 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\RainMan.dll
[2007/09/09 17:46:20 | 000,057,344 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Framework.dll
[2007/09/09 17:46:10 | 000,006,656 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Milo.Win32UI.dll
[2007/09/09 17:45:36 | 000,069,632 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\GreenleafArchiveLib.dll
[2007/09/09 17:45:34 | 000,041,984 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.ZLibWrapper.dll
[2007/09/09 17:45:32 | 000,011,776 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Program Files\Daisey.DriveInfo.dll
[2007/09/09 17:44:40 | 006,541,312 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMW.exe
[2007/09/09 17:42:30 | 009,707,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\pmwres32.dll
[2007/09/09 17:42:24 | 000,114,688 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ConnMgr.dll
[2007/09/09 17:42:18 | 000,061,440 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AboutBoxdll.dll
[2007/09/09 17:41:44 | 000,040,960 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\CustToolbar.dll
[2007/09/09 17:41:40 | 000,155,648 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\border.dll
[2007/09/09 17:41:34 | 000,303,104 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PSToolbar.dll
[2007/09/09 17:41:16 | 000,057,344 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\AccessAB.dll
[2007/09/09 17:41:12 | 000,021,504 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Thesaurus.dll
[2007/09/09 17:40:50 | 000,098,304 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMWTrueType.dll
[2007/09/09 17:40:48 | 000,380,928 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\advdraw.exe
[2007/09/09 17:36:02 | 000,344,064 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Remind.exe
[2007/09/09 17:33:54 | 001,003,520 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PMAppBuilder.dll
[2007/09/09 17:23:22 | 000,602,112 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportPW.dll
[2007/09/09 17:22:48 | 000,262,144 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\LaunchDLL.dll
[2007/09/09 17:22:26 | 000,479,232 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImportWSD.dll
[2007/09/09 17:20:10 | 000,561,152 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\UICustomizer.dll
[2007/09/09 17:19:28 | 000,643,072 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\PretzelImport.dll
[2007/09/09 17:18:28 | 001,462,272 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\Framework.dll
[2007/09/09 17:17:06 | 000,022,016 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\ImageServer.dll
[2007/07/19 15:07:02 | 003,186,688 | ---- | C] (Amyuni Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\cdintf.dll
[2007/07/19 15:07:02 | 000,527,872 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfuamd64.dll
[2007/07/19 15:07:02 | 000,423,373 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfu.dll
[2007/07/19 15:07:02 | 000,389,120 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfuiamd64.dll
[2007/07/19 15:07:02 | 000,370,783 | ---- | C] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\Program Files\acfpdfui.dll
[2005/11/30 17:06:42 | 000,045,056 | ---- | C] (Broderbund Properties LLC) -- C:\Program Files\MSRUN32.EXE
[2005/07/07 19:12:51 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn12n.dll
[2005/07/07 19:12:51 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfcmp12n.dll
[2005/07/07 19:12:51 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdis12n.dll
[2005/07/07 19:12:51 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg12n.dll
[2005/07/07 19:12:51 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpng12n.dll
[2005/07/07 19:12:51 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif12n.dll
[2005/07/07 19:12:51 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil12n.dll
[2005/07/07 19:12:51 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffax12n.dll
[2005/07/07 19:12:51 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwmf12n.dll
[2005/07/07 19:12:51 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps12n.dll
[2005/07/07 19:12:51 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd12n.dll
[2005/07/07 19:12:51 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif12n.dll
[2005/07/07 19:12:51 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp12n.dll
[2005/07/07 19:12:51 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx12n.dll
[2005/07/07 19:12:51 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfwpg12n.dll
[2005/07/07 19:12:51 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2005/07/07 18:12:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\pcdlib32.dll
[2005/07/07 18:12:52 | 000,122,880 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\Program Files\ssce4132.dll
[2005/07/07 18:12:52 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll
[2005/07/07 18:12:52 | 000,028,672 | ---- | C] ( ) -- C:\Program Files\Interop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,014,848 | ---- | C] ( ) -- C:\Program Files\AxInterop.ShockwaveFlashObjects.dll
[2005/07/07 18:12:52 | 000,007,680 | ---- | C] ( ) -- C:\Program Files\Ti.PMAppBuilder.dll
[2005/07/07 18:12:52 | 000,006,144 | ---- | C] ( ) -- C:\Program Files\Interop.CONNMGRLib.dll
[2005/07/07 18:12:52 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\AxInterop.CONNMGRLib.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 23:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 22:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/03/18 21:05:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2001/09/05 23:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll

========== Files - Modified Within 30 Days ==========

[2010/10/31 21:51:22 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 21:51:22 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 21:50:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/31 21:47:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 20:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:37:58 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/31 20:37:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/31 20:00:08 | 000,607,408 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/31 19:23:17 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\AMX Log.xls
[2010/10/31 17:33:48 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Credit Card Charges.xls
[2010/10/31 17:27:37 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Sales Tax Not Charged.xls
[2010/10/31 14:57:13 | 067,040,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/31 14:53:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/30 00:05:47 | 000,001,194 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101029_230543.reg
[2010/10/29 09:43:14 | 003,894,304 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/26 10:29:13 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Odometer Readings.xls
[2010/10/25 20:40:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/25 19:52:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 15:19:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/25 14:59:54 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\GLS-PWs.xls
[2010/10/22 12:45:58 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/22 10:29:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 12:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 11:51:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:26 | 000,194,270 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:30:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 11:11:34 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 17:37:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Mileage Reimb..xls
[2010/10/07 16:36:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:32 | 000,046,612 | ---- | M] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/05 12:59:07 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/03 19:18:52 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc

========== Files Created - No Company Name ==========

[2010/10/31 20:06:01 | 003,894,304 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Commy.exe
[2010/10/30 00:05:45 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101029_230543.reg
[2010/10/25 19:52:06 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\cc_20101025_185205.reg
[2010/10/25 15:12:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer of Release.doc
[2010/10/22 10:29:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Tomato.doc
[2010/10/20 10:25:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Prayer for the Diocese of Little Rock.doc
[2010/10/19 11:51:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Shortcut to MP Navigator EX.lnk
[2010/10/18 14:41:23 | 000,194,270 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\glenwoodlinenloss_xls.zip
[2010/10/17 19:38:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Glenwood Water and Sewer Labels.lbl
[2010/10/17 19:35:49 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Our Lady of Guadalupe Labels.lbl
[2010/10/16 11:04:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 16:36:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Mileages.xls
[2010/10/05 16:39:29 | 000,046,612 | ---- | C] () -- C:\Documents and Settings\edward\My Documents\Proposal.pdf
[2010/10/03 19:18:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\edward\Desktop\Reg Mechanic Regisrtation.doc
[2010/09/03 12:44:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JPR.{PB
[2010/09/03 12:44:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\edward\Application Data\PFP120JCM.{PB
[2010/09/01 14:38:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 20:42:11 | 000,607,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/17 12:33:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\edward\Local Settings\Application Data\fusioncache.dat
[2010/01/01 15:53:19 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/03 18:40:19 | 000,001,876 | ---- | C] () -- C:\Program Files\Register Your Software.lnk
[2009/01/18 13:13:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/01/01 18:56:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2009/01/01 18:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2008/07/15 17:17:53 | 000,001,516 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/06 13:28:23 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/06/11 21:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/11 15:38:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/28 14:56:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\imx32.dll
[2008/05/27 17:40:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/27 17:40:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/27 17:40:22 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/27 17:40:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/27 17:40:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 21:43:55 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 09:35:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fusioncache.dat
[2008/05/16 11:56:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 11:51:55 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/16 11:47:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/16 11:46:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/16 11:23:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/16 09:57:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\msimp32.dll
[2007/09/09 17:22:34 | 000,438,272 | ---- | C] () -- C:\Program Files\PMUserApp.exe
[2007/09/09 17:04:54 | 001,299,835 | ---- | C] () -- C:\Program Files\SKUResources.dat
[2007/08/31 14:08:30 | 000,032,306 | ---- | C] () -- C:\Program Files\ReadMe.htm
[2007/08/10 15:42:56 | 001,697,287 | ---- | C] () -- C:\Program Files\pmw.chm
[2007/08/07 13:47:04 | 000,038,961 | ---- | C] () -- C:\Program Files\License.rtf
[2007/07/26 16:12:26 | 000,001,597 | ---- | C] () -- C:\Program Files\startup.cfg
[2007/07/19 15:07:02 | 000,139,264 | ---- | C] () -- C:\Program Files\Install.exe
[2007/07/19 15:07:02 | 000,000,048 | ---- | C] () -- C:\Program Files\acfpdf.txt
[2007/07/10 14:42:50 | 000,000,464 | ---- | C] () -- C:\Program Files\MSREG.INI
[2006/05/15 14:50:54 | 000,038,277 | ---- | C] () -- C:\Program Files\PMWSHAPE.bin
[2006/02/17 15:43:44 | 000,024,325 | ---- | C] () -- C:\Program Files\Labels.dat
[2006/02/17 15:43:44 | 000,004,349 | ---- | C] () -- C:\Program Files\Stickers.dat
[2006/02/17 15:43:44 | 000,002,418 | ---- | C] () -- C:\Program Files\HalfCard.dat
[2006/02/17 15:43:44 | 000,001,221 | ---- | C] () -- C:\Program Files\BizCard.dat
[2006/02/17 15:43:44 | 000,000,899 | ---- | C] () -- C:\Program Files\NoteCard.dat
[2006/02/14 15:52:32 | 000,007,255 | ---- | C] () -- C:\Program Files\Photoprj.dat
[2006/02/14 15:52:32 | 000,001,963 | ---- | C] () -- C:\Program Files\PostCard.dat
[2006/02/08 17:31:50 | 000,000,811 | ---- | C] () -- C:\Program Files\ScrapBookPage.dat
[2006/02/07 18:52:00 | 000,046,888 | ---- | C] () -- C:\Program Files\hints.hnt
[2006/02/03 20:44:44 | 000,000,916 | ---- | C] () -- C:\Program Files\FeaturedArt.ini
[2006/02/03 15:18:00 | 000,002,042 | ---- | C] () -- C:\Program Files\envelope.dat
[2006/02/03 15:18:00 | 000,000,557 | ---- | C] () -- C:\Program Files\ironon.dat
[2006/01/24 17:26:18 | 000,018,648 | ---- | C] () -- C:\Program Files\PageLayout.DB
[2006/01/24 17:26:18 | 000,011,264 | ---- | C] () -- C:\Program Files\PageLayout.IDX
[2006/01/24 13:45:28 | 000,022,206 | ---- | C] () -- C:\Program Files\PMW.ico
[2006/01/05 11:41:34 | 000,005,937 | ---- | C] () -- C:\Program Files\Peanut.xml
[2006/01/05 11:41:34 | 000,000,639 | ---- | C] () -- C:\Program Files\miniapps.xml
[2005/11/29 15:55:18 | 000,017,534 | ---- | C] () -- C:\Program Files\crown.ico
[2005/11/29 15:55:18 | 000,000,049 | ---- | C] () -- C:\Program Files\Broderbund
[2005/07/07 18:12:52 | 006,729,715 | ---- | C] () -- C:\Program Files\InterfaceComponents.DB
[2005/07/07 18:12:52 | 000,386,720 | ---- | C] () -- C:\Program Files\MasterColorSets.dat
[2005/07/07 18:12:52 | 000,375,808 | ---- | C] () -- C:\Program Files\reutr300.dat
[2005/07/07 18:12:52 | 000,352,322 | ---- | C] () -- C:\Program Files\pmw.clx
[2005/07/07 18:12:52 | 000,089,655 | ---- | C] () -- C:\Program Files\symbol.otl
[2005/07/07 18:12:52 | 000,081,920 | ---- | C] () -- C:\Program Files\RunPlayer.exe
[2005/07/07 18:12:52 | 000,067,013 | ---- | C] () -- C:\Program Files\pspeprojects.dat
[2005/07/07 18:12:52 | 000,065,294 | ---- | C] () -- C:\Program Files\pmwshape.dat
[2005/07/07 18:12:52 | 000,059,143 | ---- | C] () -- C:\Program Files\MLSSYM.TT
[2005/07/07 18:12:52 | 000,055,385 | ---- | C] () -- C:\Program Files\MLSZA.TT
[2005/07/07 18:12:52 | 000,031,744 | ---- | C] () -- C:\Program Files\InterfaceComponents.IDX
[2005/07/07 18:12:52 | 000,011,264 | ---- | C] () -- C:\Program Files\Lists.IDX
[2005/07/07 18:12:52 | 000,008,420 | ---- | C] () -- C:\Program Files\Lists.DB
[2005/07/07 18:12:52 | 000,003,067 | ---- | C] () -- C:\Program Files\sigdup.lay
[2005/07/07 18:12:52 | 000,002,948 | ---- | C] () -- C:\Program Files\bandup.lay
[2005/07/07 18:12:52 | 000,002,874 | ---- | C] () -- C:\Program Files\pmw.wrp
[2005/07/07 18:12:52 | 000,002,849 | ---- | C] () -- C:\Program Files\siggra.lay
[2005/07/07 18:12:52 | 000,002,753 | ---- | C] () -- C:\Program Files\cardup.lay
[2005/07/07 18:12:52 | 000,002,724 | ---- | C] () -- C:\Program Files\caldup.lay
[2005/07/07 18:12:52 | 000,002,656 | ---- | C] () -- C:\Program Files\sigtxt.lay
[2005/07/07 18:12:52 | 000,002,183 | ---- | C] () -- C:\Program Files\cargra.lay
[2005/07/07 18:12:52 | 000,002,172 | ---- | C] () -- C:\Program Files\cartxt.lay
[2005/07/07 18:12:52 | 000,002,037 | ---- | C] () -- C:\Program Files\pmw.clr
[2005/07/07 18:12:52 | 000,001,997 | ---- | C] () -- C:\Program Files\bantxt.lay
[2005/07/07 18:12:52 | 000,001,910 | ---- | C] () -- C:\Program Files\bangra.lay
[2005/07/07 18:12:52 | 000,001,809 | ---- | C] () -- C:\Program Files\calgra.lay
[2005/07/07 18:12:52 | 000,001,648 | ---- | C] () -- C:\Program Files\caltxt.lay
[2005/07/07 18:12:52 | 000,001,576 | ---- | C] () -- C:\Program Files\crafttypes.dat
[2005/07/07 18:12:52 | 000,001,024 | ---- | C] () -- C:\Program Files\netl.pm
[2005/07/07 18:12:52 | 000,000,955 | ---- | C] () -- C:\Program Files\Billy.xml
[2005/07/07 18:12:52 | 000,000,766 | ---- | C] () -- C:\Program Files\HandCursor.cur
[2005/07/07 18:12:52 | 000,000,630 | ---- | C] () -- C:\Program Files\colors.clr
[2005/07/07 18:12:52 | 000,000,147 | ---- | C] () -- C:\Program Files\pmwini.def
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/10/29 21:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security
[2010/09/07 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Canon
[2010/10/30 13:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/31 21:50:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/31 21:19:37 | 000,002,994 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sneakyone on Tue 02 Nov 2010, 4:03 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\wmcrbq.sys -- (xjxtiyc)
    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | Boot] -- -- (tqqgk)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\upcavq.sys -- (mmfik)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (Changer)
    [2010/10/29 21:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edward\Application Data\Bitrix Security


    :commands
    [emptytemp]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==========

Now please try and run ComboFix.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Tue 02 Nov 2010, 4:35 am

Hi Sneakyone,
Thank you. Here is the OTL log file. I'll try Combofix and let you know.
Ed

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xjxtiyc deleted successfully.
File C:\WINDOWS\System32\drivers\wmcrbq.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WDICA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tqqgk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRELI deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDCOMP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIDump deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mmfik deleted successfully.
File C:\WINDOWS\System32\drivers\upcavq.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lbrtfdc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Changer deleted successfully.
C:\Documents and Settings\edward\Application Data\Bitrix Security folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: ann
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: edward
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3995308 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 4.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.43.0 log created on 11012010_142449

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by edlacerra on Tue 02 Nov 2010, 5:39 am

Sneakyone,
Thanks for the help. Combofix won't start. any ideas?
Thanks,
Ed

edlacerra

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-10-29
Operating System : xp

View user profile

Back to top Go down

Re: Thinkpoint. Can't start xp, any mode. Please help.

Post by Sponsored content Today at 11:16 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum