MPC37

Files attached looking good. system-log.txt mbar-log-2013-03-11 (14-22-10).txt

yes it does! Thank you very much

C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_USERS\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry key HKEY_USERS\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry key HKEY_USERS\Susan_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MigAutoPlay deleted successfully. File C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RunPUTasktray deleted successfully. Registry key HKEY_USERS\C_&_G_Survey_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found. C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\OJHUSRMTG.DLL moved successfully. Registry key HKEY_USERS\Susan_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found. OTLPE by OldTimer - Version 3.1.48.0 log created on 03112013_132513

OTL logfile created on: 3/11/2013 12:14:59 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 195.32 Gb Total Space | 98.41 Gb Free Space | 50.38% Space Free | Partition Type: NTFS Drive D: | 195.31 Gb Total Space | 118.30 Gb Free Space | 60.57% Space Free | Partition Type: NTFS Drive E: | 540.88 Gb Total Space | 537.41 Gb Free Space | 99.36% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (winmgmt) SRV - [2013/02/27 06:11:44 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/19 09:37:15 | 000,968,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/22 08:51:09 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC) SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS) SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService) SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/02/06 16:41:15 | 000,085,096 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv) DRV - File not found [Kernel | System] -- -- (tdx) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (catchme) DRV - [2013/02/19 09:37:15 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/12/07 00:35:58 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter) DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/05/19 20:02:30 | 000,254,256 | ---- | M] (silex technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp) DRV - [2010/01/20 17:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2010/01/20 17:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/01/19 19:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf) DRV - [2007/04/23 21:20:00 | 000,029,184 | ---- | M] (Trimble AB, Sweden) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TrmbTS.sys -- (TrmbTS) DRV - [2000/06/20 06:33:54 | 000,009,881 | ---- | M] (e-TEK Labs) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TRMUSB5K.SYS -- (TRMUSB5K) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 7B B5 D5 0E 43 CD 01 [binary data] IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\Susan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\C & G Survey\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 09:37:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/14 15:08:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/14 15:08:57 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/06/11 16:38:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKU\C_&_G_Survey_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\C_&_G_Survey_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\Susan_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\Susan_ON_C\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CCPrt] C:\Program Files\Cisco Systems\Cisco Connect\CCPrt.exe (Cisco Consumer Products LLC) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [MigAutoPlay] C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe (Корпорация Майкрософт) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [PUStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [RunPUTasktray] File not found O4 - HKLM..\Run: [sMessaging] C:\Program Files\SOS Online Backup\SMessaging.exe (SOS Online Backup) O4 - HKLM..\Run: [sOSUAUI] C:\Program Files\SOS Online Backup\sosuploadagent.exe (SOS Online Backup) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\C_&_G_Survey_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\C_&_G_Survey_ON_C..\Run: [Apple] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll () O4 - HKU\Susan_ON_C..\Run: [Apple] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk = C:\Program Files\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) O4 - Startup: C:\Documents and Settings\C & G Survey\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\C_&_G_Survey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\C_&_G_Survey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\C_&_G_Survey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Susan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://www.trimble.com/datatransfer/v155/isetupml.cab (InstallShield International Setup Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attewc.webex.com/client/T27L10NSP21EP5/event/ieatgpc.cab (GpcContainer Class) O16 - DPF: {FC541648-A453-4711-9B41-41FA09271AF3} https://qbo.intuit.com/c27/v32.131/qboqbwimp7.cab (Intuit Online Payroll Exporter v7) O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/01/07 08:36:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (.) - . [2011/07/17 10:00:59 | 000,000,000 | R--D | M] O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: winmgmt - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/03/11 10:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\My Documents\Snagit [2013/03/11 10:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\assembly [2013/03/11 10:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\TechSmith [2013/03/11 06:11:09 | 000,050,176 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe [2013/03/10 19:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\UDC Profiles [2013/03/10 19:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Snagit [2013/03/10 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\assembly [2013/03/10 19:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\TechSmith [2013/03/09 11:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinFlash [2013/03/09 11:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\My Documents\Snagit [2013/03/09 11:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\assembly [2013/03/09 11:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith [2013/03/09 11:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2013/03/09 11:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\TechSmith [2013/03/09 11:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2013/03/08 17:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\iolo [2013/03/08 09:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2013/03/07 06:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Trimble_Navigation_Limite [2013/03/07 06:38:55 | 000,000,000 | ---D | C] -- C:\Opus [2013/03/07 06:19:28 | 000,000,000 | ---D | C] -- C:\Trimble 5700 raw files [2013/03/06 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trimble [2013/03/06 22:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trimble [2013/03/06 22:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Application Data\InstallShield [2013/03/06 18:09:36 | 000,000,000 | ---D | C] -- C:\Dat to Rinex [2013/03/06 18:00:06 | 000,009,881 | ---- | C] (e-TEK Labs) -- C:\WINDOWS\System32\drivers\TRMUSB5K.SYS [2013/03/06 18:00:00 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL [2013/03/06 17:59:58 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\Roboex32.dll [2013/03/06 17:59:53 | 000,029,184 | ---- | C] (Trimble AB, Sweden) -- C:\WINDOWS\System32\drivers\TrmbTS.sys [2013/03/06 17:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Trimble [2013/03/06 14:05:35 | 000,000,000 | ---D | C] -- C:\Trimble 5700 [2013/03/01 16:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Application Data\.minecraft [2013/02/17 10:15:12 | 000,000,000 | ---D | C] -- C:\C&G Insurance [2013/02/14 15:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2013/02/14 15:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks [2013/02/14 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013/02/14 15:08:19 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2013/02/14 15:08:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2013/02/14 15:08:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2013/02/14 15:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks ========== Files - Modified Within 30 Days ========== [2013/03/11 10:52:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Online Backup Update Notifier.job [2013/03/11 10:52:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2763585B-64FB-4145-9C39-4F985C55C675}.job [2013/03/11 10:48:58 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2013/03/11 10:48:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/03/11 10:47:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1715567821-839522115-1003.job [2013/03/11 10:47:25 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/03/11 10:46:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/03/11 09:40:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FFD1D90-35BE-4EF3-AA9E-5313FBA0156E}.job [2013/03/11 09:38:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/03/11 09:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013/03/11 06:15:08 | 000,000,632 | ---- | M] () -- C:\WINDOWS\tasks\BackupC.job [2013/03/11 06:15:08 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\c-BACKUP.job [2013/03/11 06:15:08 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job [2013/03/11 06:11:27 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/03/11 06:11:14 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/03/11 06:11:06 | 000,050,176 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe [2013/03/11 06:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/03/11 00:22:22 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\SOS Online Backup [2013/03/10 19:42:01 | 004,807,427 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1003-0.dat [2013/03/10 19:42:01 | 000,415,882 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1004-0.dat [2013/03/10 19:41:57 | 002,051,728 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2013/03/10 19:41:49 | 000,415,882 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2013/03/10 19:41:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\1213back.job [2013/03/10 19:41:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1313backup.job [2013/03/10 18:57:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/03/10 16:39:50 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Convert To RINEX.lnk [2013/03/09 16:59:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Application Data\skype.ini [2013/03/09 11:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinFlash [2013/03/09 11:20:28 | 000,932,330 | ---- | M] () -- C:\3-9-2013 10-20-16 AM.tif [2013/03/09 11:19:06 | 001,608,210 | ---- | M] () -- C:\3-9-2013 10-18-58 AM.tif [2013/03/09 11:15:50 | 001,612,890 | ---- | M] () -- C:\3-9-2013 10-15-16 AM.tif [2013/03/09 11:12:28 | 000,823,642 | ---- | M] () -- C:\14390-164.tif [2013/03/09 11:04:43 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk [2013/03/09 11:04:43 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2013/03/09 11:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith [2013/03/08 09:45:40 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk [2013/03/08 09:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2013/03/07 07:49:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1715567821-839522115-1003.job [2013/03/07 06:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trimble [2013/03/06 23:13:11 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GPS Configurator.lnk [2013/03/06 22:51:27 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GPS Controller.lnk [2013/03/05 22:51:04 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/03/05 17:21:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Desktop\Microsoft Word 2010.lnk [2013/03/05 14:57:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/02/27 23:39:32 | 000,312,938 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Application Data\6bae5eb4-7ca3-407a-be0e-adf367777d75 [2013/02/27 06:11:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/02/27 06:11:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/02/26 08:51:31 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2011.lnk [2013/02/23 00:00:31 | 000,000,114 | ---- | M] () -- C:\WINDOWS\link32.INI [2013/02/19 09:37:15 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2013/02/15 04:05:50 | 000,518,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/02/15 04:05:50 | 000,092,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/02/14 16:10:04 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/14 15:09:09 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2013/02/14 15:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks [2013/02/14 15:08:19 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2013/02/14 15:08:08 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2013/02/14 15:08:08 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2013/02/14 15:08:06 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2013/02/14 09:26:45 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk [2013/02/14 07:47:35 | 000,512,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/03/11 06:11:27 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/03/11 06:11:13 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/03/10 19:42:01 | 000,415,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1004-0.dat [2013/03/09 16:33:55 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Application Data\skype.ini [2013/03/09 11:20:16 | 000,932,330 | ---- | C] () -- C:\3-9-2013 10-20-16 AM.tif [2013/03/09 11:18:58 | 001,608,210 | ---- | C] () -- C:\3-9-2013 10-18-58 AM.tif [2013/03/09 11:15:16 | 001,612,890 | ---- | C] () -- C:\3-9-2013 10-15-16 AM.tif [2013/03/09 11:11:27 | 000,823,642 | ---- | C] () -- C:\14390-164.tif [2013/03/09 11:04:43 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk [2013/03/07 06:30:51 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Convert To RINEX.lnk [2013/03/06 23:13:11 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GPS Configurator.lnk [2013/03/06 22:51:27 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GPS Controller.lnk [2013/02/27 23:39:29 | 000,312,938 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Application Data\6bae5eb4-7ca3-407a-be0e-adf367777d75 [2013/02/14 15:09:09 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2013/01/10 04:41:12 | 002,051,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/12/26 13:14:03 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat [2012/10/03 13:05:18 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\C & G Survey\missing.reg [2012/09/30 16:24:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/09/30 16:24:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/09/30 16:24:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/09/30 16:24:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/09/30 16:24:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/09/27 14:19:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2012/09/24 09:06:38 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\mbam.context.scan [2012/09/11 07:30:13 | 000,093,193 | ---- | C] () -- C:\WINDOWS\Scan to PDF Uninstaller.exe [2012/08/13 15:06:35 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\dt.dat [2012/06/12 09:05:45 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\dt.dat [2012/04/13 20:47:14 | 000,112,488 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/03/01 04:32:27 | 004,807,427 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1003-0.dat [2012/03/01 04:32:26 | 000,415,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/02/29 19:11:20 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2012/02/16 01:09:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/31 20:25:20 | 000,064,991 | ---- | C] () -- C:\Documents and Settings\Susan\Medical Form Fillable (3).pdf [2012/01/31 20:19:17 | 000,143,448 | ---- | C] () -- C:\Documents and Settings\Susan\Activity Consent Fillable boyscout form.pdf [2012/01/22 19:37:12 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\$_hpcst$.hpc [2012/01/07 16:12:06 | 000,217,347 | ---- | C] () -- C:\WINDOWS\hpwins25.dat [2012/01/07 16:12:05 | 000,000,530 | ---- | C] () -- C:\WINDOWS\hpwmdl25.dat [2012/01/07 08:36:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2012/01/02 11:25:40 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2012/01/02 11:17:55 | 000,104,172 | ---- | C] () -- C:\WINDOWS\HPFins09.dat [2012/01/02 11:17:55 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat [2011/06/24 08:58:45 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2011/06/07 14:28:40 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/21 07:08:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Susan\Application Data\$_hpcst$.hpc [2011/05/12 14:48:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/07 08:37:40 | 000,000,114 | ---- | C] () -- C:\WINDOWS\link32.INI [2011/05/06 00:01:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Application Data\$_hpcst$.hpc [2011/03/13 22:39:57 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll [2011/02/02 09:54:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2010/10/18 23:26:12 | 002,222,672 | ---- | C] () -- C:\Documents and Settings\C & G Survey\20051OFXOLD.DAT [2010/10/18 23:26:12 | 000,020,368 | ---- | C] () -- C:\Documents and Settings\C & G Survey\20051OFXLOG.DAT [2010/09/05 00:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2010/03/10 10:12:54 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe [2010/03/10 10:12:54 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe [2010/03/07 22:42:21 | 000,212,992 | R--- | C] () -- C:\WINDOWS\System32\NmUninst.exe [2010/03/07 20:54:57 | 000,000,145 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini [2010/03/01 14:23:54 | 004,542,238 | ---- | C] () -- C:\Documents and Settings\C & G Survey\WELLESLEY PERMIT 001.tif [2010/03/01 13:20:59 | 004,515,458 | ---- | C] () -- C:\Documents and Settings\C & G Survey\WELLESLEY PERMIT.tif [2010/02/27 17:47:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/02/24 13:49:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/02/20 23:19:24 | 000,000,240 | ---- | C] () -- C:\WINDOWS\wSMIxfer.INI [2010/02/14 21:15:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010/02/14 21:15:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010/02/14 21:15:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010/02/14 21:15:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010/02/14 21:15:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010/02/14 21:15:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010/02/07 16:59:24 | 000,001,515 | ---- | C] () -- C:\WINDOWS\checkip.dat [2010/02/07 12:56:20 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2010/02/07 09:42:46 | 029,782,016 | ---- | C] () -- C:\Documents and Settings\ \ [2010/02/06 23:37:02 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/06 23:14:18 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2010/02/06 13:45:37 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2010/02/06 13:45:37 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2010/02/06 13:45:37 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010/02/06 13:45:37 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2010/02/06 13:45:37 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010/02/06 13:10:08 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/02/06 13:06:07 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010/02/06 12:55:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/02/06 12:51:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/02/06 07:22:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/02/06 07:21:15 | 000,512,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/12/15 10:41:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GCL52FW.DLL [2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 08:00:00 | 000,518,290 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 08:00:00 | 000,092,658 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll [2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [1999/12/10 00:19:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BarCodeLib.dll [1997/11/10 02:12:00 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\Al21fw.dll ========== LOP Check ========== [2012/09/28 23:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG [2012/12/26 13:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2010/11/14 16:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search [2012/09/28 16:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search [2013/03/01 16:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\.minecraft [2012/05/12 19:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Autodesk [2010/04/25 10:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Avery [2012/09/25 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\AVG [2012/06/12 19:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\AVG Secure Search [2012/10/02 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\AVG2013 [2012/01/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Carlson Software [2012/05/20 06:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Chief Architect Premier X4 Trial Version [2010/10/01 10:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/01/12 12:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1 [2012/10/04 19:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\ElevatedDiagnostics [2012/05/30 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\GetRightToGo [2013/02/12 09:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Home Designer Architectural 2012 [2012/05/28 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Home Designer Pro 2012 Trial Version [2011/06/05 10:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\ICAClient [2010/02/14 21:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\InterVideo [2012/12/26 13:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\iolo [2010/03/01 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\ISIS Drivers [2010/02/08 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\NVD [2011/04/01 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\PhotoCollageMax [2011/02/11 08:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Quicken Legal Business Pro [2010/10/29 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\SoftGrid Client [2010/02/08 18:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\TP [2012/10/02 12:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\TuneUp Software [2012/03/09 23:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\UDC Profiles [2011/06/24 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\webex [2010/10/29 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Windows Desktop Search [2010/10/30 09:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Windows Search [2012/06/11 16:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG Secure Search [2013/01/11 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG2013 [2010/03/03 19:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\InterVideo [2010/04/08 22:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SoftGrid Client [2013/03/10 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\UDC Profiles [2010/12/02 17:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Desktop Search [2012/06/12 11:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search [2012/12/26 13:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo [2012/07/21 13:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG Secure Search [2012/10/05 16:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG2013 [2011/05/21 08:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\ICAClient [2013/03/08 17:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\iolo [2010/09/06 23:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\SoftGrid Client [2011/09/26 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\UDC Profiles [2010/11/04 15:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Windows Desktop Search [2011/09/22 18:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Windows Search [2012/05/12 19:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2010/04/25 10:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2012/09/25 23:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG [2012/11/08 14:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012/10/02 12:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2012/01/03 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carlson Software [2012/05/20 05:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect Premier X4 Trial Version [2011/12/26 10:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems [2010/02/08 10:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs [2010/08/03 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access [2012/06/11 16:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2012/05/30 17:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Architectural 2012 [2012/05/26 07:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Pro 2012 Trial Version [2012/12/26 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2013/03/11 08:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/05/27 08:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2011/04/01 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax [2012/01/03 20:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel [2013/03/11 00:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS Online Backup [2010/02/07 13:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2012/05/27 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11 [2012/10/12 09:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/03/09 11:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2010/02/26 04:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications [2012/04/13 20:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/02/21 13:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012/09/25 23:10:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/03/10 19:41:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\1213back.job [2013/03/10 19:41:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\1313backup.job [2013/03/11 06:15:08 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job [2013/03/11 06:15:08 | 000,000,632 | ---- | M] () -- C:\WINDOWS\Tasks\BackupC.job [2013/03/11 06:15:08 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\c-BACKUP.job [2013/03/11 10:52:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Online Backup Update Notifier.job [2013/03/11 09:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2013/03/11 00:22:22 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\SOS Online Backup [2013/03/11 10:52:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2763585B-64FB-4145-9C39-4F985C55C675}.job [2013/03/11 09:40:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2FFD1D90-35BE-4EF3-AA9E-5313FBA0156E}.job ========== Purity Check ========== ========== Custom Scans ========== < driver32 > < %SYSTEMDRIVE%\*.* > [2013/03/09 11:12:28 | 000,823,642 | ---- | M] () -- C:\14390-164.tif [2013/03/09 11:15:50 | 001,612,890 | ---- | M] () -- C:\3-9-2013 10-15-16 AM.tif [2013/03/09 11:19:06 | 001,608,210 | ---- | M] () -- C:\3-9-2013 10-18-58 AM.tif [2013/03/09 11:20:28 | 000,932,330 | ---- | M] () -- C:\3-9-2013 10-20-16 AM.tif [2012/10/02 12:08:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2006/02/28 08:00:00 | 000,047,564 | ---- | M] () -- C:\ntdetect.com [2006/02/28 08:00:00 | 000,250,032 | ---- | M] () -- C:\ntldr [2013/03/11 10:46:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2012/09/02 11:08:39 | 000,001,005 | ---- | M] () -- C:\plot.log [2011/04/07 08:31:27 | 000,823,808 | ---- | M] () -- C:\PLS Application Forms 2010-06-30.doc [2010/10/14 08:42:18 | 000,265,022 | ---- | M] () -- C:\PLS Application Forms 2010-06-30.pdf [2010/11/02 06:40:51 | 000,076,177 | ---- | M] () -- C:\PLS Application Forms 2010-06-30.zip [2011/05/10 17:51:01 | 000,832,000 | ---- | M] () -- C:\PLS Application Forms 2011-04-07-jd-supervisor.doc [2011/05/20 01:51:28 | 000,832,000 | ---- | M] () -- C:\PLS Application Forms 2011-04-07.doc [2011/04/19 08:48:41 | 000,826,880 | ---- | M] () -- C:\PLS Application Forms 2011-4-19-.doc [2011/04/23 11:31:43 | 000,835,072 | ---- | M] () -- C:\PLS Application Forms 2011-4-23-.doc [2010/11/09 19:17:23 | 000,013,063 | ---- | M] () -- C:\PLS APPLICATION.docx [2012/05/01 12:30:15 | 000,849,056 | ---- | M] (Amazon Services LLC) -- C:\Quicken_Deluxe_2012_Downloader.exe [2012/05/17 11:16:39 | 003,619,102 | ---- | M] () -- C:\Records-Request.tif [2012/01/03 20:41:12 | 000,000,582 | ---- | M] () -- C:\regsheet.txt [2012/06/18 11:11:28 | 000,461,277 | ---- | M] () -- C:\Saco Info.pdf [2011/05/25 17:52:59 | 000,435,411 | ---- | M] () -- C:\SatViewer_Manual_rev_A.pdf [2010/04/11 23:13:44 | 000,001,892 | ---- | M] () -- C:\ScituateLittleLeague-Schedule_Export(1).csv [2010/10/31 13:02:53 | 004,443,254 | ---- | M] () -- C:\Skull.tif [2011/09/12 07:09:48 | 003,623,318 | ---- | M] () -- C:\Survey_Pro_46_Recon-Nomad_Reference.pdf [2011/11/16 19:28:11 | 003,293,296 | ---- | M] () -- C:\Susan License.tif [2011/04/28 16:47:25 | 000,015,379 | ---- | M] () -- C:\TableB--Article13.pdf [2011/04/19 07:14:45 | 002,080,883 | ---- | M] () -- C:\TaxForm.pdf [2010/04/13 17:22:04 | 006,048,700 | ---- | M] () -- C:\TaxFormState2009Filed.pdf [2010/04/13 17:21:14 | 005,864,219 | ---- | M] () -- C:\TaxForm[1].pdf [2012/06/11 15:17:16 | 000,094,250 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_15.16.27_log.txt [2012/06/11 15:28:39 | 000,089,296 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_15.27.44_log.txt [2012/09/29 12:51:07 | 000,094,682 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_12.50.45_log.txt [2012/09/29 12:55:05 | 000,090,348 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_12.52.52_log.txt [2012/09/29 13:02:35 | 000,092,546 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_13.02.20_log.txt [2012/09/29 13:38:02 | 000,091,138 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_13.36.20_log.txt [2012/09/30 15:39:49 | 000,090,794 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_30.09.2012_15.39.34_log.txt [2012/05/21 16:40:00 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe [2012/06/19 07:54:06 | 000,001,123 | ---- | M] () -- C:\url.txt [2010/10/07 16:20:59 | 005,072,696 | ---- | M] () -- C:\verizon 001.tif [2010/10/07 16:21:41 | 004,756,220 | ---- | M] () -- C:\verizon 002.tif [2010/10/07 16:22:37 | 004,642,312 | ---- | M] () -- C:\verizon 003.tif [2010/10/07 16:23:11 | 003,451,004 | ---- | M] () -- C:\verizon 004.tif [2010/10/07 16:20:19 | 004,626,490 | ---- | M] () -- C:\verizon.tif [2011/07/14 20:30:40 | 002,732,459 | ---- | M] () -- C:\VERTCON.zip [2010/12/02 18:31:48 | 006,201,578 | ---- | M] () -- C:\Vespucci.tif [2012/12/27 16:47:43 | 000,262,264 | ---- | M] () -- C:\visit.911memorial.org.tif [2011/12/27 10:53:45 | 003,768,040 | ---- | M] () -- C:\w-9.tif [2011/04/27 18:21:53 | 000,045,998 | ---- | M] () -- C:\wall_cleanout.dwg [2012/01/28 23:22:55 | 000,013,307 | ---- | M] () -- C:\Washington Dc Travel Plans.docx [2010/04/29 22:49:16 | 000,041,794 | ---- | M] () -- C:\Watertown-Forest-72-Condo-4-28-10-FLOORPLAN.pdf [2009/10/14 20:50:10 | 004,592,202 | ---- | M] () -- C:\Wellesley Building Permit.tif [2011/06/07 09:46:38 | 005,111,802 | ---- | M] () -- C:\wELLESLEY cORNELL 001.tif [2011/06/07 09:41:09 | 004,673,432 | ---- | M] () -- C:\wELLESLEY cORNELL.tif [2010/11/15 09:18:01 | 000,122,266 | ---- | M] () -- C:\WESTON-SOUTH-220-11-12-2010-Layout1.pdf [2010/02/10 21:00:32 | 000,000,028 | ---- | M] () -- C:\wizard.txt [2010/12/06 09:07:43 | 000,647,928 | ---- | M] () -- C:\Workmens Comp.tif [2012/12/31 18:19:43 | 000,025,201 | ---- | M] () -- C:\Xi® MTower™ PCIe Workstation Quotation #284882.htm < MD5 for: EXPLORER.EXE > [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: SERVICES.EXE > [2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe < MD5 for: USERINIT.EXE > [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < End of report >

I have downloaded hitman pro onto usb and followed intructions. when I get removable my only choice is floppy disks even thjough I have working usb ports. I tansferred program to cd rom but it seels to bypass and start windows normally until it starts the doj screen.

Computer infected with department of justice virus cannot start in safe mode. Any suggestions? Thank you