Jump to content

DoJ virus unable to start windows xp


Recommended Posts

I have downloaded hitman pro onto usb and followed intructions. when I get removable my only choice is floppy disks even thjough I have working usb ports. I tansferred program to cd rom but it seels to bypass and start windows normally until it starts the doj screen.

Link to post
Share on other sites

OTL logfile created on: 3/11/2013 12:14:59 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 195.32 Gb Total Space | 98.41 Gb Free Space | 50.38% Space Free | Partition Type: NTFS

Drive D: | 195.31 Gb Total Space | 118.30 Gb Free Space | 60.57% Space Free | Partition Type: NTFS

Drive E: | 540.88 Gb Total Space | 537.41 Gb Free Space | 99.36% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (winmgmt)

SRV - [2013/02/27 06:11:44 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/19 09:37:15 | 000,968,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)

SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/10/22 08:51:09 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)

SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/02/06 16:41:15 | 000,085,096 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)

DRV - File not found [Kernel | System] -- -- (tdx)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2013/02/19 09:37:15 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/12/07 00:35:58 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter)

DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/05/19 20:02:30 | 000,254,256 | ---- | M] (silex technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)

DRV - [2010/01/20 17:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2010/01/20 17:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010/01/19 19:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)

DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)

DRV - [2007/04/23 21:20:00 | 000,029,184 | ---- | M] (Trimble AB, Sweden) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TrmbTS.sys -- (TrmbTS)

DRV - [2000/06/20 06:33:54 | 000,009,881 | ---- | M] (e-TEK Labs) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TRMUSB5K.SYS -- (TRMUSB5K)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 7B B5 D5 0E 43 CD 01 [binary data]

IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\C_&_G_Survey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\Susan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\C & G Survey\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 09:37:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/14 15:08:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/14 15:08:57 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/06/11 16:38:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O3 - HKU\C_&_G_Survey_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\C_&_G_Survey_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\Susan_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\Susan_ON_C\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CCPrt] C:\Program Files\Cisco Systems\Cisco Connect\CCPrt.exe (Cisco Consumer Products LLC)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [MigAutoPlay] C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe (Корпорация Майкрософт)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] File not found

O4 - HKLM..\Run: [PUStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [RunPUTasktray] File not found

O4 - HKLM..\Run: [sMessaging] C:\Program Files\SOS Online Backup\SMessaging.exe (SOS Online Backup)

O4 - HKLM..\Run: [sOSUAUI] C:\Program Files\SOS Online Backup\sosuploadagent.exe (SOS Online Backup)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKU\C_&_G_Survey_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\C_&_G_Survey_ON_C..\Run: [Apple] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll ()

O4 - HKU\Susan_ON_C..\Run: [Apple] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk = C:\Program Files\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)

O4 - Startup: C:\Documents and Settings\C & G Survey\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\C_&_G_Survey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\C_&_G_Survey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\C_&_G_Survey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Susan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://www.trimble.com/datatransfer/v155/isetupml.cab (InstallShield International Setup Player)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attewc.webex.com/client/T27L10NSP21EP5/event/ieatgpc.cab (GpcContainer Class)

O16 - DPF: {FC541648-A453-4711-9B41-41FA09271AF3} https://qbo.intuit.com/c27/v32.131/qboqbwimp7.cab (Intuit Online Payroll Exporter v7)

O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/01/07 08:36:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (.) - . [2011/07/17 10:00:59 | 000,000,000 | R--D | M]

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: winmgmt - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/03/11 10:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\My Documents\Snagit

[2013/03/11 10:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\assembly

[2013/03/11 10:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\TechSmith

[2013/03/11 06:11:09 | 000,050,176 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe

[2013/03/10 19:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\UDC Profiles

[2013/03/10 19:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Snagit

[2013/03/10 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\assembly

[2013/03/10 19:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\TechSmith

[2013/03/09 11:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinFlash

[2013/03/09 11:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\My Documents\Snagit

[2013/03/09 11:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\assembly

[2013/03/09 11:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith

[2013/03/09 11:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2013/03/09 11:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\TechSmith

[2013/03/09 11:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2013/03/08 17:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\iolo

[2013/03/08 09:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG

[2013/03/07 06:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Trimble_Navigation_Limite

[2013/03/07 06:38:55 | 000,000,000 | ---D | C] -- C:\Opus

[2013/03/07 06:19:28 | 000,000,000 | ---D | C] -- C:\Trimble 5700 raw files

[2013/03/06 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trimble

[2013/03/06 22:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trimble

[2013/03/06 22:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Application Data\InstallShield

[2013/03/06 18:09:36 | 000,000,000 | ---D | C] -- C:\Dat to Rinex

[2013/03/06 18:00:06 | 000,009,881 | ---- | C] (e-TEK Labs) -- C:\WINDOWS\System32\drivers\TRMUSB5K.SYS

[2013/03/06 18:00:00 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL

[2013/03/06 17:59:58 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\Roboex32.dll

[2013/03/06 17:59:53 | 000,029,184 | ---- | C] (Trimble AB, Sweden) -- C:\WINDOWS\System32\drivers\TrmbTS.sys

[2013/03/06 17:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Trimble

[2013/03/06 14:05:35 | 000,000,000 | ---D | C] -- C:\Trimble 5700

[2013/03/01 16:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C & G Survey\Application Data\.minecraft

[2013/02/17 10:15:12 | 000,000,000 | ---D | C] -- C:\C&G Insurance

[2013/02/14 15:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks

[2013/02/14 15:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks

[2013/02/14 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2013/02/14 15:08:19 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2013/02/14 15:08:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2013/02/14 15:08:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2013/02/14 15:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks

========== Files - Modified Within 30 Days ==========

[2013/03/11 10:52:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Online Backup Update Notifier.job

[2013/03/11 10:52:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2763585B-64FB-4145-9C39-4F985C55C675}.job

[2013/03/11 10:48:58 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2013/03/11 10:48:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/11 10:47:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1715567821-839522115-1003.job

[2013/03/11 10:47:25 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/11 10:46:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/11 09:40:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FFD1D90-35BE-4EF3-AA9E-5313FBA0156E}.job

[2013/03/11 09:38:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/11 09:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2013/03/11 06:15:08 | 000,000,632 | ---- | M] () -- C:\WINDOWS\tasks\BackupC.job

[2013/03/11 06:15:08 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\c-BACKUP.job

[2013/03/11 06:15:08 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job

[2013/03/11 06:11:27 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp

[2013/03/11 06:11:14 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg

[2013/03/11 06:11:06 | 000,050,176 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe

[2013/03/11 06:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/03/11 00:22:22 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\SOS Online Backup

[2013/03/10 19:42:01 | 004,807,427 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1003-0.dat

[2013/03/10 19:42:01 | 000,415,882 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1004-0.dat

[2013/03/10 19:41:57 | 002,051,728 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2013/03/10 19:41:49 | 000,415,882 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/03/10 19:41:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\1213back.job

[2013/03/10 19:41:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1313backup.job

[2013/03/10 18:57:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/03/10 16:39:50 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Convert To RINEX.lnk

[2013/03/09 16:59:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Application Data\skype.ini

[2013/03/09 11:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinFlash

[2013/03/09 11:20:28 | 000,932,330 | ---- | M] () -- C:\3-9-2013 10-20-16 AM.tif

[2013/03/09 11:19:06 | 001,608,210 | ---- | M] () -- C:\3-9-2013 10-18-58 AM.tif

[2013/03/09 11:15:50 | 001,612,890 | ---- | M] () -- C:\3-9-2013 10-15-16 AM.tif

[2013/03/09 11:12:28 | 000,823,642 | ---- | M] () -- C:\14390-164.tif

[2013/03/09 11:04:43 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk

[2013/03/09 11:04:43 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup

[2013/03/09 11:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith

[2013/03/08 09:45:40 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk

[2013/03/08 09:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG

[2013/03/07 07:49:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1715567821-839522115-1003.job

[2013/03/07 06:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trimble

[2013/03/06 23:13:11 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GPS Configurator.lnk

[2013/03/06 22:51:27 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GPS Controller.lnk

[2013/03/05 22:51:04 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/03/05 17:21:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Desktop\Microsoft Word 2010.lnk

[2013/03/05 14:57:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/02/27 23:39:32 | 000,312,938 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Application Data\6bae5eb4-7ca3-407a-be0e-adf367777d75

[2013/02/27 06:11:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/02/27 06:11:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/02/26 08:51:31 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2011.lnk

[2013/02/23 00:00:31 | 000,000,114 | ---- | M] () -- C:\WINDOWS\link32.INI

[2013/02/19 09:37:15 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2013/02/15 04:05:50 | 000,518,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/02/15 04:05:50 | 000,092,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/02/14 16:10:04 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/02/14 15:09:09 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

[2013/02/14 15:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks

[2013/02/14 15:08:19 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2013/02/14 15:08:08 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2013/02/14 15:08:08 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2013/02/14 15:08:06 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2013/02/14 09:26:45 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[2013/02/14 07:47:35 | 000,512,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/03/11 06:11:27 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp

[2013/03/11 06:11:13 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg

[2013/03/10 19:42:01 | 000,415,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1004-0.dat

[2013/03/09 16:33:55 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Application Data\skype.ini

[2013/03/09 11:20:16 | 000,932,330 | ---- | C] () -- C:\3-9-2013 10-20-16 AM.tif

[2013/03/09 11:18:58 | 001,608,210 | ---- | C] () -- C:\3-9-2013 10-18-58 AM.tif

[2013/03/09 11:15:16 | 001,612,890 | ---- | C] () -- C:\3-9-2013 10-15-16 AM.tif

[2013/03/09 11:11:27 | 000,823,642 | ---- | C] () -- C:\14390-164.tif

[2013/03/09 11:04:43 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk

[2013/03/07 06:30:51 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Convert To RINEX.lnk

[2013/03/06 23:13:11 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GPS Configurator.lnk

[2013/03/06 22:51:27 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GPS Controller.lnk

[2013/02/27 23:39:29 | 000,312,938 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Application Data\6bae5eb4-7ca3-407a-be0e-adf367777d75

[2013/02/14 15:09:09 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

[2013/01/10 04:41:12 | 002,051,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/12/26 13:14:03 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat

[2012/10/03 13:05:18 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\C & G Survey\missing.reg

[2012/09/30 16:24:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/09/30 16:24:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/09/30 16:24:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/09/30 16:24:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/09/30 16:24:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/09/27 14:19:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc

[2012/09/24 09:06:38 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\mbam.context.scan

[2012/09/11 07:30:13 | 000,093,193 | ---- | C] () -- C:\WINDOWS\Scan to PDF Uninstaller.exe

[2012/08/13 15:06:35 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\dt.dat

[2012/06/12 09:05:45 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\dt.dat

[2012/04/13 20:47:14 | 000,112,488 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/03/01 04:32:27 | 004,807,427 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1715567821-839522115-1003-0.dat

[2012/03/01 04:32:26 | 000,415,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/02/29 19:11:20 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

[2012/02/16 01:09:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/31 20:25:20 | 000,064,991 | ---- | C] () -- C:\Documents and Settings\Susan\Medical Form Fillable (3).pdf

[2012/01/31 20:19:17 | 000,143,448 | ---- | C] () -- C:\Documents and Settings\Susan\Activity Consent Fillable boyscout form.pdf

[2012/01/22 19:37:12 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\$_hpcst$.hpc

[2012/01/07 16:12:06 | 000,217,347 | ---- | C] () -- C:\WINDOWS\hpwins25.dat

[2012/01/07 16:12:05 | 000,000,530 | ---- | C] () -- C:\WINDOWS\hpwmdl25.dat

[2012/01/07 08:36:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2012/01/02 11:25:40 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2012/01/02 11:17:55 | 000,104,172 | ---- | C] () -- C:\WINDOWS\HPFins09.dat

[2012/01/02 11:17:55 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat

[2011/06/24 08:58:45 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2011/06/07 14:28:40 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/05/21 07:08:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Susan\Application Data\$_hpcst$.hpc

[2011/05/12 14:48:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/05/07 08:37:40 | 000,000,114 | ---- | C] () -- C:\WINDOWS\link32.INI

[2011/05/06 00:01:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Application Data\$_hpcst$.hpc

[2011/03/13 22:39:57 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll

[2011/02/02 09:54:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/10/18 23:26:12 | 002,222,672 | ---- | C] () -- C:\Documents and Settings\C & G Survey\20051OFXOLD.DAT

[2010/10/18 23:26:12 | 000,020,368 | ---- | C] () -- C:\Documents and Settings\C & G Survey\20051OFXLOG.DAT

[2010/09/05 00:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2010/03/10 10:12:54 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe

[2010/03/10 10:12:54 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe

[2010/03/07 22:42:21 | 000,212,992 | R--- | C] () -- C:\WINDOWS\System32\NmUninst.exe

[2010/03/07 20:54:57 | 000,000,145 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini

[2010/03/01 14:23:54 | 004,542,238 | ---- | C] () -- C:\Documents and Settings\C & G Survey\WELLESLEY PERMIT 001.tif

[2010/03/01 13:20:59 | 004,515,458 | ---- | C] () -- C:\Documents and Settings\C & G Survey\WELLESLEY PERMIT.tif

[2010/02/27 17:47:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/02/24 13:49:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/02/20 23:19:24 | 000,000,240 | ---- | C] () -- C:\WINDOWS\wSMIxfer.INI

[2010/02/14 21:15:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/02/14 21:15:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/02/14 21:15:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/02/14 21:15:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/02/14 21:15:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/02/14 21:15:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010/02/07 16:59:24 | 000,001,515 | ---- | C] () -- C:\WINDOWS\checkip.dat

[2010/02/07 12:56:20 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2010/02/07 09:42:46 | 029,782,016 | ---- | C] () -- C:\Documents and Settings\

\

[2010/02/06 23:37:02 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\C & G Survey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/06 23:14:18 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2010/02/06 13:45:37 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe

[2010/02/06 13:45:37 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe

[2010/02/06 13:45:37 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll

[2010/02/06 13:45:37 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys

[2010/02/06 13:45:37 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys

[2010/02/06 13:10:08 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/02/06 13:06:07 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/02/06 12:55:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/02/06 12:51:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/02/06 07:22:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/02/06 07:21:15 | 000,512,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2006/12/15 10:41:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GCL52FW.DLL

[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/28 08:00:00 | 000,518,290 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/28 08:00:00 | 000,092,658 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll

[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1999/12/10 00:19:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BarCodeLib.dll

[1997/11/10 02:12:00 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\Al21fw.dll

========== LOP Check ==========

[2012/09/28 23:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG

[2012/12/26 13:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

[2010/11/14 16:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search

[2012/09/28 16:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search

[2013/03/01 16:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\.minecraft

[2012/05/12 19:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Autodesk

[2010/04/25 10:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Avery

[2012/09/25 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\AVG

[2012/06/12 19:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\AVG Secure Search

[2012/10/02 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\AVG2013

[2012/01/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Carlson Software

[2012/05/20 06:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Chief Architect Premier X4 Trial Version

[2010/10/01 10:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/01/12 12:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1

[2012/10/04 19:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\ElevatedDiagnostics

[2012/05/30 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\GetRightToGo

[2013/02/12 09:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Home Designer Architectural 2012

[2012/05/28 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Home Designer Pro 2012 Trial Version

[2011/06/05 10:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\ICAClient

[2010/02/14 21:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\InterVideo

[2012/12/26 13:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\iolo

[2010/03/01 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\ISIS Drivers

[2010/02/08 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\NVD

[2011/04/01 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\PhotoCollageMax

[2011/02/11 08:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Quicken Legal Business Pro

[2010/10/29 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\SoftGrid Client

[2010/02/08 18:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\TP

[2012/10/02 12:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\TuneUp Software

[2012/03/09 23:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\UDC Profiles

[2011/06/24 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\webex

[2010/10/29 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Windows Desktop Search

[2010/10/30 09:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C & G Survey\Application Data\Windows Search

[2012/06/11 16:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG Secure Search

[2013/01/11 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG2013

[2010/03/03 19:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\InterVideo

[2010/04/08 22:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SoftGrid Client

[2013/03/10 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\UDC Profiles

[2010/12/02 17:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Desktop Search

[2012/06/12 11:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search

[2012/12/26 13:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo

[2012/07/21 13:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG Secure Search

[2012/10/05 16:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG2013

[2011/05/21 08:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\ICAClient

[2013/03/08 17:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\iolo

[2010/09/06 23:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\SoftGrid Client

[2011/09/26 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\UDC Profiles

[2010/11/04 15:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Windows Desktop Search

[2011/09/22 18:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Windows Search

[2012/05/12 19:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/04/25 10:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery

[2012/09/25 23:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG

[2012/11/08 14:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2012/10/02 12:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013

[2012/01/03 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carlson Software

[2012/05/20 05:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect Premier X4 Trial Version

[2011/12/26 10:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems

[2010/02/08 10:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs

[2010/08/03 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access

[2012/06/11 16:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2012/05/30 17:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Architectural 2012

[2012/05/26 07:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Pro 2012 Trial Version

[2012/12/26 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2013/03/11 08:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2012/05/27 08:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2011/04/01 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax

[2012/01/03 20:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel

[2013/03/11 00:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS Online Backup

[2010/02/07 13:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10

[2012/05/27 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

[2012/10/12 09:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2013/03/09 11:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2010/02/26 04:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications

[2012/04/13 20:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/02/21 13:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2012/09/25 23:10:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

[2013/03/10 19:41:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\1213back.job

[2013/03/10 19:41:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\1313backup.job

[2013/03/11 06:15:08 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job

[2013/03/11 06:15:08 | 000,000,632 | ---- | M] () -- C:\WINDOWS\Tasks\BackupC.job

[2013/03/11 06:15:08 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\c-BACKUP.job

[2013/03/11 10:52:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Online Backup Update Notifier.job

[2013/03/11 09:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2013/03/11 00:22:22 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\SOS Online Backup

[2013/03/11 10:52:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2763585B-64FB-4145-9C39-4F985C55C675}.job

[2013/03/11 09:40:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2FFD1D90-35BE-4EF3-AA9E-5313FBA0156E}.job

========== Purity Check ==========

========== Custom Scans ==========

< driver32 >

< %SYSTEMDRIVE%\*.* >

[2013/03/09 11:12:28 | 000,823,642 | ---- | M] () -- C:\14390-164.tif

[2013/03/09 11:15:50 | 001,612,890 | ---- | M] () -- C:\3-9-2013 10-15-16 AM.tif

[2013/03/09 11:19:06 | 001,608,210 | ---- | M] () -- C:\3-9-2013 10-18-58 AM.tif

[2013/03/09 11:20:28 | 000,932,330 | ---- | M] () -- C:\3-9-2013 10-20-16 AM.tif

[2012/10/02 12:08:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2006/02/28 08:00:00 | 000,047,564 | ---- | M] () -- C:\ntdetect.com

[2006/02/28 08:00:00 | 000,250,032 | ---- | M] () -- C:\ntldr

[2013/03/11 10:46:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2012/09/02 11:08:39 | 000,001,005 | ---- | M] () -- C:\plot.log

[2011/04/07 08:31:27 | 000,823,808 | ---- | M] () -- C:\PLS Application Forms 2010-06-30.doc

[2010/10/14 08:42:18 | 000,265,022 | ---- | M] () -- C:\PLS Application Forms 2010-06-30.pdf

[2010/11/02 06:40:51 | 000,076,177 | ---- | M] () -- C:\PLS Application Forms 2010-06-30.zip

[2011/05/10 17:51:01 | 000,832,000 | ---- | M] () -- C:\PLS Application Forms 2011-04-07-jd-supervisor.doc

[2011/05/20 01:51:28 | 000,832,000 | ---- | M] () -- C:\PLS Application Forms 2011-04-07.doc

[2011/04/19 08:48:41 | 000,826,880 | ---- | M] () -- C:\PLS Application Forms 2011-4-19-.doc

[2011/04/23 11:31:43 | 000,835,072 | ---- | M] () -- C:\PLS Application Forms 2011-4-23-.doc

[2010/11/09 19:17:23 | 000,013,063 | ---- | M] () -- C:\PLS APPLICATION.docx

[2012/05/01 12:30:15 | 000,849,056 | ---- | M] (Amazon Services LLC) -- C:\Quicken_Deluxe_2012_Downloader.exe

[2012/05/17 11:16:39 | 003,619,102 | ---- | M] () -- C:\Records-Request.tif

[2012/01/03 20:41:12 | 000,000,582 | ---- | M] () -- C:\regsheet.txt

[2012/06/18 11:11:28 | 000,461,277 | ---- | M] () -- C:\Saco Info.pdf

[2011/05/25 17:52:59 | 000,435,411 | ---- | M] () -- C:\SatViewer_Manual_rev_A.pdf

[2010/04/11 23:13:44 | 000,001,892 | ---- | M] () -- C:\ScituateLittleLeague-Schedule_Export(1).csv

[2010/10/31 13:02:53 | 004,443,254 | ---- | M] () -- C:\Skull.tif

[2011/09/12 07:09:48 | 003,623,318 | ---- | M] () -- C:\Survey_Pro_46_Recon-Nomad_Reference.pdf

[2011/11/16 19:28:11 | 003,293,296 | ---- | M] () -- C:\Susan License.tif

[2011/04/28 16:47:25 | 000,015,379 | ---- | M] () -- C:\TableB--Article13.pdf

[2011/04/19 07:14:45 | 002,080,883 | ---- | M] () -- C:\TaxForm.pdf

[2010/04/13 17:22:04 | 006,048,700 | ---- | M] () -- C:\TaxFormState2009Filed.pdf

[2010/04/13 17:21:14 | 005,864,219 | ---- | M] () -- C:\TaxForm[1].pdf

[2012/06/11 15:17:16 | 000,094,250 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_15.16.27_log.txt

[2012/06/11 15:28:39 | 000,089,296 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_15.27.44_log.txt

[2012/09/29 12:51:07 | 000,094,682 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_12.50.45_log.txt

[2012/09/29 12:55:05 | 000,090,348 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_12.52.52_log.txt

[2012/09/29 13:02:35 | 000,092,546 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_13.02.20_log.txt

[2012/09/29 13:38:02 | 000,091,138 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_29.09.2012_13.36.20_log.txt

[2012/09/30 15:39:49 | 000,090,794 | ---- | M] () -- C:\TDSSKiller.2.8.10.0_30.09.2012_15.39.34_log.txt

[2012/05/21 16:40:00 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe

[2012/06/19 07:54:06 | 000,001,123 | ---- | M] () -- C:\url.txt

[2010/10/07 16:20:59 | 005,072,696 | ---- | M] () -- C:\verizon 001.tif

[2010/10/07 16:21:41 | 004,756,220 | ---- | M] () -- C:\verizon 002.tif

[2010/10/07 16:22:37 | 004,642,312 | ---- | M] () -- C:\verizon 003.tif

[2010/10/07 16:23:11 | 003,451,004 | ---- | M] () -- C:\verizon 004.tif

[2010/10/07 16:20:19 | 004,626,490 | ---- | M] () -- C:\verizon.tif

[2011/07/14 20:30:40 | 002,732,459 | ---- | M] () -- C:\VERTCON.zip

[2010/12/02 18:31:48 | 006,201,578 | ---- | M] () -- C:\Vespucci.tif

[2012/12/27 16:47:43 | 000,262,264 | ---- | M] () -- C:\visit.911memorial.org.tif

[2011/12/27 10:53:45 | 003,768,040 | ---- | M] () -- C:\w-9.tif

[2011/04/27 18:21:53 | 000,045,998 | ---- | M] () -- C:\wall_cleanout.dwg

[2012/01/28 23:22:55 | 000,013,307 | ---- | M] () -- C:\Washington Dc Travel Plans.docx

[2010/04/29 22:49:16 | 000,041,794 | ---- | M] () -- C:\Watertown-Forest-72-Condo-4-28-10-FLOORPLAN.pdf

[2009/10/14 20:50:10 | 004,592,202 | ---- | M] () -- C:\Wellesley Building Permit.tif

[2011/06/07 09:46:38 | 005,111,802 | ---- | M] () -- C:\wELLESLEY cORNELL 001.tif

[2011/06/07 09:41:09 | 004,673,432 | ---- | M] () -- C:\wELLESLEY cORNELL.tif

[2010/11/15 09:18:01 | 000,122,266 | ---- | M] () -- C:\WESTON-SOUTH-220-11-12-2010-Layout1.pdf

[2010/02/10 21:00:32 | 000,000,028 | ---- | M] () -- C:\wizard.txt

[2010/12/06 09:07:43 | 000,647,928 | ---- | M] () -- C:\Workmens Comp.tif

[2012/12/31 18:19:43 | 000,025,201 | ---- | M] () -- C:\Xi® MTower™ PCIe Workstation Quotation #284882.htm

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SERVICES.EXE >

[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: USERINIT.EXE >

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Link to post
Share on other sites

OK, basically what we want to do is copy the text that's in BOLD into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in BOLD into notepad and save it:

:OTL

[2013/03/11 06:11:09 | 000,050,176 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O3 - HKU\C_&_G_Survey_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\C_&_G_Survey_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKU\Susan_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [MigAutoPlay] C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe (Корпорация Майкрософт)

O4 - HKLM..\Run: [RunPUTasktray] File not found

O4 - HKU\C_&_G_Survey_ON_C..\Run: [Apple] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll ()

O4 - HKU\Susan_ON_C..\Run: [Apple] C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Link to post
Share on other sites

C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_USERS\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry key HKEY_USERS\C_&_G_Survey_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.

Registry key HKEY_USERS\Susan_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MigAutoPlay deleted successfully.

File C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RunPUTasktray deleted successfully.

Registry key HKEY_USERS\C_&_G_Survey_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\OJHUSRMTG.DLL moved successfully.

Registry key HKEY_USERS\Susan_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

File C:\Documents and Settings\C & G Survey\Local Settings\Application Data\Apple Computer\Apple\ojhusrmtg.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.

File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 03112013_132513

Link to post
Share on other sites

OK, we're not done yet. This type of malware is often bundled with other nasty malware...so please do this:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

That's good...we have to check though.

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.