[nickf33]

I get redirected from sites,if i run cursor over any site underlined in forum I get an ad for a dozen different things,such as gaviscon, norton,webservice central,etc bing hijacked my home page too. Would greatly appreciate help thanks in advance OS XP Ran all malware software

Edited by nickf33, 09 February 2014 - 12:51 PM.

[Advertisements]

Hello nickf33, Welcome to the forums!
. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I need to get a look at what's going on.

OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.
Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console<---Very Important
• Click the box beside Include 64bit Scans at the top of the console. (If this is a 64-bit system)
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. the Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1.The OTL.txt log
2. the Extras.txt log

[godawgs]

Hello nickf33, Welcome to the forums!
. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I need to get a look at what's going on.

OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.
Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console<---Very Important
• Click the box beside Include 64bit Scans at the top of the console. (If this is a 64-bit system)
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. the Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1.The OTL.txt log
2. the Extras.txt log

[nickf33]

Thanks godawgs. I didn't get back sooner I thought I would get email telling there was a reply.Downloaded OTL have files on desktop await your reply.
Nickf33

Edited by nickf33, 10 February 2014 - 03:18 PM.

[nickf33]

Made mistake and attched files Deleted same.

Edited by nickf33, 10 February 2014 - 03:19 PM.

[nickf33]

after reading your post again I'm attaching logs. Hope I'm right.OTL logfile created on: 2/10/2014 2:50:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\nickf\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 42.32% Memory free
2.34 Gb Paging File | 1.74 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 105.92 Gb Free Space | 73.39% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: nickf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/10 14:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nickf\Desktop\OTL.exe
PRC - [2014/02/09 08:42:43 | 000,080,160 | ---- | M] () -- C:\Program Files\PursuePoint\bin\utilPursuePoint.exe
PRC - [2014/02/07 02:02:43 | 000,417,792 | ---- | M] (BrowserSafeguard) -- C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
PRC - [2014/02/06 12:22:44 | 000,080,160 | ---- | M] () -- C:\Program Files\PursuePoint\updatePursuePoint.exe
PRC - [2014/02/03 05:35:30 | 004,349,216 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/02/03 05:35:30 | 002,929,952 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/02/03 05:35:30 | 002,317,600 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/01/27 15:45:12 | 000,546,112 | ---- | M] () -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
PRC - [2013/12/04 14:46:36 | 000,273,000 | ---- | M] (Highlightly) -- C:\Program Files\Highlightly\Service\hlsvc.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/12/01 10:04:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/09/06 08:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/09/06 08:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/06/14 06:16:50 | 000,112,000 | ---- | M] () -- C:\Program Files\CMS Products\BounceBack Ultimate\BBLauncher.exe
PRC - [2010/06/14 06:09:18 | 000,065,536 | ---- | M] (CMS Products, Inc.) -- C:\Program Files\CMS Products\BounceBack Ultimate\BBWatcherService.exe
PRC - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/09 08:42:43 | 000,080,160 | ---- | M] () -- C:\Program Files\PursuePoint\bin\utilPursuePoint.exe
MOD - [2014/02/06 12:22:44 | 000,080,160 | ---- | M] () -- C:\Program Files\PursuePoint\updatePursuePoint.exe
MOD - [2014/01/27 15:45:12 | 000,546,112 | ---- | M] () -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
MOD - [2014/01/15 14:58:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2014/01/15 14:55:59 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2014/01/15 14:55:33 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2014/01/15 14:55:14 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2014/01/15 14:35:23 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2014/01/15 14:09:16 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2014/01/15 14:09:01 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2014/01/15 14:05:17 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2014/01/15 13:45:13 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2014/01/15 13:45:04 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2014/01/15 13:44:19 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/01/15 13:36:37 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2014/01/15 13:35:55 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/14 06:16:50 | 000,112,000 | ---- | M] () -- C:\Program Files\CMS Products\BounceBack Ultimate\BBLauncher.exe
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebdrs.dll
MOD - [2009/12/31 01:16:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXEBPMON.DLL
MOD - [2009/12/16 06:42:12 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebmicro.dll
MOD - [2009/11/09 09:06:46 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebprpr.dll
MOD - [2009/11/04 14:14:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdrui.dll
MOD - [2009/11/04 14:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll
MOD - [2009/11/04 14:14:06 | 000,236,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdr.dll
MOD - [2009/10/30 18:47:14 | 001,003,520 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebhpec.dll
MOD - [2009/05/27 13:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll
MOD - [2009/05/18 14:29:08 | 000,819,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebptpc.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebcaps.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\lxebsmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\lxebsm.dll
MOD - [2009/01/13 08:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEBoem.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2014/02/09 08:42:43 | 000,080,160 | ---- | M] () [Auto | Running] -- C:\Program Files\PursuePoint\bin\utilPursuePoint.exe -- (Util PursuePoint)
SRV - [2014/02/06 12:22:44 | 000,080,160 | ---- | M] () [Auto | Running] -- C:\Program Files\PursuePoint\updatePursuePoint.exe -- (Update PursuePoint)
SRV - [2014/02/03 05:35:30 | 002,317,600 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/01/27 15:45:12 | 000,546,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe -- (Level Quality Watcher)
SRV - [2014/01/17 21:00:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/16 15:54:04 | 000,144,384 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\SavingsBullFilter\SavingsbullFilterService.exe -- (SavingsbullFilterService)
SRV - [2013/12/04 14:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\Program Files\Highlightly\Service\hlsvc.exe -- (hlsvc)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/12/01 10:04:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/09/06 08:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/09/06 08:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2012/07/26 18:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/06/14 06:09:18 | 000,065,536 | ---- | M] (CMS Products, Inc.) [Auto | Running] -- C:\Program Files\CMS Products\BounceBack Ultimate\BBWatcherService.exe -- (BBWatcherService)
SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxebcoms.exe -- (lxeb_device)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FilterService)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2013/12/04 14:46:36 | 000,052,752 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hlnfd.sys -- (hlnfd)
DRV - [2013/11/20 11:34:24 | 000,047,488 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfilter.sys -- (netfilter)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/07 03:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...=en&client=dell
IE - HKLM\..\SearchScopes,DefaultScope = {94BDA8C2-6DB4-4C6D-A16A-E14A913BDE17}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{94BDA8C2-6DB4-4C6D-A16A-E14A913BDE17}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{62CE42E1-2090-44E6-9D42-9C1B1492EF5C}: "URL" = http://websearch.ask...4A-1FAF95C20E2E
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{94BDA8C2-6DB4-4C6D-A16A-E14A913BDE17}: "URL" = http://www.google.co...1I7GGHP_enUS474
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{CE8891D1-B6BE-496D-BF96-C4197D0D877B}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2371;https=127.0.0.1:2371;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp3tst"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7Be844e171-0702-480a-abc8-39f79c8c6126%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: 29abb661-0efc-4f64-8a89-b11430d434c4%409678608e-dc95-42b0-8db0-4ce126239776.com:0.93.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.80.43


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014/02/08 19:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/17 21:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/22 10:13:10 | 000,000,000 | ---D | M]

[2014/01/15 08:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Extensions
[2014/01/15 08:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Extensions\[email protected]
[2014/02/10 09:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions
[2014/01/15 08:59:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2014/02/08 19:51:18 | 000,000,000 | ---D | M] ("Plus-HD-7.7") -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com
[2014/01/15 08:59:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\[email protected]
[2014/02/09 13:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData
[2014/02/08 19:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\plugins
[2014/02/09 13:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\userCode
[2012/12/09 21:45:01 | 000,149,045 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\[email protected]
[2014/01/15 13:34:00 | 000,204,344 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\[email protected]
[2014/01/15 13:21:31 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/02/06 12:22:44 | 000,010,139 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{e844e171-0702-480a-abc8-39f79c8c6126}.xpi
[2012/03/21 08:28:59 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\askcom.xml
[2014/02/10 14:26:42 | 000,000,975 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\conduit-search.xml
[2014/02/08 19:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/08 19:50:51 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2014/01/17 20:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/17 21:01:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/09 16:57:37 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/07 01:09:57 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/13 11:52:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/16 12:51:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage:
CHR - Extension: YouTube = C:\Documents and Settings\nickf\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKU\S-1-5-19..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-20..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Products\BounceBack Ultimate\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\nickf\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D2F826C-E7FE-496B-8BA5-CA5C52A61107}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (c:\program files\google\google desktop search\googledesktopnetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\nickf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nickf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/01/15 08:37:18 | 000,002,264 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\Shell - "" = AutoRun
O33 - MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/10 14:18:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nickf\Desktop\OTL.exe
[2014/02/10 14:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard
[2014/02/10 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Browsersafeguard
[2014/02/10 09:27:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\IECompatCache
[2014/02/10 09:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\QuickScan
[2014/02/09 07:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/09 07:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/09 07:43:30 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/09 07:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/09 07:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\PursuePoint
[2014/02/09 07:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/02/09 07:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\SearchProtect
[2014/02/09 07:36:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Music
[2014/02/09 02:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller
[2014/02/08 19:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/02/08 19:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBullFilter
[2014/02/08 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/08 18:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/04 11:45:27 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/02/04 09:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\AviraResume
[2014/01/18 15:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\1099 for 2013
[2014/01/18 12:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Help
[2014/01/18 12:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Help
[2014/01/17 20:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/01/17 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\birdman
[2014/01/15 12:59:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/15 12:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2014/01/15 12:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2014/01/15 12:05:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2014/01/15 12:05:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/01/15 12:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDM
[2014/01/15 12:05:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2014/01/15 12:04:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2014/01/15 12:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 12:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2014/01/15 12:04:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2014/01/15 12:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2014/01/15 12:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2014/01/15 12:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/01/15 12:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2014/01/15 12:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2014/01/15 12:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2014/01/15 12:03:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2014/01/15 12:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2014/01/15 12:03:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2014/01/15 12:03:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2014/01/15 12:03:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/01/15 12:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2014/01/15 12:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2014/01/15 12:03:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2014/01/15 12:03:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2014/01/15 12:03:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2014/01/15 12:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2014/01/15 12:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2014/01/15 12:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2014/01/15 12:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2014/01/15 12:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2014/01/15 12:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2014/01/15 12:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2014/01/15 12:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2014/01/15 12:02:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2014/01/15 12:01:26 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2014/01/15 12:01:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dla
[2014/01/15 12:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2014/01/15 12:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2014/01/15 12:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2014/01/15 12:00:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2014/01/15 12:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2014/01/15 11:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2014/01/15 11:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2014/01/15 11:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2014/01/15 11:55:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2014/01/15 11:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/01/15 11:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2014/01/15 11:43:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2014/01/15 11:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2014/01/15 11:43:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2014/01/15 11:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2014/01/15 11:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2014/01/15 11:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2014/01/15 11:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2014/01/15 11:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/01/15 11:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2014/01/15 11:42:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2014/01/15 11:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2014/01/15 11:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2014/01/15 11:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2014/01/15 11:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2014/01/15 11:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2014/01/15 11:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2014/01/15 11:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014/01/15 11:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2014/01/15 11:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2014/01/15 11:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2014/01/15 11:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2014/01/15 11:37:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2014/01/15 11:36:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2014/01/15 11:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2014/01/15 11:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/01/15 11:33:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/01/15 11:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2014/01/15 11:32:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2014/01/15 11:32:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\FECFile
[2014/01/15 11:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2014/01/15 11:12:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2014/01/15 11:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2014/01/15 11:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014/01/15 11:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2014/01/15 11:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2014/01/15 11:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2014/01/15 11:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2014/01/15 11:07:47 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/01/15 11:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2014/01/15 11:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2014/01/15 10:56:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2014/01/15 10:51:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/01/15 10:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2014/01/15 10:51:12 | 000,000,000 | ---D | C] -- C:\Temp
[2014/01/15 10:51:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/15 10:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar
[2014/01/15 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2014/01/15 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2014/01/15 10:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\WordPerfect Office 12
[2014/01/15 10:49:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2014/01/15 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free
[2014/01/15 10:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2014/01/15 10:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2014/01/15 10:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2014/01/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2014/01/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2014/01/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/01/15 10:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\WebCyberCoach
[2014/01/15 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/15 10:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2014/01/15 10:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VERIZONDM
[2014/01/15 10:48:34 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2014/01/15 10:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2014/01/15 10:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/01/15 10:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2014/01/15 10:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2014/01/15 10:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2014/01/15 10:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/15 10:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Photo Recovery
[2014/01/15 10:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2014/01/15 10:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/01/15 10:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\SideSlide
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Shield
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\RGB
[2014/01/15 10:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/01/15 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/01/15 10:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/01/15 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/01/15 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2014/01/15 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2014/01/15 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2014/01/15 10:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetZeroInstallers
[2014/01/15 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2014/01/15 10:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2014/01/15 10:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/01/15 10:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2014/01/15 10:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2014/01/15 10:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2014/01/15 10:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/01/15 10:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/01/15 10:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2014/01/15 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Helper
[2014/01/15 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/01/15 10:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2001
[2014/01/15 10:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2014/01/15 10:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/15 10:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2014/01/15 10:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2014/01/15 10:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It! 2002
[2014/01/15 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/01/15 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2014/01/15 10:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2014/01/15 10:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2014/01/15 10:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2014/01/15 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2014/01/15 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/01/15 10:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/15 10:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2014/01/15 10:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/01/15 10:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2014/01/15 10:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2014/01/15 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2014/01/15 10:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2014/01/15 10:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2014/01/15 10:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/01/15 10:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/15 10:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/15 10:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2014/01/15 10:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/01/15 10:32:29 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2014/01/15 10:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2014/01/15 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/01/15 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\GoogleAFE
[2014/01/15 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/15 10:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gmail Notifier
[2014/01/15 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\GemMaster
[2014/01/15 10:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2014/01/15 10:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2014/01/15 10:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2014/01/15 10:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\FoneSync
[2014/01/15 10:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\FEC Applications
[2014/01/15 10:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\eSupport.com
[2014/01/15 10:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2014/01/15 10:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\EarthLink Setup
[2014/01/15 10:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2014/01/15 10:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2014/01/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2014/01/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2014/01/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2014/01/15 10:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support
[2014/01/15 10:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2014/01/15 10:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2014/01/15 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2014/01/15 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/01/15 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2014/01/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/01/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TiVo Shared
[2014/01/15 10:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2014/01/15 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2014/01/15 10:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2014/01/15 10:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2014/01/15 10:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2014/01/15 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2014/01/15 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2014/01/15 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2014/01/15 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2014/01/15 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2014/01/15 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2014/01/15 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2014/01/15 10:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2014/01/15 10:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2014/01/15 10:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2014/01/15 10:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/01/15 10:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2014/01/15 10:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2014/01/15 10:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2014/01/15 10:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2014/01/15 10:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/01/15 10:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2014/01/15 10:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2014/01/15 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2014/01/15 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/01/15 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\CMS Products
[2014/01/15 10:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2014/01/15 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/15 10:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2014/01/15 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/15 10:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2014/01/15 10:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/01/15 10:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2014/01/15 10:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2014/01/15 10:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2014/01/15 10:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2014/01/15 10:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014/01/15 10:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/01/15 10:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2014/01/15 10:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2014/01/15 10:21:17 | 000,000,000 | ---D | C] -- C:\Program Files
[2014/01/15 10:21:17 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2014/01/15 10:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2014/01/15 10:21:12 | 000,000,000 | ---D | C] -- C:\Netscape
[2014/01/15 10:21:12 | 000,000,000 | ---D | C] -- C:\My Music
[2014/01/15 10:19:52 | 000,000,000 | ---D | C] -- C:\i386
[2014/01/15 10:19:52 | 000,000,000 | ---D | C] -- C:\eyeglass forms
[2014/01/15 10:19:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Startup
[2014/01/15 10:19:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\UserData
[2014/01/15 10:19:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\Templates
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\WINDOWS
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\TomTom
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\SpeedyPC Software
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Revo Uninstaller
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\drivers
[2014/01/15 10:19:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Administrative Tools
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\ImgBurn
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\HiJackThis
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\FormatFactory
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\DVD Decrypter
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Dell Accessories
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Dell
[2014/01/15 10:19:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nickf\SendTo
[2014/01/15 10:19:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu
[2014/01/15 10:19:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Accessories
[2014/01/15 10:19:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nickf\Recent
[2014/01/15 10:19:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\PrivacIE
[2014/01/15 10:19:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\PrintHood
[2014/01/15 10:19:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\NetHood
[2014/01/15 10:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\nick
[2014/01/15 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\xmass card
[2014/01/15 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Downloads
[2014/01/15 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\W2 2008
[2014/01/15 10:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\vetrone records
[2014/01/15 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\verizon bills
[2014/01/15 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\vanguard
[2014/01/15 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\urology reports
[2014/01/15 10:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\TomTom
[2014/01/15 10:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\time warner
[2014/01/15 10:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\star program
[2014/01/15 10:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\ST. Francis
[2014/01/15 10:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\soc.sec
[2014/01/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\sm. ln. taxes
[2014/01/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\shoulder mri
[2014/01/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\scwa
[2014/01/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\rome pics
[2014/01/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Reflect
[2014/01/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\recipies
[2014/01/15 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\recipes
[2014/01/15 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\receipts
[2014/01/15 10:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\rebates refunds
[2014/01/15 10:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\prescriptions
[2014/01/15 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\PhoneTools
[2014/01/15 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\pension
[2014/01/15 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\pathmark drugs
[2014/01/15 10:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\orology reports
[2014/01/15 10:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\old docs
[2014/01/15 10:16:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Videos
[2014/01/15 10:16:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Pictures
[2014/01/15 10:16:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nickf\My Documents\My DVDs
[2014/01/15 10:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\My Kindle Content
[2014/01/15 10:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\My eBooks
[2014/01/15 10:15:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Documents
[2014/01/15 10:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\My Digital Editions
[2014/01/15 10:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\mortgage
[2014/01/15 10:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\medicare reimbursement
[2014/01/15 10:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\medicare claims
[2014/01/15 10:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\medicare
[2014/01/15 10:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\macy
[2014/01/15 10:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\lipa
[2014/01/15 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\k
[2014/01/15 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\joe
[2014/01/15 10:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Irene
[2014/01/15 10:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\invoices
[2014/01/15 10:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house pics
[2014/01/15 10:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house on8-19-2012
[2014/01/15 10:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house 2011
[2014/01/15 10:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\graves
[2014/01/15 10:13:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nickf\My Documents\Google Drive
[2014/01/15 10:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\FFOutput
[2014/01/15 10:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\eyeglass forms
[2014/01/15 10:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\ellis island
[2014/01/15 10:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\dvd
[2014/01/15 10:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Downloads
[2014/01/15 10:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\doctors#s
[2014/01/15 10:02:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\dept store receipts
[2014/01/15 10:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Cyberlink
[2014/01/15 10:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\coop maint
[2014/01/15 10:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\contacts
[2014/01/15 10:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\CCWin
[2014/01/15 10:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\blood work
[2014/01/15 10:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\bern cemataries
[2014/01/15 10:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\auto reg& rerpairsdriver safety
[2014/01/15 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\auto reg& rerpairs
[2014/01/15 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\auto reg
[2014/01/15 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\attic wiring
[2014/01/15 10:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\allstate claim docs
[2014/01/15 10:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\all tax refunds
[2014/01/15 10:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\1099 2012
[2014/01/15 10:01:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents
[2014/01/15 09:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\WMTools Downloaded Files
[2014/01/15 09:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Wisdom-soft
[2014/01/15 09:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2014/01/15 09:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\TomTom
[2014/01/15 09:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Temp
[2014/01/15 09:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\SupportSoft
[2014/01/15 09:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Sun
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Solid State Networks
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\PowerDVD
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\PC_Drivers_Headquarters
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\PackageAware
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Musicmatch
[2014/01/15 09:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Mozilla
[2014/01/15 09:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Microsoft
[2014/01/15 09:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\MagicSoftware
[2014/01/15 09:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\LogMeIn Rescue Applet
[2014/01/15 09:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Logitech® Webcam Software
[2014/01/15 09:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\LogiShrd
[2014/01/15 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Identities
[2014/01/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Google
[2014/01/15 09:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\FreeEditorEditTemp
[2014/01/15 09:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\FixItCenter
[2014/01/15 09:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Evernote
[2014/01/15 09:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Downloaded Installations
[2014/01/15 09:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Corel Photo Album
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Citrix
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\BVRP Software
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\AskToolbar
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\ashampoo
[2014/01/15 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\ArcSoft
[2014/01/15 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\ApplicationHistory
[2014/01/15 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Apple Computer
[2014/01/15 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Apple
[2014/01/15 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Adobe_Systems_Incorporate
[2014/01/15 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Adobe
[2014/01/15 09:28:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Favorites
[2014/01/15 09:28:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\IETldCache
[2014/01/15 09:28:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\Local Settings
[2014/01/15 09:28:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\xmass list
[2014/01/15 09:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\unused
[2014/01/15 09:19:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\smith lane
[2014/01/15 09:19:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\screen shots
[2014/01/15 09:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house under const
[2014/01/15 09:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\My Music
[2014/01/15 09:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\LI rooms
[2014/01/15 09:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house finished
[2014/01/15 09:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\home depot
[2014/01/15 09:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\ginestris
[2014/01/15 09:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\downloads
[2014/01/15 08:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Desktop
[2014/01/15 08:59:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\Cookies
[2014/01/15 08:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\YTD
[2014/01/15 08:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\wtxpcom
[2014/01/15 08:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\VSRevoGroup
[2014/01/15 08:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\U3
[2014/01/15 08:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\TomTom
[2014/01/15 08:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\SUPERAntiSpyware.com
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Sun
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\SpeedyPC Software
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Sonic
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Softland
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\SideSlide
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Search Settings
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Real
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Pro200-S500 Series
[2014/01/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Mozilla
[2014/01/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Microsoft Web Folders
[2014/01/15 08:59:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nickf\Application Data\Microsoft
[2014/01/15 08:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Malwarebytes
[2014/01/15 08:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\Application Data\Gtek
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Macromedia
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Logitech
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Leadertech
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\InfraRecorder
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Identities
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\HandBrake
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Google
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Gmail Notifier
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\FreeTorrentViewer
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\FreeBurner
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\FixCleaner
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\ElevatedDiagnostics
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\DVD Flick
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\DriverCure
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Digiarty
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\CyberLink
[2014/01/15 08:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Corel Photo Album
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Corel
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Canneverbe_Limited
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Avery
[2014/01/15 08:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Auslogics
[2014/01/15 08:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Audacity
[2014/01/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Ashampoo
[2014/01/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\ArcSoft
[2014/01/15 08:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Apple Computer
[2014/01/15 08:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\AdobeUM
[2014/01/15 08:57:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nickf\Application Data
[2014/01/15 08:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Adobe
[2014/01/15 08:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\.gimp-2.4
[2014/01/15 08:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2014/01/15 08:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2014/01/15 08:57:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2014/01/15 08:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2014/01/15 08:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2014/01/15 08:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2014/01/15 08:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2014/01/15 08:57:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2014/01/15 08:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2014/01/15 08:57:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YTD Video Downloader
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 12
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2014/01/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TomTom
[2014/01/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/01/15 08:57:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2014/01/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2014/01/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2014/01/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2014/01/15 08:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2014/01/15 08:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2014/01/15 08:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Helper
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Clip Gallery
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic DVD Ripper
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InfraRecorder
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2014/01/15 08:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Easy Burner
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FoneSync
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FEC Applications
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Flick
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Free
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BounceBack Ultimate
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2014/01/15 08:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2014/01/15 08:57:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2014/01/15 08:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2014/01/15 08:57:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2014/01/15 08:57:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2014/01/15 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2014/01/15 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Lexmark Pro200-S500 Series
[2014/01/15 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2014/01/15 08:57:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2014/01/15 08:57:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2014/01/15 08:56:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2014/01/15 08:56:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2014/01/15 08:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2014/01/15 08:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FreeBurner
[2014/01/15 08:55:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2014/01/15 08:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/01/15 08:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2014/01/15 08:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2014/01/15 08:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2014/01/15 08:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2014/01/15 08:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/01/15 08:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2014/01/15 08:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/15 08:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/01/15 08:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2014/01/15 08:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pro200-S500 Series
[2014/01/15 08:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/01/15 08:53:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2014/01/15 08:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2014/01/15 08:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/15 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/15 08:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2014/01/15 08:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2014/01/15 08:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2014/01/15 08:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2014/01/15 08:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2014/01/15 08:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GTek
[2014/01/15 08:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2014/01/15 08:53:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/15 08:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FEC Applications
[2014/01/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avery
[2014/01/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2014/01/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2014/01/15 08:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2014/01/15 08:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2014/01/15 08:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2014/01/15 08:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/01/15 08:51:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2014/01/15 08:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/15 08:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2014/01/15 08:50:54 | 000,000,000 | ---D | C] -- C:\dell
[2014/01/15 08:50:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/15 08:50:47 | 000,000,000 | ---D | C] -- C:\0fb4697b95ef05c99a0d47c5d8a32207
[2014/01/15 08:46:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/15 08:43:30 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2014/01/15 08:43:30 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2014/01/15 08:42:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/15 08:42:05 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/01/15 08:42:04 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/15 08:39:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/10 14:51:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2014/02/10 14:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/10 14:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nickf\Desktop\OTL.exe
[2014/02/10 14:04:38 | 000,000,734 | ---- | M] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job
[2014/02/10 13:52:00 | 000,001,496 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-updater.job
[2014/02/10 13:51:00 | 000,001,452 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-codedownloader.job
[2014/02/10 13:51:00 | 000,001,350 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-enabler.job
[2014/02/10 13:50:01 | 000,002,380 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-validator.job
[2014/02/10 13:50:00 | 000,002,302 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-firefoxinstaller.job
[2014/02/10 12:47:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2014/02/10 08:42:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/10 04:22:59 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2014/02/09 18:00:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2014/02/09 07:44:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/09 07:43:37 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/09 07:37:08 | 000,000,000 | ---- | M] () -- C:\END
[2014/02/09 02:14:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/02/08 21:23:33 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2014/02/08 21:22:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4230650497-4285135782-2684026053-1005.job
[2014/02/08 21:21:36 | 1331,843,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/08 14:39:25 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\nickf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/08 02:49:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2014/02/07 12:30:15 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\CMS Application Updater.job
[2014/02/06 14:09:05 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\burnaware.ini
[2014/02/05 19:14:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4230650497-4285135782-2684026053-1005.job
[2014/02/05 18:02:35 | 204,871,922 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\3 hours of Deep Sleep Frequency 528 Hz the MIRACLE frequency-Relaxing Music-Ocean Sounds-Meditation.mp3
[2014/02/05 09:58:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/02/05 09:58:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/02/04 16:35:21 | 000,963,272 | ---- | M] () -- C:\Documents and Settings\nickf\My Documents\coop tax sheet.JPG
[2014/02/04 11:57:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/04 11:45:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/04 11:41:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/04 10:00:00 | 000,504,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/04 10:00:00 | 000,089,022 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/03 18:13:47 | 000,249,333 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\address book 030702.WAB
[2014/01/25 14:19:08 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\Microsoft Word.lnk
[2014/01/23 15:07:58 | 002,822,882 | ---- | M] () -- C:\Documents and Settings\nickf\My Documents\ibew drug form.JPG
[2014/01/22 10:15:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/01/22 10:15:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014/01/15 16:52:49 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\Freecell.lnk
[2014/01/15 16:52:49 | 000,001,483 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\Solitaire.lnk
[2014/01/15 13:51:53 | 000,419,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/15 13:35:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/01/15 12:08:58 | 000,000,415 | RHS- | M] () -- C:\boot.ini
[2014/01/15 12:05:28 | 000,000,863 | ---- | M] () -- C:\System Backup - 20120309102027-5625.BB
[2014/01/15 08:37:18 | 000,002,264 | ---- | M] () -- C:\autorun.PNF
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/10 14:04:38 | 000,000,734 | ---- | C] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job
[2014/02/09 07:43:59 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/09 07:43:37 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/09 07:43:37 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/09 07:37:08 | 000,000,000 | ---- | C] () -- C:\END
[2014/02/08 19:52:01 | 000,001,496 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-7.7-updater.job
[2014/02/08 19:51:57 | 000,001,350 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-7.7-enabler.job
[2014/02/08 19:51:53 | 000,001,452 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-7.7-codedownloader.job
[2014/02/08 19:50:43 | 000,002,302 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-7.7-firefoxinstaller.job
[2014/02/08 19:50:23 | 000,002,380 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-7.7-validator.job
[2014/02/05 17:46:47 | 204,871,922 | ---- | C] () -- C:\Documents and Settings\nickf\Desktop\3 hours of Deep Sleep Frequency 528 Hz the MIRACLE frequency-Relaxing Music-Ocean Sounds-Meditation.mp3
[2014/02/04 16:35:21 | 000,963,272 | ---- | C] () -- C:\Documents and Settings\nickf\My Documents\coop tax sheet.JPG
[2014/02/04 11:57:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/04 10:05:30 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/02/04 10:05:30 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/01/23 15:07:58 | 002,822,882 | ---- | C] () -- C:\Documents and Settings\nickf\My Documents\ibew drug form.JPG
[2014/01/15 13:44:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/15 12:40:54 | 1331,843,072 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/15 08:48:13 | 000,000,415 | RHS- | C] () -- C:\boot.ini
[2014/01/15 08:48:13 | 000,000,209 | RHS- | C] () -- C:\boot.cms
[2014/01/15 08:37:18 | 000,002,264 | ---- | C] () -- C:\autorun.PNF
[2013/02/22 20:59:16 | 001,198,281 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/02/22 20:59:16 | 000,082,969 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/11/06 08:23:23 | 000,672,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/28 11:13:57 | 000,088,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/21 19:06:26 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/09/18 12:49:03 | 000,102,248 | ---- | C] () -- C:\Documents and Settings\nickf\GoToAssistDownloadHelper.exe
[2012/09/15 15:21:08 | 000,000,255 | ---- | C] () -- C:\WINDOWS\FECLoad.ini
[2012/06/16 15:27:35 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\FixVTS.ini
[2012/05/10 08:48:37 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/04/14 18:03:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2012/04/13 21:35:27 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\burnaware.ini
[2012/04/11 08:37:14 | 000,704,512 | ---- | C] () -- C:\WINDOWS\is-V7K68.exe
[2012/03/20 20:37:58 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\nickf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/20 19:07:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\nickf\Local Settings\Application Data\fusioncache.dat
[2012/03/09 09:43:40 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2012/03/08 20:19:34 | 000,685,056 | ---- | C] () -- C:\WINDOWS\is-0L4GL.exe
[2012/03/08 15:14:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEBPMON.DLL
[2012/03/08 15:14:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEBFXPU.DLL
[2012/03/08 15:14:04 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEBoem.dll
[2012/03/08 13:53:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/08 08:57:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/07 11:17:42 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/03/07 11:17:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5462B5B44E.sys
[2012/03/07 07:55:36 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2012/03/07 07:55:23 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2012/03/07 07:55:22 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2012/03/07 07:55:22 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2012/03/07 07:55:22 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhcp.dll
[2012/03/07 07:55:22 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2012/03/07 07:55:21 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2012/03/07 07:55:21 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2012/03/07 07:55:21 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2012/03/07 07:55:20 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2012/03/07 07:55:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2012/03/07 07:55:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2012/03/07 07:55:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2012/03/07 07:55:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2012/03/07 07:55:19 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2012/03/07 07:55:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2012/03/07 07:55:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2012/03/07 07:55:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2012/03/07 07:55:18 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2012/03/07 07:55:18 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2012/03/07 07:55:18 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[2012/03/07 07:55:18 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2012/03/07 07:55:18 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2012/03/07 07:53:56 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\lxebsm.dll
[2012/03/07 07:53:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lxebsmr.dll
[2012/03/07 01:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\PFP120JPR.{PB
[2012/03/07 01:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\PFP120JCM.{PB
[2012/03/07 00:05:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 03:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/15 08:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/15 08:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2014/01/15 08:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2014/01/15 08:53:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/15 08:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FEC Applications
[2014/01/15 08:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2014/01/15 08:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2014/01/15 08:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro200-S500 Series
[2014/01/15 08:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2014/01/15 08:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/02/08 20:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/15 08:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2014/02/08 19:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2014/02/08 19:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2014/01/15 08:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2014/01/15 08:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Ashampoo
[2014/01/15 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Audacity
[2014/01/15 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Auslogics
[2014/01/15 08:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Avery
[2014/01/15 08:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Canneverbe_Limited
[2014/01/15 08:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Digiarty
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\DriverCure
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\ElevatedDiagnostics
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\FixCleaner
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\FreeBurner
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\FreeTorrentViewer
[2014/01/15 08:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Gmail Notifier
[2014/01/15 08:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\HandBrake
[2014/01/15 08:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\InfraRecorder
[2014/01/15 08:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Leadertech
[2014/01/15 08:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Pro200-S500 Series
[2014/02/10 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\QuickScan
[2014/01/15 08:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Search Settings
[2014/01/15 08:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\SideSlide
[2014/01/15 08:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Softland
[2014/01/15 08:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\SpeedyPC Software
[2014/01/15 08:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\TomTom
[2014/01/15 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\VSRevoGroup
[2014/01/15 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\wtxpcom
[2014/01/15 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\YTD

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

[godawgs]

I'm sorry but you didn't run the OTL scan as instructed. You didn't include the script in the Custom Scans/Fixes box before running the scan.
I will re-do the scan settings so that OTL will produce a very small log with just the script entries.

Also, when you ran OTL the first time it produced an Extras.txt log. Please post that with the next OTL.txt log.


OTL Custom Scan

NOTE: I have changed the settings on the OTL console so please read them carefully.

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• XP users: Double click on the OTL icon.

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the greyed out None button at the top of the console<---Very Imporant
• Click the box beside Scan All Users at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log

[nickf33]

godawgs, Did I do it right?

[nickf33]

OTL Extras logfile created on: 2/10/2014 2:28:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\nickf\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 28.56% Memory free
2.34 Gb Paging File | 1.54 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 105.97 Gb Free Space | 73.43% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: nickf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6DFF9444-9007-466A-9783-6E7D6749C97B}" = Verizon Download Manager
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{813BA625-B0FA-48D8-9B75-59759C88C219}" = SavingsBullFilter
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{92125850-CE9E-405F-8DC7-774DC36AE76C}_is1" = Verizon Activation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1A4E0D6-46C4-4074-9886-DF4C8FADA1DD}" = BounceBack Ultimate
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C769A271-7E1C-48F9-B331-474600DD4C01}" = Microsoft Picture It! Publishing Platinum 2002
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Browsersafeguard" = BrowserSafeguard with RocketTab
"BurnAware Free_is1" = BurnAware Free 4.8
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406
"FECFile" = FECFile
"FoneSync" = FoneSync
"FormatFactory" = FormatFactory 2.90
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Google Desktop" = Google Desktop
"Highlightly" = Highlightly
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn (Remove Only)
"InfraRecorder" = InfraRecorder
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Standard)
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Logitech Vid" = Logitech Vid HD
"Magic DVD Ripper_is1" = Magic DVD Ripper V6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"PursuePoint" = PursuePoint
"QuickTime" = QuickTime
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.94
"SearchProtect" = Search Protect
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SpywareGuard_is1" = SpywareGuard v2.2
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2014 7:19:14 PM | Computer Name = NICK | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 2/8/2014 8:25:52 PM | Computer Name = NICK | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/8/2014 8:25:53 PM | Computer Name = NICK | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 2/8/2014 8:48:57 PM | Computer Name = NICK | Source = SavingsbullFilterService | ID = 7000
Description =

Error - 2/8/2014 9:41:00 PM | Computer Name = NICK | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/8/2014 9:41:00 PM | Computer Name = NICK | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 2/8/2014 10:23:32 PM | Computer Name = NICK | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x801901F7

Error - 2/8/2014 10:23:32 PM | Computer Name = NICK | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 2/9/2014 3:07:09 AM | Computer Name = NICK | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.10201.0, P3 1.165.3645.0, P4 1.165.3645.0, P5 unknown, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 2/9/2014 8:43:58 AM | Computer Name = NICK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
4.4.304.0, P5 1.1.10201.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 2/8/2014 8:25:44 PM | Computer Name = NICK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/8/2014 8:25:44 PM | Computer Name = NICK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CMS Products\BounceBack
Ultimate\Microsoft.VC80.MFC\MFC80U.DLL. Reference error message: The operation completed
successfully. .

Error - 2/8/2014 9:40:52 PM | Computer Name = NICK | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/8/2014 9:40:52 PM | Computer Name = NICK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/8/2014 9:40:52 PM | Computer Name = NICK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CMS Products\BounceBack
Ultimate\Microsoft.VC80.MFC\MFC80U.DLL. Reference error message: The operation completed
successfully. .

Error - 2/8/2014 10:23:23 PM | Computer Name = NICK | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/8/2014 10:23:23 PM | Computer Name = NICK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/8/2014 10:23:23 PM | Computer Name = NICK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CMS Products\BounceBack
Ultimate\Microsoft.VC80.MFC\MFC80U.DLL. Reference error message: The operation completed
successfully. .

Error - 2/9/2014 8:43:54 AM | Computer Name = NICK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 2/9/2014 8:43:54 AM | Computer Name = NICK | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053


< End of report >

[godawgs]

Hello,

godawgs, Did I do it right?

Well, you got it half right. That's ok. Let's start with what we have and I'll figure out another way to get what I need.
This machine is pretty infected. There is quite a lot to do her so take your time. Read each instruction carefully before performing it. It miagt be helpful to print these instructions out or save them to a text file before begining so you will have them to refer to when completing each step. It might also be helpful to download any new tools needed all at the same time. then close the browser and any open windows before starting the cleaning instructions.
As always, if you don't understand something, stop and ask me.

I havea question before we start. Is Verizon, EarthLink or AOL your internet service provider?


Step-1.

Uninstall out of date and Malicious programs

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Java 2 Runtime Environment, SE v1.4.2_03
SavingsBullFilter
1ClickDownloader
BrowserSafeguard with RocketTab
Highlightly
PursuePoint
Viewpoint Media Player

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/02/09 08:42:43 | 000,080,160 | ---- | M] () -- C:\Program Files\PursuePoint\bin\utilPursuePoint.exe
PRC - [2014/02/07 02:02:43 | 000,417,792 | ---- | M] (BrowserSafeguard) -- C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
PRC - [2014/02/06 12:22:44 | 000,080,160 | ---- | M] () -- C:\Program Files\PursuePoint\updatePursuePoint.exe
PRC - [2014/02/03 05:35:30 | 004,349,216 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/02/03 05:35:30 | 002,929,952 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/02/03 05:35:30 | 002,317,600 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/01/27 15:45:12 | 000,546,112 | ---- | M] () -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
PRC - [2013/12/04 14:46:36 | 000,273,000 | ---- | M] (Highlightly) -- C:\Program Files\Highlightly\Service\hlsvc.exe
SRV - [2014/02/09 08:42:43 | 000,080,160 | ---- | M] () [Auto | Running] -- C:\Program Files\PursuePoint\bin\utilPursuePoint.exe -- (Util PursuePoint)
SRV - [2014/02/06 12:22:44 | 000,080,160 | ---- | M] () [Auto | Running] -- C:\Program Files\PursuePoint\updatePursuePoint.exe -- (Update PursuePoint)
SRV - [2014/02/03 05:35:30 | 002,317,600 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/01/27 15:45:12 | 000,546,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe -- (Level Quality Watcher)
SRV - [2014/01/16 15:54:04 | 000,144,384 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\SavingsBullFilter\SavingsbullFilterService.exe -- (SavingsbullFilterService)
SRV - [2013/12/04 14:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\Program Files\Highlightly\Service\hlsvc.exe -- (hlsvc)
SRV - [2012/07/26 18:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
DRV - [2013/12/04 14:46:36 | 000,052,752 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hlnfd.sys -- (hlnfd)
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2371;https=127.0.0.1:2371;
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0
FF - prefs.js..extensions.enabledAddons: 29abb661-0efc-4f64-8a89-b11430d434c4%409678608e-dc95-42b0-8db0-4ce126239776.com:0.93.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.80.43
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014/02/08 19:50:51 | 000,000,000 | ---D | M]
[2014/02/08 19:51:18 | 000,000,000 | ---D | M] ("Plus-HD-7.7") -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com
[2014/02/09 13:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData
[2014/02/08 19:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\plugins
[2014/02/09 13:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\userCode
[2014/01/15 13:34:00 | 000,204,344 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\[email protected]
[2014/02/06 12:22:44 | 000,010,139 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{e844e171-0702-480a-abc8-39f79c8c6126}.xpi
[2014/02/10 14:26:42 | 000,000,975 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\conduit-search.xml
[2014/02/08 19:50:51 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/03/07 01:09:57 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\Shell - "" = AutoRun
O33 - MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
[2014/02/10 14:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard
[2014/02/10 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Browsersafeguard
[2014/02/09 07:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\PursuePoint
[2014/02/09 07:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/02/09 07:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\SearchProtect
[2014/02/09 02:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller
[2014/02/08 19:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/02/08 19:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBullFilter
[2014/02/08 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/01/15 10:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2014/01/15 10:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2014/01/15 10:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2014/01/15 10:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\SpeedyPC Software
[2014/01/15 08:50:47 | 000,000,000 | ---D | C] -- C:\0fb4697b95ef05c99a0d47c5d8a32207
[2014/02/10 14:04:38 | 000,000,734 | ---- | M] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job
[2014/02/10 13:52:00 | 000,001,496 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-updater.job
[2014/02/10 13:51:00 | 000,001,452 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-codedownloader.job
[2014/02/10 13:51:00 | 000,001,350 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-enabler.job
[2014/02/10 13:50:01 | 000,002,380 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-validator.job
[2014/02/10 13:50:00 | 000,002,302 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-7.7-firefoxinstaller.job
[2014/02/10 12:47:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2014/02/10 04:22:59 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2014/02/09 18:00:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2014/02/08 02:49:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2014/02/07 12:30:15 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\CMS Application Updater.job
[2014/01/15 08:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2014/01/15 08:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2014/01/15 08:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\SpeedyPC Software
[2014/01/15 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\wtxpcom


:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• XP users: Double click the icon.

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users, double click the AdwCleaner icon on the desktop to run AdwCleaner. You will see the following console:
  
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Run aswMBR

• Download aswMBR.exe to your desktop.
• Double click the aswMBR.exe file to run it.
• If it asks you if you want to download the latest virus definitions, click Yes
• Be sure the A/V Scan: is set to QuickScan
• Click the "Scan" button to start the scan
  
  
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-5.

Virustotal File Upload:

To use Virustotal go Here

• Click the Choose File button in the middle of the screen. This will open a File Upload window.
• On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
  NOTE.. Only one file per scan
  
  C:\WINDOWS\is-V7K68.exe
  C:\WINDOWS\is-0L4GL.exe
  C:\WINDOWS\System32\5462B5B44E.sys.
  
• This will put the file in the box on the Virustotal page.
• Click the Scan it! button.
• IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
• Please be patient while the file is scanned. It may take several minutes.
• Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
• Repeat 1 thru 7 for each file listed.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question above.
2. The VirusTotal URL address.
3. Let me know if you had any problems uninstalling the programs.
4. The OTL fixes log
5. The AdwCleaner[R0].txt log
6. the aswMBR log

[nickf33]

Verizon.Thank you god, Should I continue with your instructions?

[godawgs]

Yes, please.

[nickf33]

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named utilPursuePoint.exe was found!
No active process named BrowserSafeguard.exe was found!
No active process named updatePursuePoint.exe was found!
No active process named cltmng.exe was found!
No active process named cltmngui.exe was found!
No active process named CltMngSvc.exe was found!
No active process named levelqualitywatcher32.exe was found!
No active process named hlsvc.exe was found!
Error: No service named Util PursuePoint was found to stop!
Service\Driver key Util PursuePoint not found.
File C:\Program Files\PursuePoint\bin\utilPursuePoint.exe not found.
Error: No service named Update PursuePoint was found to stop!
Service\Driver key Update PursuePoint not found.
File C:\Program Files\PursuePoint\updatePursuePoint.exe not found.
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe moved successfully.
Error: No service named SavingsbullFilterService was found to stop!
Service\Driver key SavingsbullFilterService not found.
File c:\Program Files\SavingsBullFilter\SavingsbullFilterService.exe not found.
Error: No service named hlsvc was found to stop!
Service\Driver key hlsvc not found.
File C:\Program Files\Highlightly\Service\hlsvc.exe not found.
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Service hlnfd stopped successfully!
Service hlnfd deleted successfully!
File C:\WINDOWS\system32\drivers\hlnfd.sys not found.
Registry key HKEY_USERS\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Conduit Search" removed from browser.search.defaultenginename
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
Prefs.js: gethighlightly%40gethighlightly.com:1.9.0.0 removed from extensions.enabledAddons
Prefs.js: 29abb661-0efc-4f64-8a89-b11430d434c4%409678608e-dc95-42b0-8db0-4ce126239776.com:0.93.6 removed from extensions.enabledAddons
Prefs.js: [email protected]:0.80.43 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected] deleted successfully.
File C:\Program Files\Mozilla Firefox\extensions\[email protected] not found.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\skin folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\locale\en-US folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\locale folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\userCode folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\plugins folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\defaults folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\chrome\content\core folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\chrome\content\api folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\chrome\content folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\chrome folder moved successfully.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com folder moved successfully.
Folder C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\ not found.
Folder C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\plugins\ not found.
Folder C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com\extensionData\userCode\ not found.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\[email protected] moved successfully.
File C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{e844e171-0702-480a-abc8-39f79c8c6126}.xpi not found.
C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\conduit-search.xml moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7a2b2e4-69f2-11e1-bbbf-001320d6863a}\ not found.
File F:\LaunchU3.exe not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard\ not found.
C:\Program Files\Browsersafeguard folder moved successfully.
Folder C:\Program Files\PursuePoint\ not found.
C:\Program Files\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files\SearchProtect\SearchProtect folder moved successfully.
C:\Documents and Settings\nickf\Local Settings\Application Data\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Documents and Settings\nickf\Local Settings\Application Data\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Documents and Settings\nickf\Local Settings\Application Data\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files\sweetpacks bundle uninstaller folder moved successfully.
Folder C:\Program Files\Highlightly\ not found.
C:\Program Files\SavingsBullFilter folder moved successfully.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
C:\Program Files\SpeedyPC Software folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot\GC folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Common Files\SpeedyPC Software\UUS3\Images folder moved successfully.
C:\Program Files\Common Files\SpeedyPC Software\UUS3 folder moved successfully.
C:\Program Files\Common Files\SpeedyPC Software folder moved successfully.
C:\Documents and Settings\nickf\Start Menu\Programs\SpeedyPC Software folder moved successfully.
C:\0fb4697b95ef05c99a0d47c5d8a32207\i386 folder moved successfully.
C:\0fb4697b95ef05c99a0d47c5d8a32207\amd64 folder moved successfully.
C:\0fb4697b95ef05c99a0d47c5d8a32207 folder moved successfully.
File C:\WINDOWS\tasks\BrowserSafeguard Update Task.job not found.
C:\WINDOWS\tasks\Plus-HD-7.7-updater.job moved successfully.
C:\WINDOWS\tasks\Plus-HD-7.7-codedownloader.job moved successfully.
C:\WINDOWS\tasks\Plus-HD-7.7-enabler.job moved successfully.
C:\WINDOWS\tasks\Plus-HD-7.7-validator.job moved successfully.
C:\WINDOWS\tasks\Plus-HD-7.7-firefoxinstaller.job moved successfully.
C:\WINDOWS\tasks\DataUpload.job moved successfully.
C:\WINDOWS\tasks\SpeedyPC Update Version3.job moved successfully.
C:\WINDOWS\tasks\SpeedyPC Registration3.job moved successfully.
C:\WINDOWS\tasks\SpeedyPC Pro.job moved successfully.
C:\WINDOWS\tasks\CMS Application Updater.job moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\UUS3\SpeedyPC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\UUS3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\nickf\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\nickf\Application Data\SpeedyPC Software folder moved successfully.
C:\Documents and Settings\nickf\Application Data\wtxpcom\temp folder moved successfully.
C:\Documents and Settings\nickf\Application Data\wtxpcom folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\nickf\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\nickf\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 6161 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33036 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1495928 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 6046 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 126340 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: nick

User: nickf
->Temp folder emptied: 23718559 bytes
->Temporary Internet Files folder emptied: 2814936 bytes
->FireFox cache emptied: 198918119 bytes
->Flash cache emptied: 8267354 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 26913281 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 655644 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 253211699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 314614326 bytes

Total Files Cleaned = 793.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02112014_142204

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP0000000133B061A0A887674A not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[nickf33]

God,in trouble tried to download adw cleaner where your script said click here.Woundup getting fusion install which hijacked browser and what not Can't find it in uninstall program.Please advise.

[nickf33]

Hi godawgs, Here is log from ADW cleaner

# AdwCleaner v3.018 - Report created 11/02/2014 at 15:12:00
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : nickf - NICK
# Running from : C:\Documents and Settings\nickf\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\.autoreg
File Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\invalidprefs.js
File Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\user.js
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\Extensions\[email protected]
Folder Found : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\Extensions\[email protected]
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
Folder Found C:\Documents and Settings\nickf\Application Data\DriverCure
Folder Found C:\Documents and Settings\nickf\Application Data\Mysearchdial
Folder Found C:\Documents and Settings\nickf\Application Data\Search Settings
Folder Found C:\Documents and Settings\nickf\Local Settings\Application Data\AskToolbar
Folder Found C:\Documents and Settings\nickf\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found C:\Documents and Settings\nickf\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\nickf\Local Settings\Application Data\Searchprotect
Folder Found C:\Program Files\1ClickDownload
Folder Found C:\Program Files\Application Updater
Folder Found C:\Program Files\Ask.com
Folder Found C:\Program Files\Common Files\Software Update Utility
Folder Found C:\Program Files\eSupport.com
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\Mysearchdial
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\YTD Toolbar
Folder Found C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SpeedyPC Software
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\TENCENT
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\Software\Vittalia
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzytDtC0B&cr=1468826435&ir=

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.order.1", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("extensions.a29abb6610efc4f648a89b11430d434c49678608edc9542b08db04ce126239776com50780.50780.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//dde.integration.storag[...]
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Found : user_pref("extensions.crossrider.bic", "1368437b6469874b4e93105ddf753994");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1333653863);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url(a,f){for(var b=\"source scheme authority userInfo user pass host port relative path directory file q[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Line Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1333653863");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1333653863");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1338383233");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Tue Jun 05 2012 11:04:14 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%2274.72.2.205%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Flushing%22%2C%22geoplug[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26subid%3D%26pid%3D1145%22%7D[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2222241%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.value", "%221145%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221145%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[acehardware.com].expiration", "Wed May 30 2012 18:20:21 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[acehardware.com].value", "1338330021");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2228293%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\nArray.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(th[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(b){b.selectedText=function(f,a){function c(){if(window.getSelection)return window.getSelection();if(document.getSelecti[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI&&(appAPI={});appAPI.JSON={};\n(function(){function a(a){return 10>a?\"0\"+a:a}function b(a){g.lastI[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){for(css_prop in b)b.hasOwnProperty(css_prop)&&(c.style[css_prop]=b[css_prop])}function q(c,b){var c=[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(){var c=\"\";return c=document.defaultView.top==document.defaultView?b.getTabID(document):b.getTabID(do[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n){function X(){if(!c.isReady){try{k.documentElement.doScroll(\"left\")}catch(a){setTimeout(X,1);retur[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/080/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 2);
Line Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp2258.2258.ver", 57);
Line Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Found : user_pref("extensions.crossriderapp2258.bic", "1368437b6469874b4e93105ddf753994");
Line Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1333658105);
Line Found : user_pref("extensions.crossriderapp2258.lastcheck", 22306387);
Line Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22306394);
Line Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1338383659715");
Line Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1338383659714");
Line Found : user_pref("extensions.mysearchdial.AL", 2);
Line Found : user_pref("extensions.mysearchdial.aflt", "adk0102");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzytDtC0B");
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.cr", "1468826435");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "D4CDF0880047A026F2D3FA3F7659988A");
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzy[...]
Line Found : user_pref("extensions.mysearchdial.id", "001320D6863AF99A");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16112");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzytD[...]
Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.014:34:57");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutD[...]
Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.sg", "none");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:34:57");

-\\ Google Chrome v

[ File : C:\Documents and Settings\nickf\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26012 octets] - [11/02/2014 15:12:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26073 octets] ##########

[nickf33]

HI, Did mbr scan LOg was saved as DAT file.Any suggestions?