Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijacked [Solved]


  • This topic is locked This topic is locked

#16
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
https://www.virustot...sis/1392151502/


C:\WINDOWS\is-oL4GL.exe NOT FOUND




https://www.virustot...sis/1392151945/

Edited by nickf33, 11 February 2014 - 02:54 PM.

  • 0

Advertisements


#17
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thanks for your patience godawgs.

Edited by nickf33, 11 February 2014 - 09:19 PM.

  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

God,in trouble tried to download adw cleaner where your script said click here.Woundup getting fusion install which hijacked browser and what not Can't find it in uninstall program.Please advise.

I just went to the bleeping computer download page for AdwCleaner and downloaded the program. Nothing but AdwCleaner was downloaded. AdwCleaner doesn't contain any 3rd party software, toolbars or browser helpers. And I can assure you that bleeping computer doesn't allow any of those types of things to be bundled with their downloads. The fusion installation was probably done by the malware that is already on the computer.
The next few fixes should take care of that.

HI, Did mbr scan LOg was saved as DAT file.Any suggestions?

The aswMBR scan produced two files. You already posted the aswMBR.txt log. We don't need the aswMBR.dat file at this time, but just leave it. If we don't need it, we will clean it up when we go through the clean up phase of this process.

Thanks for your patience godawgs.

No problem. :) We will get through this together.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the AdwCleaner icon to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Doube-click the JRT icon Posted Image to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Double click the FSS.exe file to run it.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • XP users: Double click the OTL icon.

    Posted Image
  • At the top of the console, click the box beside Scan All Users<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The FSS.txt log
4. The new OTL.txt log
  • 0

#19
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I deleted adw log Will wait for your OK

Edited by nickf33, 12 February 2014 - 02:31 AM.

  • 0

#20
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
same with JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by nickf33, 12 February 2014 - 02:32 AM.

  • 0

#21
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
same with FSS LOG

Edited by nickf33, 12 February 2014 - 02:32 AM.

  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I deleted adw log Will wait for your OK


same with JRT log


same with FSS LOG


What do you mean? Why would you delete the logs before posting them?
  • 0

#23
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Sorry godawgs, what i meant was I was waiting for you to tell me to post them.
I posted then read please don't attach unless I request it.

Edited by nickf33, 12 February 2014 - 08:40 AM.

  • 0

#24
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
# AdwCleaner v3.018 - Report created 12/02/2014 at 02:44:16
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : nickf - NICK
# Running from : C:\Documents and Settings\nickf\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\eSupport.com
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Mysearchdial
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\YTD Toolbar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\nickf\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\nickf\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Documents and Settings\nickf\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\nickf\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\nickf\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\nickf\Application Data\Mysearchdial
Folder Deleted : C:\Documents and Settings\nickf\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\Extensions\[email protected]
Folder Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\.autoreg
File Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\user.js
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.a29abb6610efc4f648a89b11430d434c49678608edc9542b08db04ce126239776com50780.50780.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//dde.integration.storag[...]
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Deleted : user_pref("extensions.crossrider.bic", "1368437b6469874b4e93105ddf753994");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1333653863);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url(a,f){for(var b=\"source scheme authority userInfo user pass host port relative path directory file q[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1333653863");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1333653863");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1338383233");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Tue Jun 05 2012 11:04:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%2274.72.2.205%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Flushing%22%2C%22geoplug[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26subid%3D%26pid%3D1145%22%7D[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2222241%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.value", "%221145%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221145%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[acehardware.com].expiration", "Wed May 30 2012 18:20:21 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[acehardware.com].value", "1338330021");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2228293%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\nArray.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(th[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(b){b.selectedText=function(f,a){function c(){if(window.getSelection)return window.getSelection();if(document.getSelecti[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI&&(appAPI={});appAPI.JSON={};\n(function(){function a(a){return 10>a?\"0\"+a:a}function b(a){g.lastI[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){for(css_prop in b)b.hasOwnProperty(css_prop)&&(c.style[css_prop]=b[css_prop])}function q(c,b){var c=[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(){var c=\"\";return c=document.defaultView.top==document.defaultView?b.getTabID(document):b.getTabID(do[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n){function X(){if(!c.isReady){try{k.documentElement.doScroll(\"left\")}catch(a){setTimeout(X,1);retur[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/080/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 57);
Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "1368437b6469874b4e93105ddf753994");
Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1333658105);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22306387);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22306394);
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1338383659715");
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1338383659714");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "adk0102");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzytDtC0B");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1468826435");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "D4CDF0880047A026F2D3FA3F7659988A");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzy[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "001320D6863AF99A");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16112");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutDzytD[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.014:34:57");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutD[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0DyCzzyCtA0A0Fzyzy0AtN0D0Tzu0SyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:34:57");

-\\ Google Chrome v

[ File : C:\Documents and Settings\nickf\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26154 octets] - [11/02/2014 15:12:00]
AdwCleaner[R1].txt - [25868 octets] - [12/02/2014 02:42:07]
AdwCleaner[S0].txt - [26099 octets] - [12/02/2014 02:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26160 octets] ##########
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Nick,

I'm sorry I wasn't clear enough. I want every log copied and pasted into your next post, or posted. I don't want the logs attached as a file. It makes them harder for us to research.
So please copy and paste, or post, each log I ask for.

thanks.
  • 0

Advertisements


#26
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Sorry god
awgs. JRT file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by nickf on Wed 02/12/2014 at 2:59:22.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62CE42E1-2090-44E6-9D42-9C1B1492EF5C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\nickf\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\nickf\Application Data\ytd"
Successfully deleted: [Folder] "C:\Documents and Settings\nickf\Local Settings\Application Data\browsersafeguard"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/12/2014 at 3:07:31.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#27
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
FSS log

Farbar Service Scanner Version: 02-02-2014
Ran by nickf (administrator) on 12-02-2014 at 03:14:39
Running from "C:\Documents and Settings\nickf\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#28
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OTL LOG

OTL logfile created on: 2/12/2014 3:19:06 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\nickf\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 57.34% Memory free
2.34 Gb Paging File | 1.92 Gb Available in Paging File | 82.16% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 105.98 Gb Free Space | 73.44% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: nickf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/10 14:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nickf\Desktop\OTL.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/12/01 10:04:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/09/06 08:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/09/06 08:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
PRC - [2010/06/14 06:16:50 | 000,112,000 | ---- | M] () -- C:\Program Files\CMS Products\BounceBack Ultimate\BBLauncher.exe
PRC - [2010/06/14 06:09:18 | 000,065,536 | ---- | M] (CMS Products, Inc.) -- C:\Program Files\CMS Products\BounceBack Ultimate\BBWatcherService.exe
PRC - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/15 14:58:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2014/01/15 14:35:23 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2014/01/15 14:09:16 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2014/01/15 13:36:37 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2014/01/15 13:35:55 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/14 06:16:50 | 000,112,000 | ---- | M] () -- C:\Program Files\CMS Products\BounceBack Ultimate\BBLauncher.exe
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebdrs.dll
MOD - [2009/12/31 01:16:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXEBPMON.DLL
MOD - [2009/12/16 06:42:12 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebmicro.dll
MOD - [2009/11/04 14:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebcaps.dll
MOD - [2009/01/13 08:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEBoem.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2014/01/17 21:00:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/12/01 10:04:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/09/06 08:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/09/06 08:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/06/14 06:09:18 | 000,065,536 | ---- | M] (CMS Products, Inc.) [Auto | Running] -- C:\Program Files\CMS Products\BounceBack Ultimate\BBWatcherService.exe -- (BBWatcherService)
SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxebcoms.exe -- (lxeb_device)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FilterService)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/07 03:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...=en&client=dell
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{94BDA8C2-6DB4-4C6D-A16A-E14A913BDE17}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{94BDA8C2-6DB4-4C6D-A16A-E14A913BDE17}: "URL" = http://www.google.co...1I7GGHP_enUS474
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\SearchScopes\{CE8891D1-B6BE-496D-BF96-C4197D0D877B}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp3tst"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/17 21:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/12 02:44:57 | 000,000,000 | ---D | M]

[2014/01/15 08:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Extensions
[2014/01/15 08:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Extensions\[email protected]
[2014/02/12 02:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions
[2014/01/15 08:59:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/12/09 21:45:01 | 000,149,045 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\[email protected]
[2014/01/15 13:21:31 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\nickf\Application Data\Mozilla\Firefox\Profiles\2erxd7qp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/02/11 14:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/17 20:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/17 21:01:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/09 16:57:37 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/13 11:52:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/16 12:51:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Documents and Settings\nickf\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKU\S-1-5-19..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-20..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Products\BounceBack Ultimate\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\nickf\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4230650497-4285135782-2684026053-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D2F826C-E7FE-496B-8BA5-CA5C52A61107}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\program files\google\google desktop search\googledesktopnetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\nickf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nickf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/01/15 08:37:18 | 000,002,264 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/12 02:59:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/12 02:36:45 | 000,453,632 | ---- | C] (Farbar) -- C:\Documents and Settings\nickf\Desktop\FSS.exe
[2014/02/12 02:36:07 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\nickf\Desktop\JRT.exe
[2014/02/11 15:22:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\nickf\Desktop\aswMBR.exe
[2014/02/11 15:11:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/11 14:32:27 | 000,552,744 | ---- | C] (Fusion Install ) -- C:\Documents and Settings\nickf\Desktop\Setup.exe
[2014/02/11 14:22:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/11 14:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/02/10 14:18:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nickf\Desktop\OTL.exe
[2014/02/10 09:27:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\IECompatCache
[2014/02/10 09:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\QuickScan
[2014/02/09 07:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/09 07:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/09 07:43:30 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/09 07:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/09 07:36:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Music
[2014/02/08 18:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/04 11:45:27 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/02/04 09:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\AviraResume
[2014/01/18 15:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\1099 for 2013
[2014/01/18 12:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Help
[2014/01/18 12:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Help
[2014/01/17 20:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/01/17 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\birdman
[2014/01/15 12:59:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/15 12:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2014/01/15 12:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2014/01/15 12:05:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2014/01/15 12:05:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/01/15 12:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDM
[2014/01/15 12:05:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2014/01/15 12:04:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2014/01/15 12:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2014/01/15 12:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 12:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2014/01/15 12:04:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2014/01/15 12:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2014/01/15 12:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2014/01/15 12:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/01/15 12:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2014/01/15 12:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2014/01/15 12:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2014/01/15 12:03:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2014/01/15 12:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2014/01/15 12:03:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2014/01/15 12:03:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2014/01/15 12:03:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/01/15 12:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2014/01/15 12:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2014/01/15 12:03:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2014/01/15 12:03:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2014/01/15 12:03:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2014/01/15 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2014/01/15 12:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2014/01/15 12:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2014/01/15 12:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2014/01/15 12:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2014/01/15 12:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2014/01/15 12:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2014/01/15 12:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2014/01/15 12:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2014/01/15 12:02:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2014/01/15 12:01:26 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2014/01/15 12:01:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dla
[2014/01/15 12:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2014/01/15 12:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2014/01/15 12:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2014/01/15 12:00:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2014/01/15 12:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2014/01/15 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2014/01/15 12:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2014/01/15 11:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2014/01/15 11:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2014/01/15 11:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2014/01/15 11:55:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2014/01/15 11:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/01/15 11:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2014/01/15 11:43:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2014/01/15 11:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2014/01/15 11:43:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2014/01/15 11:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2014/01/15 11:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2014/01/15 11:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2014/01/15 11:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2014/01/15 11:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/01/15 11:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2014/01/15 11:42:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2014/01/15 11:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2014/01/15 11:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2014/01/15 11:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2014/01/15 11:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2014/01/15 11:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2014/01/15 11:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2014/01/15 11:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014/01/15 11:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2014/01/15 11:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2014/01/15 11:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2014/01/15 11:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2014/01/15 11:37:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2014/01/15 11:36:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2014/01/15 11:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2014/01/15 11:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/01/15 11:33:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/01/15 11:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2014/01/15 11:32:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2014/01/15 11:32:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\FECFile
[2014/01/15 11:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2014/01/15 11:12:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2014/01/15 11:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2014/01/15 11:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014/01/15 11:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2014/01/15 11:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2014/01/15 11:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2014/01/15 11:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2014/01/15 11:07:47 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/01/15 11:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2014/01/15 11:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2014/01/15 10:56:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2014/01/15 10:51:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/01/15 10:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2014/01/15 10:51:12 | 000,000,000 | ---D | C] -- C:\Temp
[2014/01/15 10:51:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/15 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2014/01/15 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2014/01/15 10:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\WordPerfect Office 12
[2014/01/15 10:49:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2014/01/15 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free
[2014/01/15 10:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2014/01/15 10:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2014/01/15 10:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2014/01/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2014/01/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2014/01/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/01/15 10:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\WebCyberCoach
[2014/01/15 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/15 10:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VERIZONDM
[2014/01/15 10:48:34 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2014/01/15 10:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2014/01/15 10:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/01/15 10:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2014/01/15 10:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2014/01/15 10:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2014/01/15 10:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/15 10:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Photo Recovery
[2014/01/15 10:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2014/01/15 10:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\SideSlide
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Shield
[2014/01/15 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\RGB
[2014/01/15 10:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/01/15 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/01/15 10:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/01/15 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/01/15 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2014/01/15 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2014/01/15 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2014/01/15 10:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetZeroInstallers
[2014/01/15 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2014/01/15 10:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2014/01/15 10:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/01/15 10:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2014/01/15 10:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2014/01/15 10:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2014/01/15 10:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/01/15 10:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/01/15 10:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2014/01/15 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Helper
[2014/01/15 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/01/15 10:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2001
[2014/01/15 10:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2014/01/15 10:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/15 10:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2014/01/15 10:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2014/01/15 10:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It! 2002
[2014/01/15 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/01/15 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2014/01/15 10:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2014/01/15 10:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2014/01/15 10:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2014/01/15 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2014/01/15 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/01/15 10:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/15 10:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2014/01/15 10:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/01/15 10:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2014/01/15 10:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2014/01/15 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2014/01/15 10:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2014/01/15 10:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2014/01/15 10:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/01/15 10:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/15 10:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/15 10:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2014/01/15 10:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/01/15 10:32:29 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2014/01/15 10:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2014/01/15 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/01/15 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\GoogleAFE
[2014/01/15 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/15 10:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gmail Notifier
[2014/01/15 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\GemMaster
[2014/01/15 10:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2014/01/15 10:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2014/01/15 10:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\FoneSync
[2014/01/15 10:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\FEC Applications
[2014/01/15 10:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2014/01/15 10:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\EarthLink Setup
[2014/01/15 10:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2014/01/15 10:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2014/01/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2014/01/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2014/01/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2014/01/15 10:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support
[2014/01/15 10:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2014/01/15 10:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2014/01/15 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2014/01/15 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/01/15 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2014/01/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/01/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TiVo Shared
[2014/01/15 10:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2014/01/15 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2014/01/15 10:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2014/01/15 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2014/01/15 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2014/01/15 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2014/01/15 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2014/01/15 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2014/01/15 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2014/01/15 10:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2014/01/15 10:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2014/01/15 10:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2014/01/15 10:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/01/15 10:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2014/01/15 10:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2014/01/15 10:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2014/01/15 10:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2014/01/15 10:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/01/15 10:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2014/01/15 10:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2014/01/15 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2014/01/15 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/01/15 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\CMS Products
[2014/01/15 10:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2014/01/15 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/15 10:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2014/01/15 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/15 10:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2014/01/15 10:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/01/15 10:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2014/01/15 10:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2014/01/15 10:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014/01/15 10:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/01/15 10:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2014/01/15 10:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2014/01/15 10:21:17 | 000,000,000 | ---D | C] -- C:\Program Files
[2014/01/15 10:21:17 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2014/01/15 10:21:12 | 000,000,000 | ---D | C] -- C:\Netscape
[2014/01/15 10:21:12 | 000,000,000 | ---D | C] -- C:\My Music
[2014/01/15 10:19:52 | 000,000,000 | ---D | C] -- C:\i386
[2014/01/15 10:19:52 | 000,000,000 | ---D | C] -- C:\eyeglass forms
[2014/01/15 10:19:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Startup
[2014/01/15 10:19:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\UserData
[2014/01/15 10:19:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\Templates
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\WINDOWS
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\TomTom
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Revo Uninstaller
[2014/01/15 10:19:40 | 000,000,000 | ---D | C] -- C:\drivers
[2014/01/15 10:19:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Administrative Tools
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\ImgBurn
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\HiJackThis
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\FormatFactory
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\DVD Decrypter
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Dell Accessories
[2014/01/15 10:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Dell
[2014/01/15 10:19:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nickf\SendTo
[2014/01/15 10:19:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu
[2014/01/15 10:19:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Start Menu\Programs\Accessories
[2014/01/15 10:19:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nickf\Recent
[2014/01/15 10:19:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\PrivacIE
[2014/01/15 10:19:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\PrintHood
[2014/01/15 10:19:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\NetHood
[2014/01/15 10:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\nick
[2014/01/15 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\xmass card
[2014/01/15 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Downloads
[2014/01/15 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\W2 2008
[2014/01/15 10:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\vetrone records
[2014/01/15 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\verizon bills
[2014/01/15 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\vanguard
[2014/01/15 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\urology reports
[2014/01/15 10:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\TomTom
[2014/01/15 10:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\time warner
[2014/01/15 10:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\star program
[2014/01/15 10:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\ST. Francis
[2014/01/15 10:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\soc.sec
[2014/01/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\sm. ln. taxes
[2014/01/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\shoulder mri
[2014/01/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\scwa
[2014/01/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\rome pics
[2014/01/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Reflect
[2014/01/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\recipies
[2014/01/15 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\recipes
[2014/01/15 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\receipts
[2014/01/15 10:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\rebates refunds
[2014/01/15 10:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\prescriptions
[2014/01/15 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\PhoneTools
[2014/01/15 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\pension
[2014/01/15 10:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\pathmark drugs
[2014/01/15 10:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\orology reports
[2014/01/15 10:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\old docs
[2014/01/15 10:16:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Videos
[2014/01/15 10:16:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Pictures
[2014/01/15 10:16:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nickf\My Documents\My DVDs
[2014/01/15 10:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\My Kindle Content
[2014/01/15 10:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\My eBooks
[2014/01/15 10:15:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\My Documents
[2014/01/15 10:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\My Digital Editions
[2014/01/15 10:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\mortgage
[2014/01/15 10:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\medicare reimbursement
[2014/01/15 10:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\medicare claims
[2014/01/15 10:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\medicare
[2014/01/15 10:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\macy
[2014/01/15 10:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\lipa
[2014/01/15 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\k
[2014/01/15 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\joe
[2014/01/15 10:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Irene
[2014/01/15 10:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\invoices
[2014/01/15 10:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house pics
[2014/01/15 10:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house on8-19-2012
[2014/01/15 10:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house 2011
[2014/01/15 10:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\graves
[2014/01/15 10:13:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nickf\My Documents\Google Drive
[2014/01/15 10:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\FFOutput
[2014/01/15 10:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\eyeglass forms
[2014/01/15 10:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\ellis island
[2014/01/15 10:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\dvd
[2014/01/15 10:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Downloads
[2014/01/15 10:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\doctors#s
[2014/01/15 10:02:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents\dept store receipts
[2014/01/15 10:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\Cyberlink
[2014/01/15 10:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\coop maint
[2014/01/15 10:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\contacts
[2014/01/15 10:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\CCWin
[2014/01/15 10:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\blood work
[2014/01/15 10:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\bern cemataries
[2014/01/15 10:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\auto reg& rerpairsdriver safety
[2014/01/15 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\auto reg& rerpairs
[2014/01/15 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\auto reg
[2014/01/15 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\attic wiring
[2014/01/15 10:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\allstate claim docs
[2014/01/15 10:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\all tax refunds
[2014/01/15 10:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\1099 2012
[2014/01/15 10:01:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\My Documents
[2014/01/15 09:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\WMTools Downloaded Files
[2014/01/15 09:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Wisdom-soft
[2014/01/15 09:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2014/01/15 09:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\TomTom
[2014/01/15 09:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Temp
[2014/01/15 09:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\SupportSoft
[2014/01/15 09:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Sun
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Solid State Networks
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\PowerDVD
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\PC_Drivers_Headquarters
[2014/01/15 09:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Musicmatch
[2014/01/15 09:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Mozilla
[2014/01/15 09:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Microsoft
[2014/01/15 09:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\MagicSoftware
[2014/01/15 09:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\LogMeIn Rescue Applet
[2014/01/15 09:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Logitech® Webcam Software
[2014/01/15 09:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\LogiShrd
[2014/01/15 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Identities
[2014/01/15 09:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Google
[2014/01/15 09:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\FreeEditorEditTemp
[2014/01/15 09:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\FixItCenter
[2014/01/15 09:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Evernote
[2014/01/15 09:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Downloaded Installations
[2014/01/15 09:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Corel Photo Album
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Citrix
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\BVRP Software
[2014/01/15 09:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\ashampoo
[2014/01/15 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\ArcSoft
[2014/01/15 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\ApplicationHistory
[2014/01/15 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Apple Computer
[2014/01/15 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Apple
[2014/01/15 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Adobe_Systems_Incorporate
[2014/01/15 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Local Settings\Application Data\Adobe
[2014/01/15 09:28:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Favorites
[2014/01/15 09:28:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\IETldCache
[2014/01/15 09:28:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\Local Settings
[2014/01/15 09:28:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\xmass list
[2014/01/15 09:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\unused
[2014/01/15 09:19:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\smith lane
[2014/01/15 09:19:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\screen shots
[2014/01/15 09:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house under const
[2014/01/15 09:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\My Music
[2014/01/15 09:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\LI rooms
[2014/01/15 09:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\house finished
[2014/01/15 09:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\home depot
[2014/01/15 09:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\My Documents\ginestris
[2014/01/15 09:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nickf\Desktop\downloads
[2014/01/15 08:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Desktop
[2014/01/15 08:59:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nickf\Cookies
[2014/01/15 08:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\VSRevoGroup
[2014/01/15 08:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\U3
[2014/01/15 08:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\TomTom
[2014/01/15 08:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\SUPERAntiSpyware.com
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Sun
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Sonic
[2014/01/15 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Softland
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\SideSlide
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Real
[2014/01/15 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Pro200-S500 Series
[2014/01/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Mozilla
[2014/01/15 08:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Microsoft Web Folders
[2014/01/15 08:59:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nickf\Application Data\Microsoft
[2014/01/15 08:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Malwarebytes
[2014/01/15 08:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nickf\Application Data\Gtek
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Macromedia
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Logitech
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Leadertech
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\InfraRecorder
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Identities
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\HandBrake
[2014/01/15 08:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Google
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Gmail Notifier
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\FreeTorrentViewer
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\FreeBurner
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\ElevatedDiagnostics
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\DVD Flick
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Digiarty
[2014/01/15 08:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\CyberLink
[2014/01/15 08:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Corel Photo Album
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Corel
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Canneverbe_Limited
[2014/01/15 08:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Avery
[2014/01/15 08:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Auslogics
[2014/01/15 08:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Audacity
[2014/01/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Ashampoo
[2014/01/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\ArcSoft
[2014/01/15 08:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Apple Computer
[2014/01/15 08:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\AdobeUM
[2014/01/15 08:57:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nickf\Application Data
[2014/01/15 08:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\Application Data\Adobe
[2014/01/15 08:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nickf\.gimp-2.4
[2014/01/15 08:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2014/01/15 08:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2014/01/15 08:57:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2014/01/15 08:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2014/01/15 08:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2014/01/15 08:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2014/01/15 08:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2014/01/15 08:57:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2014/01/15 08:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2014/01/15 08:57:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 12
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2014/01/15 08:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2014/01/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TomTom
[2014/01/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/01/15 08:57:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2014/01/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2014/01/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2014/01/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2014/01/15 08:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2014/01/15 08:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2014/01/15 08:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Helper
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Clip Gallery
[2014/01/15 08:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic DVD Ripper
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InfraRecorder
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2014/01/15 08:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2014/01/15 08:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Easy Burner
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FoneSync
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FEC Applications
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Flick
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support
[2014/01/15 08:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Free
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BounceBack Ultimate
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2014/01/15 08:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2014/01/15 08:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2014/01/15 08:57:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2014/01/15 08:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2014/01/15 08:57:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2014/01/15 08:57:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2014/01/15 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2014/01/15 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Lexmark Pro200-S500 Series
[2014/01/15 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2014/01/15 08:57:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2014/01/15 08:57:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2014/01/15 08:56:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2014/01/15 08:56:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2014/01/15 08:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2014/01/15 08:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FreeBurner
[2014/01/15 08:55:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2014/01/15 08:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/01/15 08:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2014/01/15 08:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2014/01/15 08:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2014/01/15 08:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/01/15 08:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/15 08:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/01/15 08:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2014/01/15 08:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2014/01/15 08:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pro200-S500 Series
[2014/01/15 08:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/01/15 08:53:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2014/01/15 08:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2014/01/15 08:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/15 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/15 08:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2014/01/15 08:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2014/01/15 08:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2014/01/15 08:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2014/01/15 08:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2014/01/15 08:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GTek
[2014/01/15 08:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2014/01/15 08:53:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/15 08:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FEC Applications
[2014/01/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avery
[2014/01/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2014/01/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2014/01/15 08:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2014/01/15 08:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2014/01/15 08:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2014/01/15 08:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/01/15 08:51:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2014/01/15 08:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/15 08:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2014/01/15 08:50:54 | 000,000,000 | ---D | C] -- C:\dell
[2014/01/15 08:50:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/15 08:46:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/15 08:43:30 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2014/01/15 08:43:30 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2014/01/15 08:42:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/15 08:42:05 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/01/15 08:42:04 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/15 08:39:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/12 03:22:35 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/02/12 03:22:21 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/02/12 03:13:54 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2014/02/12 03:12:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/12 03:12:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4230650497-4285135782-2684026053-1005.job
[2014/02/12 03:12:05 | 1331,843,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/12 02:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/12 02:36:46 | 000,453,632 | ---- | M] (Farbar) -- C:\Documents and Settings\nickf\Desktop\FSS.exe
[2014/02/12 02:36:13 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\nickf\Desktop\JRT.exe
[2014/02/12 02:30:40 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/11 15:28:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\MBR.dat
[2014/02/11 15:22:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\nickf\Desktop\aswMBR.exe
[2014/02/11 15:10:58 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\AdwCleaner.exe
[2014/02/11 14:35:35 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\WB.CFG
[2014/02/11 14:35:30 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/02/11 14:32:30 | 000,552,744 | ---- | M] (Fusion Install ) -- C:\Documents and Settings\nickf\Desktop\Setup.exe
[2014/02/11 09:09:55 | 007,423,661 | ---- | M] () -- C:\Documents and Settings\nickf\My Documents\1040-2013.PDF
[2014/02/10 14:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nickf\Desktop\OTL.exe
[2014/02/09 07:43:37 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/08 14:39:25 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\nickf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/06 14:09:05 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\burnaware.ini
[2014/02/05 19:14:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4230650497-4285135782-2684026053-1005.job
[2014/02/05 09:58:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/02/05 09:58:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/02/04 16:35:21 | 000,963,272 | ---- | M] () -- C:\Documents and Settings\nickf\My Documents\coop tax sheet.JPG
[2014/02/04 11:57:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\nickf\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/04 11:45:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/04 11:41:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/04 10:00:00 | 000,504,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/04 10:00:00 | 000,089,022 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/03 18:13:47 | 000,249,333 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\address book 030702.WAB
[2014/01/25 14:19:08 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\Microsoft Word.lnk
[2014/01/23 15:07:58 | 002,822,882 | ---- | M] () -- C:\Documents and Settings\nickf\My Documents\ibew drug form.JPG
[2014/01/22 10:15:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/01/22 10:15:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014/01/15 16:52:49 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\Freecell.lnk
[2014/01/15 16:52:49 | 000,001,483 | ---- | M] () -- C:\Documents and Settings\nickf\Desktop\Solitaire.lnk
[2014/01/15 13:51:53 | 000,419,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/15 13:35:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/01/15 12:08:58 | 000,000,415 | RHS- | M] () -- C:\boot.ini
[2014/01/15 12:05:28 | 000,000,863 | ---- | M] () -- C:\System Backup - 20120309102027-5625.BB
[2014/01/15 08:37:18 | 000,002,264 | ---- | M] () -- C:\autorun.PNF
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/11 15:28:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\nickf\Desktop\MBR.dat
[2014/02/11 15:10:58 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\nickf\Desktop\AdwCleaner.exe
[2014/02/11 14:36:06 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/02/11 14:35:35 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\WB.CFG
[2014/02/11 14:35:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/02/11 09:09:52 | 007,423,661 | ---- | C] () -- C:\Documents and Settings\nickf\My Documents\1040-2013.PDF
[2014/02/09 07:43:59 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/09 07:43:37 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/09 07:43:37 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/04 16:35:21 | 000,963,272 | ---- | C] () -- C:\Documents and Settings\nickf\My Documents\coop tax sheet.JPG
[2014/02/04 11:57:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/04 10:05:30 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/02/04 10:05:30 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/01/23 15:07:58 | 002,822,882 | ---- | C] () -- C:\Documents and Settings\nickf\My Documents\ibew drug form.JPG
[2014/01/15 13:44:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/15 12:40:54 | 1331,843,072 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/15 08:48:13 | 000,000,415 | RHS- | C] () -- C:\boot.ini
[2014/01/15 08:48:13 | 000,000,209 | RHS- | C] () -- C:\boot.cms
[2014/01/15 08:37:18 | 000,002,264 | ---- | C] () -- C:\autorun.PNF
[2013/02/22 20:59:16 | 001,198,281 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/02/22 20:59:16 | 000,082,969 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/11/06 08:23:23 | 000,672,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/28 11:13:57 | 000,088,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/21 19:06:26 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/09/18 12:49:03 | 000,102,248 | ---- | C] () -- C:\Documents and Settings\nickf\GoToAssistDownloadHelper.exe
[2012/09/15 15:21:08 | 000,000,255 | ---- | C] () -- C:\WINDOWS\FECLoad.ini
[2012/06/16 15:27:35 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\FixVTS.ini
[2012/05/10 08:48:37 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/04/14 18:03:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2012/04/13 21:35:27 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\burnaware.ini
[2012/04/11 08:37:14 | 000,704,512 | ---- | C] () -- C:\WINDOWS\is-V7K68.exe
[2012/03/20 20:37:58 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\nickf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/20 19:07:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\nickf\Local Settings\Application Data\fusioncache.dat
[2012/03/09 09:43:40 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2012/03/08 20:19:34 | 000,685,056 | ---- | C] () -- C:\WINDOWS\is-0L4GL.exe
[2012/03/08 15:14:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEBPMON.DLL
[2012/03/08 15:14:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEBFXPU.DLL
[2012/03/08 15:14:04 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEBoem.dll
[2012/03/08 13:53:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/08 08:57:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/07 11:17:42 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/03/07 11:17:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5462B5B44E.sys
[2012/03/07 07:55:36 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2012/03/07 07:55:23 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2012/03/07 07:55:22 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2012/03/07 07:55:22 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2012/03/07 07:55:22 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhcp.dll
[2012/03/07 07:55:22 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2012/03/07 07:55:21 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2012/03/07 07:55:21 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2012/03/07 07:55:21 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2012/03/07 07:55:20 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2012/03/07 07:55:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2012/03/07 07:55:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2012/03/07 07:55:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2012/03/07 07:55:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2012/03/07 07:55:19 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2012/03/07 07:55:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2012/03/07 07:55:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2012/03/07 07:55:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2012/03/07 07:55:18 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2012/03/07 07:55:18 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2012/03/07 07:55:18 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[2012/03/07 07:55:18 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2012/03/07 07:55:18 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2012/03/07 07:53:56 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\lxebsm.dll
[2012/03/07 07:53:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lxebsmr.dll
[2012/03/07 01:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\PFP120JPR.{PB
[2012/03/07 01:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\nickf\Application Data\PFP120JCM.{PB
[2012/03/07 00:05:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 03:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/15 08:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/15 08:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2014/01/15 08:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2014/01/15 08:53:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/15 08:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FEC Applications
[2014/01/15 08:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2014/01/15 08:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2014/01/15 08:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro200-S500 Series
[2014/01/15 08:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/02/08 20:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/02/08 19:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2014/01/15 08:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2014/01/15 08:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Ashampoo
[2014/01/15 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Audacity
[2014/01/15 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Auslogics
[2014/01/15 08:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Avery
[2014/01/15 08:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Canneverbe_Limited
[2014/01/15 08:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Digiarty
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\ElevatedDiagnostics
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\FreeBurner
[2014/01/15 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\FreeTorrentViewer
[2014/01/15 08:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Gmail Notifier
[2014/01/15 08:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\HandBrake
[2014/01/15 08:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\InfraRecorder
[2014/01/15 08:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Leadertech
[2014/01/15 08:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Pro200-S500 Series
[2014/02/10 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\QuickScan
[2014/01/15 08:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\SideSlide
[2014/01/15 08:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\Softland
[2014/01/15 08:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\TomTom
[2014/01/15 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nickf\Application Data\VSRevoGroup

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#29
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
After this round please let me know if the redirects and pop ups are gone.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
[2014/01/15 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2014/01/15 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/01/15 08:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2014/01/15 08:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2014/01/15 08:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2014/01/15 08:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/02/11 14:35:30 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = -
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = -
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = -
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = -

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Double click the MalwareBytes icon on the desktop to run the application. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-4.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Double click the SecurityCheck icon Posted Image to run the application.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. How is the computer running now?
2. The OTL fixes log
3. The MalwareBytes log
4. The ESET scan log (IF it found anything). If it didn't just let me know.
6. The checkup.txt log
  • 0

#30
nickf33

nickf33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
otl log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Program Files\McAfee.com\VSO folder moved successfully.
C:\Program Files\McAfee.com\Agent folder moved successfully.
C:\Program Files\McAfee.com folder moved successfully.
C:\Program Files\McAfee\SpamKiller folder moved successfully.
C:\Program Files\McAfee folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\McAfee\sacore folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\McAfee folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data\sports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\Archive folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\ODSLog folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Updates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Templates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Sounds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McCHSvc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\jxpiinstall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\jre-7u17-windows-i586-iftw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 13354 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: nick

User: nickf
->Temp folder emptied: 44210029 bytes
->Temporary Internet Files folder emptied: 797596 bytes
->FireFox cache emptied: 70677562 bytes
->Flash cache emptied: 783 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141377 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4069149 bytes

Total Files Cleaned = 114.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122014_200506

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP