Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27
  1. #21
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    • 1. Please download OTL from one of the following mirrors:
    • This is THE Mirror
      2. Save it to your desktop.
      3. Double click on the icon on your desktop.
      4. Under the Custom Scan box paste this in
      c:\windows\*. /SL
      c:\windows\*. /RP
      netsvcs
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      5. Push the Quick Scan button.
      6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  2. #22
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    here are the logs
    OTL logfile created on: 18/02/2014 20:52:39 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALAN\Documents\DAD\Downloads for screening
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16518)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.91 Gb Total Physical Memory | 5.52 Gb Available Physical Memory | 69.78% Memory free
    15.82 Gb Paging File | 13.10 Gb Available in Paging File | 82.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 119.82 Gb Free Space | 25.73% Space Free | Partition Type: NTFS

    Computer Name: ALAN-PC | User Name: ALAN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/18 20:51:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ALAN\My Documents\DAD\Downloads for screening\OTL.exe
    PRC - [2014/02/14 19:11:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/08 12:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
    PRC - [2013/07/03 08:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2013/04/08 15:29:08 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
    PRC - [2012/09/30 08:49:50 | 002,105,344 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
    PRC - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2012/03/28 12:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/05/18 15:45:46 | 000,299,008 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
    PRC - [2010/04/29 21:38:06 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2008/07/11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/14 19:11:36 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/04/08 15:29:08 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
    MOD - [2013/04/02 11:34:34 | 000,297,472 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
    MOD - [2013/04/02 11:34:34 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
    MOD - [2013/03/12 20:48:06 | 001,411,072 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
    MOD - [2012/06/06 10:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
    MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2008/07/11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
    MOD - [2008/04/21 15:19:52 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\MPEG Engine\ArcNEO6.dll
    MOD - [2008/03/25 11:26:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\iEPGClub.dll
    MOD - [2007/04/19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\FPXLIB.DLL
    MOD - [2007/04/19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
    MOD - [2007/04/19 09:32:28 | 000,051,968 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uDx_SlideShowRes.dll
    MOD - [2007/04/19 09:30:12 | 000,039,680 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\MMShellHook.dll
    MOD - [2007/04/19 09:29:08 | 000,068,352 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\ComOSD.dll
    MOD - [2006/03/31 11:04:38 | 001,064,960 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\dlcllib.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/06 10:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/05/23 20:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2011/09/27 19:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
    SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV - [2014/02/06 20:09:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
    SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/12/05 19:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2013/10/08 12:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/07/03 08:32:44 | 001,228,504 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2013/07/03 08:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2012/03/28 12:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2012/01/20 10:48:09 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
    SRV - [2011/03/13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/02/07 19:55:51 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2013/10/14 21:06:28 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/09/27 03:18:30 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2013/09/27 02:26:03 | 000,858,200 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2013/09/26 03:28:00 | 000,590,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
    DRV:64bit: - [2013/09/26 02:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2013/08/01 03:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symds64.sys -- (SymDS)
    DRV:64bit: - [2013/07/31 04:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2013/07/31 03:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2013/07/03 08:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
    DRV:64bit: - [2013/06/12 09:21:08 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2013/06/12 09:21:08 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2013/03/12 20:49:40 | 000,926,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV:64bit: - [2013/02/05 21:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/12/18 17:52:26 | 001,901,896 | ---- | M] (TBS Technologies-Professional Manufacturer of Digital TV Tuner Card for PC, PC Cards for DVB S/S2,DVB ?C,ISDB-T) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbs6280_64.sys -- (TBS6280_64)
    DRV:64bit: - [2012/10/17 18:46:18 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
    DRV:64bit: - [2012/10/03 16:43:46 | 002,733,568 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
    DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/04 19:34:11 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/11/04 19:34:11 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/10/15 10:48:07 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
    DRV:64bit: - [2011/09/02 06:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011/08/23 12:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/08/08 23:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys -- (ccSet_NST)
    DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/06/02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/06/02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/03/13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/03/13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/03/13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/03/13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/03/13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/03/13 10:58:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
    DRV:64bit: - [2011/03/13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/03/13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/21 06:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2010/08/27 17:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
    DRV:64bit: - [2010/08/10 09:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2009/11/15 23:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
    DRV:64bit: - [2009/11/15 23:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
    DRV:64bit: - [2009/07/16 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/22 18:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
    DRV:64bit: - [2008/05/22 18:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
    DRV:64bit: - [2008/05/22 18:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
    DRV:64bit: - [2007/04/11 15:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
    DRV:64bit: - [2007/04/11 15:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
    DRV - [2014/01/21 08:31:52 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20140217.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2013/12/18 00:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2013/11/21 08:35:52 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/11/21 08:35:52 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/11/15 02:06:01 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20140217.066\ex64.sys -- (NAVEX15)
    DRV - [2013/11/15 02:06:01 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20140217.066\eng64.sys -- (NAVENG)
    DRV - [2013/06/12 09:21:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2013/06/12 09:21:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyB0E0FyE0CtDzztByCtAtN0D0Tzu0SyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=995174824&ir=
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyB0E0FyE0CtDzztByCtAtN0D0Tzu0SyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=995174824&ir=
    IE - HKCU\..\SearchScopes\{98479A6D-FAB2-4BC9-A027-9C342DE4F372}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyB0E0FyE0CtDzztByCtAtN0D0Tzu0SyByByEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1548521279&ir=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\ALAN\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\ [2014/02/18 19:42:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF [2013/10/14 21:11:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2014/02/12 15:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Extensions
    [2014/02/13 17:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions
    [2014/02/12 15:52:10 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    [2014/02/07 16:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\staged
    [2014/02/13 17:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions
    [2014/02/12 15:52:10 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    [2014/02/07 16:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\staged
    [2014/02/15 16:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\osszm4gx.default\extensions
    [2014/02/15 09:44:39 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\osszm4gx.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2014/02/13 16:41:13 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\osszm4gx.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
    [2014/02/15 09:43:57 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\osszm4gx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/02/15 16:00:06 | 000,477,598 | ---- | M] () (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\osszm4gx.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi
    [2014/02/15 09:44:26 | 000,555,162 | ---- | M] () (No name found) -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\osszm4gx.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
    [2014/02/13 15:57:20 | 000,000,847 | ---- | M] () -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\searchplugins\Mysearchdial.xml
    [2014/02/14 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/02/14 19:11:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    CHR - Extension: No name found = C:\Users\ALAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
    CHR - Extension: No name found = C:\Users\ALAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\

    O1 HOSTS File: ([2013/10/30 14:49:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
    O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
    O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\ALAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C055D2-C9DC-45EC-A852-85A32065A041}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F1EB2D-9BD6-49D7-AC2D-1DA0333F58A1}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {56A879C8-1BEC-427D-9294-2A57096F591D} - EIEDPLauncher
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A71D38AB-DFCC-EE56-5B7F-1C83F81B43E1} - Offline Browsing Pack
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{508EA017-F442-49FB-8A8E-DF3AE997817C} - Browser Customizations
    ActiveX: >{5d4fc8a3-d307-4b18-a078-0f206841827f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/18 19:45:24 | 000,000,000 | ---D | C] -- C:\~$PVRTmp0$
    [2014/02/16 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\TP-LINK
    [2014/02/16 10:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
    [2014/02/16 10:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
    [2014/02/16 10:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
    [2014/02/15 11:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2014/02/15 11:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2014/02/15 11:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2014/02/14 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/02/13 18:35:39 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Local\{CA3CE0DB-82B5-48FE-A69D-959120316075}
    [2014/02/13 16:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2014/02/12 17:25:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
    [2014/02/12 16:10:16 | 000,000,000 | ---D | C] -- C:\SUPERDelete
    [2014/02/12 15:52:43 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\1H1Q
    [2014/02/12 10:08:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/02/12 09:50:01 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2014/02/12 09:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    [2014/02/12 09:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
    [2014/02/11 14:21:24 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Local\FileTypeAssistant
    [2014/02/10 19:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2014/02/10 19:30:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/02/07 20:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/02/07 20:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/02/07 20:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2014/02/07 19:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
    [2014/02/07 19:57:40 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Local\AVG SafeGuard toolbar
    [2014/02/07 19:56:46 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2014/02/07 19:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2014/02/07 19:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2014/02/07 19:24:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/07 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Local\IsolatedStorage
    [2014/02/07 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\MyTurboPC.com
    [2014/02/07 16:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
    [2014/02/07 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\DigitalSites
    [2014/02/07 11:37:42 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2014/02/07 11:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2014/02/06 19:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/02/06 19:09:57 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\1O1L1I1PtF1F1C1N
    [2014/01/31 21:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
    [2014/01/21 15:30:05 | 001,901,896 | ---- | C] (TBS Technologies-Professional Manufacturer of Digital TV Tuner Card for PC, PC Cards for DVB S/S2,DVB ?C,ISDB-T) -- C:\Windows\SysNative\drivers\tbs6280_64.sys
    [60 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/18 20:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/18 19:49:01 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/18 19:49:01 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/18 19:46:07 | 000,786,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/02/18 19:46:07 | 000,654,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/02/18 19:46:07 | 000,119,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/02/18 19:41:32 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
    [2014/02/18 19:41:27 | 2077,663,231 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/16 10:38:51 | 000,002,299 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
    [2014/02/14 03:02:53 | 000,762,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/02/12 17:46:18 | 006,122,688 | ---- | M] () -- C:\Users\ALAN\AppData\Local\census.cache
    [2014/02/12 17:46:11 | 000,089,902 | ---- | M] () -- C:\Users\ALAN\AppData\Local\ars.cache
    [2014/02/12 10:06:18 | 000,761,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/02/12 10:04:04 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2014/02/07 20:33:34 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
    [2014/02/07 19:58:53 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
    [2014/02/07 19:56:56 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2014/02/07 19:55:51 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2014/02/07 16:44:21 | 000,000,512 | ---- | M] () -- C:\Users\Public\Documents\MBR.dat
    [2014/01/21 15:31:41 | 000,002,736 | ---- | M] () -- C:\Windows\unins000.dat
    [2014/01/21 15:29:54 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
    [60 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/16 10:38:50 | 000,002,299 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
    [2014/02/16 10:38:08 | 000,016,219 | ---- | C] () -- C:\Windows\SysNative\net8192cu.inf
    [2014/02/16 10:38:08 | 000,007,540 | ---- | C] () -- C:\Windows\SysNative\net8192cu.cat
    [2014/02/13 16:22:45 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2014/02/07 20:33:27 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
    [2014/02/07 19:56:06 | 000,003,747 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2014/02/07 19:54:57 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
    [2014/02/07 16:44:21 | 000,000,512 | ---- | C] () -- C:\Users\Public\Documents\MBR.dat
    [2014/02/02 19:16:24 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    [2014/01/21 15:30:05 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
    [2014/01/21 15:30:05 | 000,010,120 | ---- | C] () -- C:\Windows\SysNative\drivers\tbs6280_64.cat
    [2014/01/21 15:30:05 | 000,007,248 | ---- | C] () -- C:\Windows\SysNative\drivers\tbs6280.inf
    [2014/01/21 15:30:05 | 000,002,736 | ---- | C] () -- C:\Windows\unins000.dat
    [2013/11/18 16:40:28 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
    [2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2013/10/30 14:42:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/10/30 14:42:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/10/30 14:42:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/10/30 14:42:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/10/30 14:42:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/02/08 16:43:48 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
    [2013/02/08 16:43:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
    [2013/02/08 16:43:46 | 000,047,029 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
    [2013/02/08 16:43:43 | 000,004,672 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
    [2013/02/08 16:43:43 | 000,001,006 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
    [2013/02/08 16:02:37 | 000,000,638 | ---- | C] () -- C:\Windows\cmudaxp.ini
    [2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
    [2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
    [2012/07/31 16:37:07 | 000,762,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/05/13 10:05:42 | 000,000,040 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\burnaware.ini
    [2012/04/27 15:40:14 | 000,007,609 | ---- | C] () -- C:\Users\ALAN\AppData\Local\Resmon.ResmonCfg
    [2012/01/25 21:19:18 | 006,122,688 | ---- | C] () -- C:\Users\ALAN\AppData\Local\census.cache
    [2012/01/25 21:19:15 | 000,089,902 | ---- | C] () -- C:\Users\ALAN\AppData\Local\ars.cache
    [2012/01/20 16:49:20 | 000,000,036 | ---- | C] () -- C:\Users\ALAN\AppData\Local\housecall.guid.cache
    [2012/01/19 19:41:37 | 000,003,584 | ---- | C] () -- C:\Users\ALAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/02/12 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\1H1Q
    [2014/02/06 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\1O1L1I1PtF1F1C1N
    [2013/05/23 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Amazon
    [2012/07/31 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Ashisoft
    [2012/01/26 15:12:23 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\ASUS
    [2014/02/02 19:08:28 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Audacity
    [2013/08/31 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BBCiPlayerDesktop
    [2013/09/19 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2013/09/21 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BSplayer
    [2013/08/30 09:30:21 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BSplayer Pro
    [2013/10/12 15:22:54 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Canon
    [2014/01/31 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2013/09/12 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\DeepBurner
    [2014/02/07 16:06:40 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\DigitalSites
    [2013/10/14 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Foresight Software
    [2013/09/19 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\FreeBurner
    [2013/10/30 17:02:43 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\FreeFixer
    [2013/09/19 20:07:04 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\IObit
    [2012/01/19 21:28:38 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Leadertech
    [2014/02/07 16:52:32 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\MyTurboPC.com
    [2012/12/27 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\No Company Name
    [2013/06/22 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Oracle
    [2012/11/27 21:59:19 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\PDAppFlex
    [2012/12/28 11:08:45 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\SONY Drivers Update Utility
    [2014/01/21 09:28:55 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Spotify
    [2012/10/29 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\TechCheck
    [2014/02/16 10:43:03 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\TP-LINK
    [2012/07/19 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < c:\windows\*. /SL >
    [2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2009/07/14 05:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(75).TXT
    [2009/07/14 05:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/03/28 10:32:35 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

    < c:\windows\*. /RP >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2014/02/12 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\1H1Q
    [2014/02/06 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\1O1L1I1PtF1F1C1N
    [2013/10/18 10:45:43 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Adobe
    [2013/05/23 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Amazon
    [2013/09/18 16:13:08 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Apple Computer
    [2013/09/19 20:44:29 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\ArcSoft
    [2012/07/31 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Ashisoft
    [2012/01/26 15:12:23 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\ASUS
    [2014/02/02 19:08:28 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Audacity
    [2013/08/31 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BBCiPlayerDesktop
    [2013/09/19 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/01/27 10:13:35 | 000,000,000 | R--D | M] -- C:\Users\ALAN\AppData\Roaming\Brother
    [2013/09/21 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BSplayer
    [2013/08/30 09:30:21 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\BSplayer Pro
    [2013/10/12 15:22:54 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Canon
    [2014/01/31 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2013/09/12 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\DeepBurner
    [2014/02/07 16:06:40 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\DigitalSites
    [2012/05/13 10:34:07 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\DVD Flick
    [2013/10/14 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Foresight Software
    [2013/09/19 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\FreeBurner
    [2013/10/30 17:02:43 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\FreeFixer
    [2012/01/19 16:48:10 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Identities
    [2013/09/19 20:07:04 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\IObit
    [2012/01/19 21:28:38 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Leadertech
    [2012/01/19 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Logishrd
    [2012/01/19 21:28:59 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Logitech
    [2012/01/19 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Macromedia
    [2012/01/20 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Malwarebytes
    [2011/04/12 08:28:03 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Media Center Programs
    [2014/02/07 20:52:54 | 000,000,000 | --SD | M] -- C:\Users\ALAN\AppData\Roaming\Microsoft
    [2013/09/03 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Motive
    [2014/02/12 15:52:57 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Mozilla
    [2014/02/07 16:52:32 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\MyTurboPC.com
    [2013/11/10 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\NCH Software
    [2013/08/16 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Nero
    [2012/05/21 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\NeroDigital(TM)
    [2012/12/27 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\No Company Name
    [2013/06/22 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Oracle
    [2012/11/27 21:59:19 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\PDAppFlex
    [2013/10/30 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Real
    [2014/02/16 21:05:25 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Skype
    [2012/12/28 11:08:45 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\SONY Drivers Update Utility
    [2014/01/21 09:28:55 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Spotify
    [2013/08/10 16:24:44 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\SUPERAntiSpyware.com
    [2012/10/29 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\TechCheck
    [2014/02/16 10:43:03 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\TP-LINK
    [2012/07/19 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Windows Live Writer
    [2012/07/02 14:17:32 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\WinRAR

    < %APPDATA%\*.exe /s >
    [2014/01/31 21:53:04 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\ALAN\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    [2013/06/13 20:13:13 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\ALAN\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    [2014/02/07 11:37:42 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\ALAN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    [2013/05/27 21:32:31 | 000,069,632 | R--- | M] (Flexera Software LLC) -- C:\Users\ALAN\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
    [2013/05/27 21:32:31 | 000,049,152 | R--- | M] (Flexera Software LLC) -- C:\Users\ALAN\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
    [2014/01/08 10:04:49 | 005,951,488 | ---- | M] (Spotify Ltd) -- C:\Users\ALAN\AppData\Roaming\Spotify\spotify.exe
    [2014/01/08 10:04:49 | 000,062,464 | ---- | M] (Spotify Ltd) -- C:\Users\ALAN\AppData\Roaming\Spotify\SpotifyLauncher.exe
    [2014/01/08 10:04:48 | 000,610,304 | ---- | M] () -- C:\Users\ALAN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    [2014/01/08 10:04:48 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\ALAN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    < %SYSTEMDRIVE%\*.exe >
    [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [60 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\drivers\*.sys /90 >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >

  3. #23
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    We need to run an OTL Fix
    1. Please reopen on your desktop.
    2. Copy and Paste the following code into the textbox. Do not include the word "Code"
      Code:
      :otl
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
      IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyB0E0FyE0CtDzztByCtAtN0D0Tzu0SyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=995174824&ir=
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
      IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyB0E0FyE0CtDzztByCtAtN0D0Tzu0SyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=995174824&ir=
      IE - HKCU\..\SearchScopes\{98479A6D-FAB2-4BC9-A027-9C342DE4F372}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyB0E0FyE0CtDzztByCtAtN0D0Tzu0SyByByEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1548521279&ir=
      FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
      [2014/02/12 15:52:10 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
      [2014/02/12 15:52:10 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
      [2014/02/13 15:57:20 | 000,000,847 | ---- | M] () -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\searchplugins\Mysearchdial.xml
      [2014/02/07 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\MyTurboPC.com
      [2014/02/07 16:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
      [2014/02/12 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\1H1Q
      [2014/02/06 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\1O1L1I1PtF1F1C1N
      [2014/02/07 16:52:32 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\MyTurboPC.com
      
      
      :Commands
      [resethosts]
      [emptytemp]
      [emptyjavacache]
    3. Push
    4. OTL may ask to reboot the machine. Please do so if asked.
    5. Click .
    6. A report will open. Copy and Paste that report in your next reply.



    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. #24
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    Here is the log. My machine is running fine now.
    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98479A6D-FAB2-4BC9-A027-9C342DE4F372}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98479A6D-FAB2-4BC9-A027-9C342DE4F372}\ not found.
    Prefs.js: "Mysearchdial" removed from browser.search.defaultenginename
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales\en-US folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\resources folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales\en-US folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\resources folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\mqdozlsj.default-1379620744169\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cec3s56.default\searchplugins\Mysearchdial.xml moved successfully.
    C:\Users\ALAN\AppData\Roaming\MyTurboPC.com\MyTurboPC folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\MyTurboPC.com folder moved successfully.
    C:\ProgramData\MyTurboPC.com\MyTurboPC folder moved successfully.
    C:\ProgramData\MyTurboPC.com folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\1H1Q folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\1O1L1I1PtF1F1C1N\Java Platform SE Free Download Packages folder moved successfully.
    C:\Users\ALAN\AppData\Roaming\1O1L1I1PtF1F1C1N folder moved successfully.
    Folder C:\Users\ALAN\AppData\Roaming\MyTurboPC.com\ not found.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: ALAN
    ->Temp folder emptied: 906 bytes
    ->Temporary Internet Files folder emptied: 296386 bytes
    ->Java cache emptied: 5996220 bytes
    ->FireFox cache emptied: 19617088 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 58463 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 43517783 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 66.00 mb

    Error: Unable to interpret <[emptyjavacache]> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 02192014_093352

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  5. #25
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello, stokie.
    Congratulations! You now appear clean!

    Are things running okay? Do you have any more questions?

    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

    We Need to Clean Up Our Mess

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.


    • Download OTC by OldTimer and save it to your desktop.
    • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
    • Then Click the big button.
    • You will get a prompt saying "Being Cleanup Process". Please select Yes.
    • Restart your computer when prompted.

    NOTE: you can use OTL and do the same thing.


    Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then use Disk Cleanup to remove all but the most recently created Restore Point.
    • Go to Start > Run and type: Cleanmgr
    • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
    • Click the "More Options" tab, then click the "Clean up" button under System Restore.
    • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
    • Click Yes, then click Ok.
    • Click Yes again when prompted with "Are you sure you want to perform these actions?"
    • Disk Cleanup will remove the files and close automatically.
    Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.





    One of the most common questions found when cleaning malware is "how did my machine get infected?"

    There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

    Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

    Do not use P2P programs
    Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

    It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

    Practice Safe Internet
    Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

    Below are a list of simple precautions to take to keep your computer clean and running securely:
    1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
    4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
      There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
    5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
    6. Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
    7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
    8. Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
    10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
      Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


    Keep Windows up-to-date
    Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

    • Windows XP users
      You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
    • Windows Vista users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
    • Windows 7 users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



    Keep your browser secure
    Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

    The latest versions of the three common browsers can be found below:


    Use an AntiVirus Software
    It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

    It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

    Use a Firewall
    I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

    In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

    Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

    Install an Anti-Malware program
    Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

    You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

    Make sure your applications have all of their updates
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

    Follow this list and your potential for being infected again will reduce dramatically.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #26
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    Hi, and sorry again for the delay in responding - Ive been off line for a few days due to having a complete house re-wire!

    I've done as you say and hopefully I am now in the clear. I already run the programs you advise on a regular basis so maybe a gremlin crept in while I was not looking.
    Anyway thanks for all your help and advice, I'll just try and be a bit more vigilant in future
    'Bye for now and best regards

    Stokie

  7. #27
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    This thread will now be closed since the issue seems to be resolved.

    If you need this topic reopened, please send me a PM and I will reopen it for you.

    If you should have a new issue, please start a new topic.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 3 of 3 FirstFirst 123