Good Afternoon,

PC is running sluggish, trouble connecting to the internet. Lots and lots of pop ups.

There were a few icons on the desktop that I did not recognize. NewPlayer, BrowserApps and SearchProtect.
I did scan using Malwarebytes and found over 200 items
Please let me know if I am infected with anything harmful.

There are also 3 icons on the desktop that are not as bright as the others. They look faded. 2 named desktop.ini and 1 named Thumbs.db. I also have the icons in my dropbox folder.

Thanks in advance for all your help
LISA



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X3 445 Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 3
RAM: 6143 Mb
Graphics Card: ATI Radeon HD 4800 Series, 512 Mb
Hard Drives: C: Total - 238315 MB, Free - 166113 MB; Z: Total - 99 MB, Free - 69 MB;
Motherboard: BIOSTAR Group, MCP6P3
Antivirus: None

My apologies

OTL logfile created on: 8/19/2014 3:55:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.91 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.79% Memory free
4.77 Gb Paging File | 3.51 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): c:\pagefile.sys 2928 2928 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.69 Gb Total Space | 106.98 Gb Free Space | 48.69% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/19 15:54:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.5.0.19\n360.exe
PRC - [2014/06/25 20:58:55 | 000,040,240 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2014/06/25 20:58:54 | 002,545,968 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/02/24 22:36:26 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/07/28 18:06:20 | 000,297,440 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2011/07/28 17:06:32 | 008,247,264 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe
PRC - [2010/12/03 19:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 19:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/10/16 18:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 13:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/25 20:59:06 | 000,548,488 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2014/02/27 15:35:02 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d 119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/27 15:34:58 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88 c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/27 15:34:48 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc41 7d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll
MOD - [2014/02/27 15:34:44 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c 1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/27 13:50:49 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c4 4490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 13:50:46 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6 580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/27 13:50:45 | 001,870,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411c e82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/27 13:50:44 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4 889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 13:50:42 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0 df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 13:50:42 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e713 7e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/27 13:50:38 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82 547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 13:50:34 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb 46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 13:50:33 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07 227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 13:50:32 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ec afa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/27 13:50:32 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee0 58bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/27 13:50:30 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb5 9f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/27 13:50:28 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a5 3d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 13:50:27 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a01 5313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 13:50:26 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a 47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 13:50:25 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7 b3ecaabfc5c72d7615d884f79\PresentationFramework.classic.ni.dll
MOD - [2014/02/27 13:50:23 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec 4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 13:50:22 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b 990332e67c6\System.ni.dll
MOD - [2014/02/27 13:50:17 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97b e8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/27 13:50:17 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66f cd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/07/28 17:06:32 | 008,247,264 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2011/06/10 14:36:34 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WaspInventoryWindowsService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/07/25 08:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/07/08 17:15:27 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 20:58:55 | 000,040,240 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2014/01/30 00:12:30 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/04/06 15:22:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/28 18:06:20 | 000,297,440 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/12/03 19:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 19:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/03 18:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 18:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 16:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/03/22 21:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TSUSB2.sys -- (TSUSB2)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netfilter2.sys -- (netfilter2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KeyCrypt32.sys -- (keycrypt)
DRV - [2014/07/23 01:13:11 | 000,447,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\symnets.sys -- (SymNetS)
DRV - [2014/07/23 01:13:10 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1505000.013\symefa.sys -- (SymEFA)
DRV - [2014/07/23 00:50:26 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\srtsp.sys -- (SRTSP)
DRV - [2014/07/19 10:49:12 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/07/10 11:28:28 | 000,250,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2014/06/13 14:56:24 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/06/13 14:56:24 | 000,109,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/12 15:05:34 | 000,031,744 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\netfilter.sys -- (netfilter)
DRV - [2014/05/09 21:07:24 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/03/26 08:24:19 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140818.003\IDSvix86.sys -- (IDSVix86)
DRV - [2014/03/18 05:34:37 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140819.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/03/18 05:34:37 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140819.001\NAVENG.SYS -- (NAVENG)
DRV - [2014/02/28 09:40:00 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 22:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 22:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 22:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1505000.013\symds.sys -- (SymDS)
DRV - [2013/09/09 21:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1505000.013\srtspx.sys -- (SRTSPX)
DRV - [2012/12/07 18:27:50 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2011/07/28 18:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/22 11:35:16 | 000,021,472 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2011/03/10 19:28:24 | 001,281,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/11/20 17:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/19 20:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/15 05:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/10/11 02:09:00 | 001,564,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/15 03:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2005/02/02 18:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpplsbulk.sys -- (HPPLSBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {75F6D7BE-B237-4BF5-8831-54D718E08FE3}
IE - HKLM\..\SearchScopes\{75F6D7BE-B237-4BF5-8831-54D718E08FE3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=21.3.0.12
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13091

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=21.3.0.12
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13091

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=21.3.0.12
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=21.3.0.12
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-620780886-2926265275-769008654-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-620780886-2926265275-769008654-1004\..\SearchScopes,DefaultScope = {1B2522D3-424B-4BA8-8454-10BC631A6203}
IE - HKU\S-1-5-21-620780886-2926265275-769008654-1004\..\SearchScopes\{1B2522D3-424B-4BA8-8454-10BC631A6203}: "URL" = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
IE - HKU\S-1-5-21-620780886-2926265275-769008654-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/03/17 12:23:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/08/19 10:21:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dl l
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dl l
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Disabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Safe = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: Norton Security Toolbar = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: Google Wallet = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/07/16 17:19:36 | 000,450,777 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 10.10.20.100 ezserver
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15472 more lines...
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Idmsq Extension) - {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} - C:\Users\William\AppData\Roaming\IDMSQ\idmsqext.dll (Or Interactive Ltd)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-620780886-2926265275-769008654-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-620780886-2926265275-769008654-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-620780886-2926265275-769008654-1004\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EF7A905-6801-4560-A228-0785628D24D6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\tmpx - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{870b52f6-a965-11e3-be26-d4bed9cd8182}\Shell - "" = AutoRun
O33 - MountPoints2\{870b52f6-a965-11e3-be26-d4bed9cd8182}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a8435f53-35d0-11e3-ae85-d4bed9cd8182}\Shell - "" = AutoRun
O33 - MountPoints2\{a8435f53-35d0-11e3-ae85-d4bed9cd8182}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\GRIM.EXE
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AUTOSTUB.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/19 15:54:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2014/08/19 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2014/08/17 12:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/08/16 11:37:55 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/08/16 11:37:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/08/16 11:37:49 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/08/16 11:37:46 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014/08/16 11:37:46 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/08/16 11:37:46 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/08/16 11:37:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/08/16 11:37:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/08/16 11:37:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/08/16 11:37:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/08/16 11:36:28 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/08/16 08:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/08/15 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/15 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/15 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/15 15:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/08/15 13:52:10 | 000,100,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2014/08/15 13:52:10 | 000,083,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$WASPDBEXPRESS-sqlctr10.52.4033.0.dll
[2014/08/15 13:37:58 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/15 13:37:56 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/15 13:37:55 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/15 13:37:53 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/15 09:09:58 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/08/15 09:09:58 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/15 09:09:55 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/08/15 09:09:55 | 000,307,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/08/15 09:09:55 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/15 09:09:55 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/08/15 09:09:55 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/08/15 09:09:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/08/15 09:09:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/15 09:09:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/08/15 09:09:54 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/15 09:09:54 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/15 09:09:54 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/15 09:09:53 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/15 09:09:53 | 000,663,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/08/15 09:09:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/08/15 09:09:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/08/15 09:09:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/08/15 09:09:52 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/08/15 09:09:51 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/15 09:09:51 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/15 09:09:50 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/08/15 09:09:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/08/15 09:09:49 | 004,204,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/15 09:09:49 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/08/15 09:09:41 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/15 09:09:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/15 09:09:24 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/15 09:09:24 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/15 09:09:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/15 09:09:20 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/15 09:09:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/15 09:09:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014/08/15 09:09:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014/08/15 09:09:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014/08/15 09:09:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/08/15 09:09:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014/08/06 14:26:57 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\EmieUserList
[2014/08/06 14:26:57 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\EmieSiteList
[2014/08/06 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Marie Business
[2014/08/01 14:03:17 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/07/29 16:49:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Dell
[2014/07/29 16:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2014/07/29 16:45:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PCDr
[2014/07/26 12:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2014/07/26 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/07/26 10:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2014/07/26 10:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2014/07/26 10:41:55 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2014/07/25 13:20:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ResidualVM
[2014/07/21 08:57:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Glyph
[2014/07/21 08:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
[2014/07/21 08:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Glyph
[2014/07/21 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Glyph
[2014/06/28 14:17:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/19 15:57:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/19 15:54:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2014/08/19 15:52:15 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/19 15:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/19 10:30:25 | 000,021,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/19 10:30:25 | 000,021,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/19 10:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/19 10:20:27 | 1535,852,544 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/19 08:15:03 | 003,871,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/18 06:17:47 | 000,043,044 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\VT20140818.005
[2014/08/17 12:56:26 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2014/08/17 10:01:45 | 001,548,837 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\Cat.DB
[2014/08/15 15:39:52 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/15 15:03:36 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/15 13:52:11 | 000,818,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/15 13:52:11 | 000,181,306 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/11 12:21:32 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Genie.lnk
[2014/08/11 12:21:31 | 000,001,091 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk
[2014/08/06 21:43:38 | 000,412,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/06 21:39:08 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/01 13:33:22 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\isolate.ini
[2014/07/31 19:16:34 | 000,307,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/26 12:24:17 | 000,000,358 | ---- | M] () -- C:\Windows\scummvm.ini
[2014/07/26 10:41:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/07/26 10:41:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/07/25 13:03:38 | 000,000,831 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/25 13:03:37 | 000,000,851 | ---- | M] () -- C:\Users\Chris\Desktop\µTorrent.lnk
[2014/07/25 09:04:40 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/25 09:03:54 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/07/25 08:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/25 08:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/07/25 08:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/07/25 08:18:49 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/25 08:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/25 08:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/25 08:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/25 08:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/07/25 08:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/07/25 08:06:47 | 004,204,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/25 07:59:29 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/07/25 07:52:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/25 07:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/07/25 07:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/07/25 07:29:33 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/25 07:13:12 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/25 07:09:25 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/25 07:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/25 07:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/07/25 06:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/07/23 01:13:11 | 000,447,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1505000.013\symnets.sys
[2014/07/23 01:13:10 | 000,936,152 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1505000.013\symefa.sys
[2014/07/23 01:13:10 | 000,030,068 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\symvtcer.dat
[2014/07/23 01:13:10 | 000,008,184 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\symnet.cat
[2014/07/23 01:13:10 | 000,008,182 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\symefa.cat
[2014/07/23 01:13:10 | 000,003,433 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\symefa.inf
[2014/07/23 01:13:10 | 000,001,440 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\symnet.inf
[2014/07/23 00:50:26 | 000,664,280 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1505000.013\srtsp.sys
[2014/07/23 00:50:26 | 000,008,176 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\srtsp.cat
[2014/07/23 00:50:26 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\1505000.013\srtsp.inf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/17 12:56:22 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2014/08/15 15:39:50 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/11 12:21:31 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Genie.lnk
[2014/07/26 10:41:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/07/26 10:41:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/07/26 10:31:35 | 000,000,358 | ---- | C] () -- C:\Windows\scummvm.ini
[2014/06/28 14:17:29 | 000,087,608 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2014/06/28 14:17:29 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2014/06/28 14:17:29 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2014/02/28 09:51:24 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2014/01/30 00:12:28 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2014/01/30 00:12:24 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014/01/30 00:12:16 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2014/01/30 00:12:16 | 000,077,312 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2014/01/30 00:12:10 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/11/23 17:50:30 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/09/29 15:55:21 | 000,000,050 | ---- | C] () -- C:\Windows\waspkeys.ini
[2013/09/29 10:23:37 | 000,235,520 | ---- | C] () -- C:\Windows\System32\TALBC.DLL
[2013/08/08 15:21:12 | 000,000,017 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2013/08/07 13:04:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2013/08/07 12:11:00 | 000,546,304 | ---- | C] () -- C:\Windows\System32\HP1006SM.EXE
[2013/08/07 12:11:00 | 000,176,128 | ---- | C] () -- C:\Windows\System32\HP1006LM.DLL
[2013/04/15 05:54:42 | 000,217,600 | ---- | C] () -- C:\Windows\System32\HP1006SMs.DLL
[2013/01/28 15:33:43 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/01/28 15:12:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/10 12:07:01 | 000,000,040 | ---- | C] () -- C:\Windows\EZPOSManager.INI
[2012/12/18 17:20:55 | 000,000,056 | ---- | C] () -- C:\Windows\EZCOMAPI.ini

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/07 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG
[2014/04/01 11:23:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eTeks
[2013/09/29 14:40:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2013/09/29 16:57:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IC7
[2013/09/29 16:48:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IC7.150351B1688FC6D48F6C2DC4BC17C03D0744BEB0 .1
[2014/08/19 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ID Vault
[2014/07/29 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCDr
[2014/08/19 12:13:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2014/07/25 13:20:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ResidualVM
[2014/04/09 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\RIFT
[2013/08/07 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2014/08/06 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2014/06/28 14:17:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2013/08/08 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\AVG
[2014/04/22 09:41:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\ID Vault
[2014/08/07 23:52:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ID Vault
[2014/08/08 02:15:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\uTorrent
[2014/06/26 16:18:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Vso
[2014/08/19 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\ID Vault
[2014/06/28 17:29:48 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\IDM2
[2014/06/28 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\IDMSQ
[2014/02/26 17:20:59 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\RIFT
[2014/06/29 07:42:50 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Systweak

========== Purity Check ==========



< End of report >

Ok, we need to go a bit deeper. Please run this scan below and post both of the logs produced.

While we are using Malware tools I will have this moved to the Malware forum where only qualified helpers can make posts.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download and use any other software that may be advertised on the page.

Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button. DO NOT check any of the Optional Scan options unless requested.
• It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
• The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.

Hi. I've been searching the internet for help and came upon this site. Earlier this month I inadvently managed to get "tuvaro" search bar? engine? I have used adware cleaner, it didn't remove it or find it, tried to find it in my software, tried to delete it in safe mode. Used IObit, Kaspersky (hate it, had trouble deleting it)
Commodo and Microsoft Malicious removal something or other. I can not find it anywhere. It was on Chrome and I couldn't delete it so I just uninstalled Chrome. I'm using IE only now and it stares me in the face every time I log on. Can you please help me?

Originally uninstalled edealspop but it appears to still be in my comp. as well as some other. Malwarebytes and adwcleaner can't find anything and the edeals doesn't show up in the registry so it most likely is using a different name I'm not aware of.

http://tinypic.com/r/2rnzkac/8

This is also causing it to appear on steam as well and causes new pages to pop up to always download something.

http://tinypic.com/r/2607ixj/8

Pages like this pop up when clicking on blank areas on steam. I tried uninstalling steam to see if that would resolve it but after re-installation it kept appearing.

This website "securepaths.com/pixel.cgi" keeps popping up on my chrome browser that I use on my 2013 iMac running mountain lion. I synced my chrome browser between my ipad mini and imac. While I was using chrome on my iPad mini, I noticed it showed that on my imac I had an open tab in chrome with the address securepaths.com/pixel.cgi. I had an issue with this website popping up a few days ago, so I woke my iMac up from sleep and saw on the chrome browser that no tabs with that address were open, so that bothered me. I remembered from a few days ago that same website kept popping up while I was using chrome, so I went to sleep and eventually the computer went into sleep mode as well. When I tried to wake the computer up the next morning by clicking the mouse and eventually typing on the keyboard, nothing happened. I hit the power button and it was moving EXTREMELY slow once the screen lit up. The computer has 16 GB 1600 MHz DDR3 memory and 3.1gz intel core i7 processor so its unusual that it would be slow. I saw that the securepaths website had opened probably 100 tabs on my chrome browser and so I closed them all, ran a AVG virus scan and it said no threats were found. In my chrome browser I have adblock, adblock plus, ghostery, and chrome bleed checker running at the same time. This securepaths.com website bothers me because all the antivirus scans that I run say they can't find any threat, but when I googled securepaths.com/pixel.cgi I found information saying it was a virus/malware that was able to steal personal information and track me. This has me EXTREMELY worried because I access my bank accounts, use credit cards, and had to upload a lot of sensitive personal information to sign up for obamacare on this computer. I would appreciate it if someone could help me remove this because the only removal instructions I could find were for Windows.

I suspect I have have a keylogger installed on my computer. Someone has been using services of mine, such as e-mail and Spotify, that require my password. I feel intruded, to say the least.


My friend tipped me about this site, now I need help. What's the first step?


Thanks in advance to anyone who reaches out to me.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 32 bit
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3036 Mb
Graphics Card: Intel(R) G41 Express Chipset, 1294 Mb
Hard Drives: C: Total - 226958 MB, Free - 195814 MB;
Motherboard: Dell Inc., 07N90W
Antivirus: Bitdefender Antivirus Free Edition, Disabled

Hello Username, welcome to Tech Support Guy's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
• Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
• Please backup important documents before proceeding with my instructions.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.

======================================================

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x64) and save the file to your desktop.
• Right-Click FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
TDSSKiller Scan

• Please download TDSSKiller and save the file to your desktop.
• Right-Click TDSSKiller.exe and select Run as administrator to run the programme.
• Click Change parameters. Place a checkmark next to Detect TDLFS file system.
• ​Click Start Scan. Do not use the computer during the scan.
• If objects are found, change the action to skip.
• Click Continue and close the window.
• A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• FRST.txt
• Addition.txt
• TDSSKiller log

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 32 bit
Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz, x64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 1935 Mb
Graphics Card: Intel(R) HD Graphics, 775 Mb
Hard Drives: C: Total - 30733 MB, Free - 14055 MB; D: Total - 51222 MB, Free - 14176 MB; E: Total - 102445 MB, Free - 41081 MB; F: Total - 61443 MB, Free - 18155 MB; G: Total - 61443 MB, Free - 34528 MB; H: Total - 30733 MB, Free - 13588 MB; I: Total - 307219 MB, Free - 12138 MB; J: Total - 308521 MB, Free - 6766 MB; K: Total - 30780 MB, Free - 8010 MB; L: Total - 256663 MB, Free - 16688 MB; M: Total - 189454 MB, Free - 12596 MB;
Motherboard: Gigabyte Technology Co., Ltd., H61M-S2PV REV 2.2
Antivirus: Microsoft Security Essentials, Updated and Enabled

Hello Techguy,

OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+, x86 Family 15 Model 75 Stepping 2
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 7300 LE, 512 Mb
Hard Drives: C: Total - 305234 MB, Free - 206544 MB;
Motherboard: Dell Inc, 0UW457
Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled


I have recently noticed a pop-up window that appears to look like a browser window. It comes and goes every few minutes and while it's open, it visits websites like outdoor.tv, rider.tv and plays videos. It's clearly not a normal IE browser window. I've closed it out several times but it keeps coming back. I could use some help in identifying and removing it. I've run Avira and Adwclear, and they dont see it. I also have a scan from Farbar I could attach.

Any suggestions? I'd really like to get better at managing these issues.

Thank you!

When I tried to activate AVG through services - I got this messeage:

Windows Error 1260 : ERROR_ACCESS_DISABLED_BY_POLICY: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.

I'm running windows 7. I can log onto the internet but after a few seconds I get kicked off. A pop up says "dos 191.168.1.1". After a few minutes I'm able to access the internet again but the same thing happens. My roommate is using the same network and is not having this problem at all. Any addvice?

I keep getting popups that say I have a virus and many errors. When I tried to download the TSG I got so many popups I don't know which one it is. While doing so it says I have a missing driver.

Are you seeing anything on the screen when it turns on? Error messages?

Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

Download to Desktop: DDS by sUBs from one of the below locations

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe

double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start

Do not select any other options unless specifically told to

When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

Save both reports to your desktop.
DDS.txt
Attach.txt

post the contents of both logs back here.

Hiya

Are you still having this problem? If so, can you do the following:

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


-------------

After doing the above, can you run the following and post the logs they create:

Download Security Check from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----

Please download Malwarebytes' Anti-Malware from Here or Here

• Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  
• During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
  
  
  
• If an update is found, it will download and install the latest updates automatically:
  
  
  
• Now select the Settings tab, and check the box next to Scan for rootkits:
  
  
  
• Go back to the Dashboard tab, and click the Scan Now button:
  
  
  
• The scan may take some time to finish,so please be patient.
  
  
  
• When the scan is complete, it will show you the results. (This one is clean):
  
  
  
• Make sure that everything is checked, and click Quarantine All (or similar).
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
  
  
  
• The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
  
  
  
• Choose the latest Scan Log, and click on the View button:
  
  
  
• In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
  
  
  
• Copy & Paste the entire contents of the report log in your next reply.
  
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


----------


Go here, to download and save AdwCleaner.exe to your desktop.



Just click on the Download Now @BleepingComputer

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the Scan button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the Report button.

Return here to your thread, then copy-and-paste the ENTIRE log here

---------

Thanks

eddie

Attached Files

fixlist.txt (2.2 KB)

Download to Desktop: DDS by sUBs from one of the below locations

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe

double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start

Do not select any other options unless specifically told to

When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

Save both reports to your desktop.
DDS.txt
Attach.txt

post the contents of both logs back here.

Howdy, Tech Support Guys/Gals!

My cousin gave me her laptop to try to de-virus, and I am at my wits end with it. One of my friends told me about the help he got here, so I decided to give it a go - I am by no means a tech support professional, and decided it'd be better off for people with a knowledge of the subject to take a look at it.

The cousin was pretty vague on what exactly caused the issue(s) in question, but did give me some symptoms to run with - hope these help.

-Won't start up correctly - error messages like: HP connector is not working / your (X) has compatibility issues / Windows has not shut down properly-will take an hour or so to reboot afterwards
-Runs slowly
-"Pop-ups" - "X" has stopped working, with random program/driver names
- I noticed that the laptop took a long time to run simple tasks- opening Chrome took a good 20 - 40 seconds

And below, the system info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-350 Processor, AMD64 Family 20 Model 1 Stepping 0
Processor Count: 2
RAM: 2793 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 256 Mb
Hard Drives: C: Total - 290808 MB, Free - 119765 MB;
Motherboard: Acer, HMA71_BZ
Antivirus: AVG AntiVirus Free Edition 2013, Updated and Enabled

Any help would be appreciated. Thank you!