Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect Virus

Unread postby gugluizza » March 17th, 2013, 8:54 pm

It seems as though my computer has a Google Redirect Virus. Whenever I do a search using Google (I use Internet Explorer v9 on my Windows 7 PC), I am redirexcted to a malicious website after clicking on one of the search results.

I have run a full scan with both McAfee as well as MalwareBytes, but both come back clean.

Attached is my HiJackThis log.

Please let me know what I can do to remove this from my PC.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:06 PM, on 3/17/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {07364a98-eb02-4736-bc54-ebe437fccb87} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sqaok] rundll32 "C:\Users\Michael Gugluizza\AppData\Roaming\lxcydrsj.dll",vllwzdf
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.34 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 12538 bytes
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm
Advertisement
Register to Remove

Re: Google Redirect Virus

Unread postby Gary R » March 18th, 2013, 2:20 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirect Virus

Unread postby Gary R » March 18th, 2013, 2:27 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi gugluizza

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


HijackThis is pretty much obsolete as an analysis tool these days, and we no longer use it to investigate people's computer problems since it does not look at the areas of your computer that we need to look at.

So before we go any further, I'm going to need you to run a couple of other scans for me, to see if we can get an idea of what is causing your re-directs.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirect Virus

Unread postby gugluizza » March 18th, 2013, 7:16 am

The next 3 posts will be for each log file that you requested

TDSSKiller log

06:12:35.0856 4928 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:12:37.0291 4928 ============================================================
06:12:37.0291 4928 Current date / time: 2013/03/18 06:12:37.0291
06:12:37.0291 4928 SystemInfo:
06:12:37.0291 4928
06:12:37.0291 4928 OS Version: 6.1.7601 ServicePack: 1.0
06:12:37.0291 4928 Product type: Workstation
06:12:37.0291 4928 ComputerName: MICHAELGUGLUIZZ
06:12:37.0291 4928 UserName: Michael Gugluizza
06:12:37.0291 4928 Windows directory: C:\Windows
06:12:37.0291 4928 System windows directory: C:\Windows
06:12:37.0291 4928 Processor architecture: Intel x86
06:12:37.0291 4928 Number of processors: 2
06:12:37.0291 4928 Page size: 0x1000
06:12:37.0291 4928 Boot type: Normal boot
06:12:37.0291 4928 ============================================================
06:12:38.0695 4928 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:12:38.0726 4928 ============================================================
06:12:38.0726 4928 \Device\Harddisk0\DR0:
06:12:38.0726 4928 MBR partitions:
06:12:38.0726 4928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
06:12:38.0726 4928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x1D01D800
06:12:38.0726 4928 ============================================================
06:12:38.0789 4928 C: <-> \Device\Harddisk0\DR0\Partition2
06:12:38.0789 4928 ============================================================
06:12:38.0789 4928 Initialize success
06:12:38.0789 4928 ============================================================
06:12:42.0735 3088 ============================================================
06:12:42.0735 3088 Scan started
06:12:42.0735 3088 Mode: Manual;
06:12:42.0735 3088 ============================================================
06:12:44.0311 3088 ================ Scan system memory ========================
06:12:44.0311 3088 System memory - ok
06:12:44.0311 3088 ================ Scan services =============================
06:12:44.0451 3088 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:12:44.0451 3088 1394ohci - ok
06:12:44.0514 3088 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:12:44.0529 3088 ACPI - ok
06:12:44.0545 3088 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:12:44.0545 3088 AcpiPmi - ok
06:12:44.0717 3088 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
06:12:44.0717 3088 AdobeActiveFileMonitor10.0 - ok
06:12:44.0857 3088 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
06:12:44.0857 3088 AdobeARMservice - ok
06:12:44.0951 3088 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:12:44.0951 3088 AdobeFlashPlayerUpdateSvc - ok
06:12:44.0997 3088 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:12:44.0997 3088 adp94xx - ok
06:12:45.0029 3088 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:12:45.0029 3088 adpahci - ok
06:12:45.0044 3088 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:12:45.0044 3088 adpu320 - ok
06:12:45.0060 3088 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:12:45.0060 3088 AeLookupSvc - ok
06:12:45.0138 3088 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
06:12:45.0138 3088 AFD - ok
06:12:45.0169 3088 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
06:12:45.0169 3088 agp440 - ok
06:12:45.0216 3088 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
06:12:45.0216 3088 aic78xx - ok
06:12:45.0278 3088 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
06:12:45.0278 3088 ALG - ok
06:12:45.0309 3088 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
06:12:45.0309 3088 aliide - ok
06:12:45.0341 3088 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
06:12:45.0341 3088 amdagp - ok
06:12:45.0356 3088 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
06:12:45.0356 3088 amdide - ok
06:12:45.0387 3088 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:12:45.0387 3088 AmdK8 - ok
06:12:45.0387 3088 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:12:45.0387 3088 AmdPPM - ok
06:12:45.0419 3088 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:12:45.0434 3088 amdsata - ok
06:12:45.0465 3088 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:12:45.0465 3088 amdsbs - ok
06:12:45.0481 3088 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:12:45.0481 3088 amdxata - ok
06:12:45.0512 3088 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
06:12:45.0512 3088 AppID - ok
06:12:45.0559 3088 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:12:45.0559 3088 AppIDSvc - ok
06:12:45.0590 3088 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
06:12:45.0590 3088 Appinfo - ok
06:12:45.0699 3088 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:12:45.0699 3088 Apple Mobile Device - ok
06:12:45.0746 3088 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
06:12:45.0746 3088 AppMgmt - ok
06:12:45.0777 3088 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
06:12:45.0793 3088 arc - ok
06:12:45.0809 3088 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:12:45.0809 3088 arcsas - ok
06:12:45.0855 3088 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:12:45.0887 3088 aspnet_state - ok
06:12:45.0918 3088 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:12:45.0933 3088 AsyncMac - ok
06:12:45.0949 3088 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
06:12:45.0949 3088 atapi - ok
06:12:45.0980 3088 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:12:45.0980 3088 AudioEndpointBuilder - ok
06:12:45.0996 3088 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
06:12:45.0996 3088 Audiosrv - ok
06:12:46.0011 3088 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:12:46.0011 3088 AxInstSV - ok
06:12:46.0105 3088 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
06:12:46.0136 3088 b06bdrv - ok
06:12:46.0245 3088 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
06:12:46.0245 3088 b57nd60x - ok
06:12:46.0370 3088 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
06:12:46.0386 3088 BDESVC - ok
06:12:46.0479 3088 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
06:12:46.0479 3088 Beep - ok
06:12:46.0635 3088 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
06:12:46.0635 3088 BFE - ok
06:12:47.0010 3088 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
06:12:47.0010 3088 BITS - ok
06:12:47.0025 3088 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:12:47.0025 3088 blbdrive - ok
06:12:47.0072 3088 [ D2F8D15F4852920E1F6B769E982414AD ] Blfp C:\Windows\system32\DRIVERS\basp.sys
06:12:47.0072 3088 Blfp - ok
06:12:47.0135 3088 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:12:47.0135 3088 Bonjour Service - ok
06:12:47.0197 3088 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:12:47.0197 3088 bowser - ok
06:12:47.0244 3088 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:12:47.0275 3088 BrFiltLo - ok
06:12:47.0275 3088 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:12:47.0275 3088 BrFiltUp - ok
06:12:47.0322 3088 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
06:12:47.0322 3088 Browser - ok
06:12:47.0353 3088 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:12:47.0353 3088 Brserid - ok
06:12:47.0369 3088 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:12:47.0369 3088 BrSerWdm - ok
06:12:47.0369 3088 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:12:47.0369 3088 BrUsbMdm - ok
06:12:47.0384 3088 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:12:47.0384 3088 BrUsbSer - ok
06:12:47.0384 3088 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:12:47.0384 3088 BTHMODEM - ok
06:12:47.0415 3088 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
06:12:47.0415 3088 bthserv - ok
06:12:47.0447 3088 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:12:47.0447 3088 cdfs - ok
06:12:47.0493 3088 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
06:12:47.0493 3088 cdrom - ok
06:12:47.0540 3088 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
06:12:47.0540 3088 CertPropSvc - ok
06:12:47.0587 3088 [ 67B20DA4727F54AEA29FDDAD810C898D ] cfwids C:\Windows\system32\drivers\cfwids.sys
06:12:47.0587 3088 cfwids - ok
06:12:47.0618 3088 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:12:47.0634 3088 circlass - ok
06:12:47.0681 3088 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
06:12:47.0681 3088 CLFS - ok
06:12:47.0696 3088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:12:47.0712 3088 clr_optimization_v2.0.50727_32 - ok
06:12:47.0790 3088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:12:47.0790 3088 clr_optimization_v4.0.30319_32 - ok
06:12:47.0821 3088 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:12:47.0821 3088 CmBatt - ok
06:12:47.0837 3088 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:12:47.0837 3088 cmdide - ok
06:12:47.0868 3088 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
06:12:47.0868 3088 CNG - ok
06:12:47.0883 3088 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:12:47.0883 3088 Compbatt - ok
06:12:47.0915 3088 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:12:47.0915 3088 CompositeBus - ok
06:12:47.0930 3088 COMSysApp - ok
06:12:47.0946 3088 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:12:47.0946 3088 crcdisk - ok
06:12:48.0008 3088 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:12:48.0008 3088 CryptSvc - ok
06:12:48.0055 3088 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
06:12:48.0055 3088 CSC - ok
06:12:48.0102 3088 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
06:12:48.0102 3088 CscService - ok
06:12:48.0149 3088 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
06:12:48.0149 3088 DcomLaunch - ok
06:12:48.0180 3088 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
06:12:48.0180 3088 defragsvc - ok
06:12:48.0227 3088 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:12:48.0227 3088 DfsC - ok
06:12:48.0273 3088 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
06:12:48.0273 3088 Dhcp - ok
06:12:48.0305 3088 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
06:12:48.0305 3088 discache - ok
06:12:48.0336 3088 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:12:48.0351 3088 Disk - ok
06:12:48.0383 3088 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:12:48.0383 3088 Dnscache - ok
06:12:48.0414 3088 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
06:12:48.0429 3088 dot3svc - ok
06:12:48.0461 3088 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
06:12:48.0461 3088 DPS - ok
06:12:48.0492 3088 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:12:48.0492 3088 drmkaud - ok
06:12:48.0523 3088 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:12:48.0539 3088 DXGKrnl - ok
06:12:48.0554 3088 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
06:12:48.0585 3088 EapHost - ok
06:12:48.0897 3088 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
06:12:48.0991 3088 ebdrv - ok
06:12:49.0022 3088 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
06:12:49.0022 3088 EFS - ok
06:12:49.0163 3088 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:12:49.0194 3088 ehRecvr - ok
06:12:49.0241 3088 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
06:12:49.0256 3088 ehSched - ok
06:12:49.0303 3088 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:12:49.0303 3088 elxstor - ok
06:12:49.0334 3088 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:12:49.0334 3088 ErrDev - ok
06:12:49.0412 3088 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
06:12:49.0412 3088 EventSystem - ok
06:12:49.0428 3088 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
06:12:49.0428 3088 exfat - ok
06:12:49.0443 3088 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:12:49.0459 3088 fastfat - ok
06:12:49.0506 3088 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
06:12:49.0537 3088 Fax - ok
06:12:49.0568 3088 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:12:49.0568 3088 fdc - ok
06:12:49.0584 3088 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
06:12:49.0584 3088 fdPHost - ok
06:12:49.0631 3088 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
06:12:49.0631 3088 FDResPub - ok
06:12:49.0646 3088 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:12:49.0646 3088 FileInfo - ok
06:12:49.0677 3088 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:12:49.0693 3088 Filetrace - ok
06:12:49.0709 3088 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:12:49.0709 3088 flpydisk - ok
06:12:49.0771 3088 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:12:49.0771 3088 FltMgr - ok
06:12:49.0880 3088 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
06:12:49.0880 3088 FontCache - ok
06:12:49.0989 3088 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:12:49.0989 3088 FontCache3.0.0.0 - ok
06:12:50.0005 3088 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:12:50.0005 3088 FsDepends - ok
06:12:50.0021 3088 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:12:50.0036 3088 Fs_Rec - ok
06:12:50.0114 3088 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:12:50.0114 3088 fvevol - ok
06:12:50.0177 3088 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:12:50.0177 3088 gagp30kx - ok
06:12:50.0223 3088 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:12:50.0223 3088 GEARAspiWDM - ok
06:12:50.0255 3088 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
06:12:50.0255 3088 gpsvc - ok
06:12:50.0301 3088 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
06:12:50.0317 3088 gupdate - ok
06:12:50.0333 3088 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
06:12:50.0333 3088 gupdatem - ok
06:12:50.0348 3088 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:12:50.0348 3088 hcw85cir - ok
06:12:50.0411 3088 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:12:50.0411 3088 HDAudBus - ok
06:12:50.0442 3088 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:12:50.0442 3088 HidBatt - ok
06:12:50.0457 3088 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:12:50.0473 3088 HidBth - ok
06:12:50.0473 3088 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:12:50.0473 3088 HidIr - ok
06:12:50.0504 3088 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
06:12:50.0504 3088 hidserv - ok
06:12:50.0551 3088 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:12:50.0551 3088 HidUsb - ok
06:12:50.0660 3088 [ 8F72C4916A288485812745DC5AF873FC ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
06:12:50.0676 3088 HipShieldK - ok
06:12:50.0738 3088 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:12:50.0738 3088 hkmsvc - ok
06:12:50.0801 3088 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:12:50.0816 3088 HomeGroupListener - ok
06:12:50.0847 3088 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:12:50.0847 3088 HomeGroupProvider - ok
06:12:51.0035 3088 [ 31FB9D7453C424D14A6C3927483E5E60 ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
06:12:51.0050 3088 HomeNetSvc - ok
06:12:51.0113 3088 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:12:51.0113 3088 HpSAMD - ok
06:12:51.0191 3088 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:12:51.0191 3088 HTTP - ok
06:12:51.0206 3088 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:12:51.0206 3088 hwpolicy - ok
06:12:51.0253 3088 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:12:51.0269 3088 i8042prt - ok
06:12:51.0331 3088 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:12:51.0331 3088 iaStorV - ok
06:12:51.0425 3088 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:12:51.0456 3088 idsvc - ok
06:12:52.0017 3088 [ C5589781F75DE0BFB26E221649C80D00 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
06:12:52.0049 3088 igfx - ok
06:12:52.0142 3088 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:12:52.0142 3088 iirsp - ok
06:12:52.0236 3088 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
06:12:52.0251 3088 IKEEXT - ok
06:12:52.0423 3088 [ 2D8D9516281E27A721897A388F17DEFB ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHDA.sys
06:12:52.0454 3088 IntcAzAudAddService - ok
06:12:52.0501 3088 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
06:12:52.0501 3088 intelide - ok
06:12:52.0517 3088 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:12:52.0517 3088 intelppm - ok
06:12:52.0548 3088 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:12:52.0563 3088 IPBusEnum - ok
06:12:52.0563 3088 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:12:52.0579 3088 IpFilterDriver - ok
06:12:52.0688 3088 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:12:52.0688 3088 iphlpsvc - ok
06:12:52.0719 3088 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:12:52.0735 3088 IPMIDRV - ok
06:12:52.0751 3088 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:12:52.0751 3088 IPNAT - ok
06:12:52.0813 3088 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:12:52.0813 3088 iPod Service - ok
06:12:52.0875 3088 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:12:52.0875 3088 IRENUM - ok
06:12:52.0891 3088 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:12:52.0907 3088 isapnp - ok
06:12:52.0969 3088 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:12:52.0969 3088 iScsiPrt - ok
06:12:53.0000 3088 [ 62632763D9B2B7F92D2968D40406E7AA ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
06:12:53.0000 3088 k57nd60x - ok
06:12:53.0031 3088 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:12:53.0031 3088 kbdclass - ok
06:12:53.0047 3088 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:12:53.0047 3088 kbdhid - ok
06:12:53.0063 3088 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
06:12:53.0063 3088 KeyIso - ok
06:12:53.0078 3088 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:12:53.0078 3088 KSecDD - ok
06:12:53.0109 3088 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:12:53.0109 3088 KSecPkg - ok
06:12:53.0172 3088 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
06:12:53.0172 3088 KtmRm - ok
06:12:53.0219 3088 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
06:12:53.0219 3088 LanmanServer - ok
06:12:53.0250 3088 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:12:53.0250 3088 LanmanWorkstation - ok
06:12:53.0281 3088 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:12:53.0281 3088 lltdio - ok
06:12:53.0328 3088 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:12:53.0343 3088 lltdsvc - ok
06:12:53.0359 3088 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
06:12:53.0359 3088 lmhosts - ok
06:12:53.0390 3088 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:12:53.0390 3088 LSI_FC - ok
06:12:53.0421 3088 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:12:53.0421 3088 LSI_SAS - ok
06:12:53.0437 3088 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:12:53.0437 3088 LSI_SAS2 - ok
06:12:53.0453 3088 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:12:53.0468 3088 LSI_SCSI - ok
06:12:53.0484 3088 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
06:12:53.0484 3088 luafv - ok
06:12:53.0546 3088 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
06:12:53.0546 3088 LVRS - ok
06:12:53.0811 3088 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
06:12:53.0827 3088 LVUVC - ok
06:12:53.0858 3088 lxcy_device - ok
06:12:53.0921 3088 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
06:12:53.0921 3088 McAfee SiteAdvisor Service - ok
06:12:54.0139 3088 [ 3A346239CD2D75BE7F54BE7E28EB5E4F ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
06:12:54.0139 3088 McAWFwk - ok
06:12:54.0170 3088 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
06:12:54.0170 3088 McciCMService - ok
06:12:54.0248 3088 [ EEE1EA23C4777ADB268A36196A631200 ] McciServiceHost C:\Program Files\Common Files\Motive\McciServiceHost.exe
06:12:54.0248 3088 McciServiceHost - ok
06:12:54.0389 3088 [ 31FB9D7453C424D14A6C3927483E5E60 ] McMPFSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
06:12:54.0389 3088 McMPFSvc - ok
06:12:54.0435 3088 [ 31FB9D7453C424D14A6C3927483E5E60 ] McNaiAnn C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
06:12:54.0435 3088 McNaiAnn - ok
06:12:54.0576 3088 [ 2D5BA691B249789E70ED787B8C769A53 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
06:12:54.0576 3088 McODS - ok
06:12:54.0638 3088 [ ECAB006AC6136F1307E140B633CDB8C2 ] McOobeSv C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
06:12:54.0638 3088 McOobeSv - ok
06:12:54.0732 3088 [ 31FB9D7453C424D14A6C3927483E5E60 ] mcpltsvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
06:12:54.0747 3088 mcpltsvc - ok
06:12:54.0810 3088 [ 31FB9D7453C424D14A6C3927483E5E60 ] McProxy C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
06:12:54.0810 3088 McProxy - ok
06:12:54.0841 3088 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:12:54.0857 3088 Mcx2Svc - ok
06:12:54.0888 3088 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:12:54.0903 3088 megasas - ok
06:12:54.0919 3088 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:12:54.0919 3088 MegaSR - ok
06:12:54.0981 3088 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
06:12:54.0981 3088 mfeapfk - ok
06:12:55.0044 3088 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
06:12:55.0044 3088 mfeavfk - ok
06:12:55.0091 3088 mfeavfk01 - ok
06:12:55.0153 3088 [ E3470DECDA0A4015A0CA00ED645F2EBE ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
06:12:55.0169 3088 mfebopk - ok
06:12:55.0262 3088 [ A687B3EEED3E8B305AC247DEC61EE362 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
06:12:55.0278 3088 mfecore - ok
06:12:55.0418 3088 [ 4E13EA496E202BCB4FCC342D96FAF83A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
06:12:55.0418 3088 mfefire - ok
06:12:55.0543 3088 [ C8AC8147E02ED8795E1FD946165BACCF ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
06:12:55.0543 3088 mfefirek - ok
06:12:55.0637 3088 [ 7AAF92954D8D2801B17A1163C60ABFE9 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
06:12:55.0683 3088 mfehidk - ok
06:12:55.0808 3088 [ 7401E85D5D4B5B0F6A3098EBEE0639AA ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys
06:12:55.0808 3088 mfencbdc - ok
06:12:55.0824 3088 [ 439B06E366643B32D549B939780742BE ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys
06:12:55.0824 3088 mfencrk - ok
06:12:55.0902 3088 [ 82B7415D5A8FB24D3F6736400F5E1600 ] mfevtp C:\Windows\system32\mfevtps.exe
06:12:55.0902 3088 mfevtp - ok
06:12:55.0933 3088 [ 15F92BCD5CB189F5CC7D2F2381F179AC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
06:12:55.0949 3088 mfewfpk - ok
06:12:55.0964 3088 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
06:12:55.0964 3088 MMCSS - ok
06:12:55.0980 3088 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
06:12:55.0980 3088 Modem - ok
06:12:55.0995 3088 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:12:55.0995 3088 monitor - ok
06:12:56.0042 3088 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:12:56.0042 3088 mouclass - ok
06:12:56.0073 3088 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:12:56.0073 3088 mouhid - ok
06:12:56.0120 3088 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:12:56.0120 3088 mountmgr - ok
06:12:56.0136 3088 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
06:12:56.0151 3088 mpio - ok
06:12:56.0167 3088 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:12:56.0167 3088 mpsdrv - ok
06:12:56.0198 3088 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:12:56.0214 3088 MpsSvc - ok
06:12:56.0245 3088 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
06:12:56.0245 3088 MREMP50 - ok
06:12:56.0245 3088 MREMPR5 - ok
06:12:56.0245 3088 MRENDIS5 - ok
06:12:56.0385 3088 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
06:12:56.0385 3088 MRESP50 - ok
06:12:56.0417 3088 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:12:56.0432 3088 MRxDAV - ok
06:12:56.0463 3088 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:12:56.0463 3088 mrxsmb - ok
06:12:56.0495 3088 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:12:56.0495 3088 mrxsmb10 - ok
06:12:56.0495 3088 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:12:56.0495 3088 mrxsmb20 - ok
06:12:56.0526 3088 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
06:12:56.0526 3088 msahci - ok
06:12:56.0541 3088 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:12:56.0541 3088 msdsm - ok
06:12:56.0588 3088 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
06:12:56.0604 3088 MSDTC - ok
06:12:56.0635 3088 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:12:56.0635 3088 Msfs - ok
06:12:56.0651 3088 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:12:56.0651 3088 mshidkmdf - ok
06:12:56.0697 3088 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:12:56.0697 3088 msisadrv - ok
06:12:56.0729 3088 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:12:56.0729 3088 MSiSCSI - ok
06:12:56.0729 3088 msiserver - ok
06:12:56.0775 3088 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:12:56.0791 3088 MSKSSRV - ok
06:12:56.0807 3088 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:12:56.0807 3088 MSPCLOCK - ok
06:12:56.0807 3088 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:12:56.0822 3088 MSPQM - ok
06:12:56.0838 3088 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:12:56.0838 3088 MsRPC - ok
06:12:56.0853 3088 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:12:56.0853 3088 mssmbios - ok
06:12:56.0885 3088 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:12:56.0885 3088 MSTEE - ok
06:12:56.0900 3088 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:12:56.0900 3088 MTConfig - ok
06:12:56.0916 3088 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
06:12:56.0916 3088 Mup - ok
06:12:56.0963 3088 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
06:12:56.0994 3088 napagent - ok
06:12:57.0041 3088 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:12:57.0041 3088 NativeWifiP - ok
06:12:57.0103 3088 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:12:57.0119 3088 NDIS - ok
06:12:57.0150 3088 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:12:57.0150 3088 NdisCap - ok
06:12:57.0165 3088 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:12:57.0165 3088 NdisTapi - ok
06:12:57.0212 3088 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:12:57.0275 3088 Ndisuio - ok
06:12:57.0321 3088 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:12:57.0321 3088 NdisWan - ok
06:12:57.0353 3088 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:12:57.0353 3088 NDProxy - ok
06:12:57.0384 3088 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:12:57.0384 3088 NetBIOS - ok
06:12:57.0431 3088 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:12:57.0431 3088 NetBT - ok
06:12:57.0446 3088 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
06:12:57.0446 3088 Netlogon - ok
06:12:57.0587 3088 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
06:12:57.0587 3088 Netman - ok
06:12:57.0665 3088 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
06:12:57.0680 3088 netprofm - ok
06:12:57.0727 3088 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:12:57.0727 3088 NetTcpPortSharing - ok
06:12:57.0774 3088 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:12:57.0789 3088 nfrd960 - ok
06:12:57.0836 3088 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
06:12:57.0836 3088 NlaSvc - ok
06:12:57.0867 3088 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:12:57.0867 3088 Npfs - ok
06:12:57.0899 3088 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
06:12:57.0899 3088 nsi - ok
06:12:57.0914 3088 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:12:57.0914 3088 nsiproxy - ok
06:12:58.0008 3088 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:12:58.0055 3088 Ntfs - ok
06:12:58.0070 3088 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
06:12:58.0070 3088 Null - ok
06:12:58.0133 3088 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:12:58.0133 3088 nvraid - ok
06:12:58.0164 3088 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:12:58.0164 3088 nvstor - ok
06:12:58.0226 3088 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:12:58.0226 3088 nv_agp - ok
06:12:58.0257 3088 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:12:58.0257 3088 ohci1394 - ok
06:12:58.0320 3088 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:12:58.0320 3088 ose - ok
06:12:58.0523 3088 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:12:58.0616 3088 osppsvc - ok
06:12:58.0663 3088 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:12:58.0663 3088 p2pimsvc - ok
06:12:58.0710 3088 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
06:12:58.0725 3088 p2psvc - ok
06:12:58.0772 3088 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:12:58.0772 3088 Parport - ok
06:12:58.0803 3088 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:12:58.0803 3088 partmgr - ok
06:12:58.0819 3088 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
06:12:58.0835 3088 Parvdm - ok
06:12:58.0866 3088 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
06:12:58.0866 3088 PBADRV - ok
06:12:58.0913 3088 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:12:58.0913 3088 PcaSvc - ok
06:12:58.0944 3088 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
06:12:58.0944 3088 pci - ok
06:12:58.0975 3088 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
06:12:58.0975 3088 pciide - ok
06:12:58.0991 3088 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:12:58.0991 3088 pcmcia - ok
06:12:59.0006 3088 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
06:12:59.0022 3088 pcw - ok
06:12:59.0084 3088 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:12:59.0084 3088 PEAUTH - ok
06:12:59.0178 3088 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
06:12:59.0193 3088 PeerDistSvc - ok
06:12:59.0303 3088 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
06:12:59.0334 3088 pla - ok
06:12:59.0381 3088 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:12:59.0396 3088 PlugPlay - ok
06:12:59.0412 3088 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:12:59.0427 3088 PNRPAutoReg - ok
06:12:59.0443 3088 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:12:59.0443 3088 PNRPsvc - ok
06:12:59.0490 3088 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:12:59.0490 3088 PolicyAgent - ok
06:12:59.0521 3088 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
06:12:59.0521 3088 Power - ok
06:12:59.0552 3088 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:12:59.0552 3088 PptpMiniport - ok
06:12:59.0568 3088 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:12:59.0568 3088 Processor - ok
06:12:59.0646 3088 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
06:12:59.0646 3088 ProfSvc - ok
06:12:59.0677 3088 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:12:59.0677 3088 ProtectedStorage - ok
06:12:59.0739 3088 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:12:59.0739 3088 Psched - ok
06:12:59.0771 3088 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
06:12:59.0771 3088 PxHelp20 - ok
06:13:00.0020 3088 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:13:00.0051 3088 ql2300 - ok
06:13:00.0098 3088 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:13:00.0098 3088 ql40xx - ok
06:13:00.0223 3088 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
06:13:00.0254 3088 QWAVE - ok
06:13:00.0285 3088 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:13:00.0301 3088 QWAVEdrv - ok
06:13:00.0317 3088 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:13:00.0348 3088 RasAcd - ok
06:13:00.0473 3088 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:13:00.0473 3088 RasAgileVpn - ok
06:13:00.0535 3088 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
06:13:00.0566 3088 RasAuto - ok
06:13:00.0675 3088 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:13:00.0675 3088 Rasl2tp - ok
06:13:00.0831 3088 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
06:13:00.0847 3088 RasMan - ok
06:13:00.0878 3088 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:13:00.0878 3088 RasPppoe - ok
06:13:00.0925 3088 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:13:00.0925 3088 RasSstp - ok
06:13:01.0019 3088 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:13:01.0019 3088 rdbss - ok
06:13:01.0097 3088 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:13:01.0097 3088 rdpbus - ok
06:13:01.0143 3088 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:13:01.0143 3088 RDPCDD - ok
06:13:01.0221 3088 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
06:13:01.0221 3088 RDPDR - ok
06:13:01.0315 3088 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:13:01.0315 3088 RDPENCDD - ok
06:13:01.0346 3088 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:13:01.0346 3088 RDPREFMP - ok
06:13:01.0440 3088 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:13:01.0455 3088 RDPWD - ok
06:13:01.0533 3088 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:13:01.0533 3088 rdyboost - ok
06:13:01.0596 3088 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
06:13:01.0627 3088 RemoteAccess - ok
06:13:01.0721 3088 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:13:01.0736 3088 RemoteRegistry - ok
06:13:02.0064 3088 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
06:13:02.0126 3088 RoxMediaDB12OEM - ok
06:13:02.0157 3088 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
06:13:02.0157 3088 RoxWatch12 - ok
06:13:02.0220 3088 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:13:02.0220 3088 RpcEptMapper - ok
06:13:02.0251 3088 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
06:13:02.0251 3088 RpcLocator - ok
06:13:02.0267 3088 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
06:13:02.0267 3088 RpcSs - ok
06:13:02.0360 3088 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:13:02.0360 3088 rspndr - ok
06:13:02.0391 3088 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
06:13:02.0423 3088 s3cap - ok
06:13:02.0485 3088 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
06:13:02.0485 3088 SamSs - ok
06:13:02.0563 3088 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:13:02.0563 3088 sbp2port - ok
06:13:02.0641 3088 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:13:02.0703 3088 SCardSvr - ok
06:13:02.0750 3088 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:13:02.0766 3088 scfilter - ok
06:13:02.0891 3088 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
06:13:02.0891 3088 Schedule - ok
06:13:02.0937 3088 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:13:02.0937 3088 SCPolicySvc - ok
06:13:03.0000 3088 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:13:03.0000 3088 SDRSVC - ok
06:13:03.0062 3088 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:13:03.0062 3088 secdrv - ok
06:13:03.0125 3088 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
06:13:03.0125 3088 seclogon - ok
06:13:03.0250 3088 [ 6ABF8E8AE3800CCF84D9AE6865A641E5 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
06:13:03.0282 3088 SecureStorageService - ok
06:13:03.0360 3088 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
06:13:03.0360 3088 SENS - ok
06:13:03.0391 3088 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:13:03.0422 3088 SensrSvc - ok
06:13:03.0484 3088 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:13:03.0484 3088 Serenum - ok
06:13:03.0547 3088 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:13:03.0547 3088 Serial - ok
06:13:03.0562 3088 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:13:03.0562 3088 sermouse - ok
06:13:03.0656 3088 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
06:13:03.0672 3088 SessionEnv - ok
06:13:03.0750 3088 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:13:03.0765 3088 sffdisk - ok
06:13:03.0828 3088 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:13:03.0828 3088 sffp_mmc - ok
06:13:03.0828 3088 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:13:03.0843 3088 sffp_sd - ok
06:13:03.0874 3088 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:13:03.0874 3088 sfloppy - ok
06:13:03.0906 3088 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:13:03.0906 3088 SharedAccess - ok
06:13:03.0921 3088 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:13:03.0937 3088 ShellHWDetection - ok
06:13:03.0968 3088 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
06:13:03.0968 3088 sisagp - ok
06:13:04.0015 3088 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:13:04.0015 3088 SiSRaid2 - ok
06:13:04.0030 3088 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:13:04.0030 3088 SiSRaid4 - ok
06:13:04.0233 3088 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
06:13:04.0233 3088 SkypeUpdate - ok
06:13:04.0264 3088 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:13:04.0264 3088 Smb - ok
06:13:04.0296 3088 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:13:04.0311 3088 SNMPTRAP - ok
06:13:04.0342 3088 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
06:13:04.0342 3088 spldr - ok
06:13:04.0374 3088 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
06:13:04.0389 3088 Spooler - ok
06:13:04.0452 3088 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
06:13:04.0467 3088 sppsvc - ok
06:13:04.0592 3088 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:13:04.0608 3088 sppuinotify - ok
06:13:04.0748 3088 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:13:04.0748 3088 srv - ok
06:13:04.0764 3088 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:13:04.0764 3088 srv2 - ok
06:13:04.0779 3088 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:13:04.0779 3088 srvnet - ok
06:13:04.0810 3088 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:13:04.0810 3088 SSDPSRV - ok
06:13:04.0842 3088 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:13:04.0842 3088 SstpSvc - ok
06:13:04.0857 3088 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:13:04.0857 3088 stexstor - ok
06:13:04.0888 3088 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
06:13:04.0904 3088 StiSvc - ok
06:13:04.0935 3088 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
06:13:04.0935 3088 stllssvr - ok
06:13:04.0966 3088 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
06:13:04.0966 3088 storflt - ok
06:13:04.0982 3088 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
06:13:04.0998 3088 StorSvc - ok
06:13:05.0029 3088 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
06:13:05.0029 3088 storvsc - ok
06:13:05.0044 3088 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
06:13:05.0044 3088 swenum - ok
06:13:05.0076 3088 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
06:13:05.0076 3088 swprv - ok
06:13:05.0154 3088 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
06:13:05.0169 3088 SysMain - ok
06:13:05.0216 3088 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:13:05.0232 3088 TabletInputService - ok
06:13:05.0263 3088 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
06:13:05.0294 3088 TapiSrv - ok
06:13:05.0325 3088 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
06:13:05.0341 3088 TBS - ok
06:13:05.0388 3088 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:13:05.0388 3088 Tcpip - ok
06:13:05.0450 3088 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:13:05.0466 3088 TCPIP6 - ok
06:13:05.0512 3088 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:13:05.0512 3088 tcpipreg - ok
06:13:05.0668 3088 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
06:13:05.0668 3088 tcsd_win32.exe - ok
06:13:05.0793 3088 [ B434294EAA2AE4FB9BD63E25EB89B86F ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
06:13:05.0809 3088 TdmService - ok
06:13:05.0840 3088 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:13:05.0840 3088 TDPIPE - ok
06:13:05.0871 3088 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:13:05.0871 3088 TDTCP - ok
06:13:05.0902 3088 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:13:05.0902 3088 tdx - ok
06:13:05.0918 3088 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
06:13:05.0918 3088 TermDD - ok
06:13:05.0965 3088 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
06:13:05.0965 3088 TermService - ok
06:13:05.0996 3088 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
06:13:05.0996 3088 Themes - ok
06:13:06.0012 3088 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
06:13:06.0012 3088 THREADORDER - ok
06:13:06.0043 3088 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
06:13:06.0043 3088 TrkWks - ok
06:13:06.0090 3088 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:13:06.0090 3088 TrustedInstaller - ok
06:13:06.0105 3088 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:13:06.0121 3088 tssecsrv - ok
06:13:06.0168 3088 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:13:06.0168 3088 TsUsbFlt - ok
06:13:06.0215 3088 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:13:06.0215 3088 tunnel - ok
06:13:06.0247 3088 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:13:06.0247 3088 uagp35 - ok
06:13:06.0262 3088 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:13:06.0262 3088 udfs - ok
06:13:06.0293 3088 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:13:06.0309 3088 UI0Detect - ok
06:13:06.0325 3088 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:13:06.0325 3088 uliagpkx - ok
06:13:06.0371 3088 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
06:13:06.0371 3088 umbus - ok
06:13:06.0387 3088 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:13:06.0403 3088 UmPass - ok
06:13:06.0449 3088 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
06:13:06.0449 3088 UmRdpService - ok
06:13:06.0527 3088 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
06:13:06.0527 3088 UMVPFSrv - ok
06:13:06.0559 3088 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
06:13:06.0574 3088 upnphost - ok
06:13:06.0621 3088 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
06:13:06.0621 3088 USBAAPL - ok
06:13:06.0652 3088 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:13:06.0652 3088 usbaudio - ok
06:13:06.0683 3088 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:13:06.0683 3088 usbccgp - ok
06:13:06.0715 3088 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:13:06.0715 3088 usbcir - ok
06:13:06.0730 3088 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:13:06.0730 3088 usbehci - ok
06:13:06.0761 3088 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:13:06.0761 3088 usbhub - ok
06:13:06.0777 3088 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:13:06.0777 3088 usbohci - ok
06:13:06.0808 3088 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:13:06.0808 3088 usbprint - ok
06:13:06.0824 3088 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:13:06.0824 3088 usbscan - ok
06:13:06.0855 3088 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:13:06.0855 3088 USBSTOR - ok
06:13:06.0886 3088 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:13:06.0886 3088 usbuhci - ok
06:13:06.0902 3088 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
06:13:06.0917 3088 UxSms - ok
06:13:06.0933 3088 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
06:13:06.0933 3088 VaultSvc - ok
06:13:06.0980 3088 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:13:06.0980 3088 vdrvroot - ok
06:13:07.0058 3088 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
06:13:07.0120 3088 vds - ok
06:13:07.0198 3088 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:13:07.0214 3088 vga - ok
06:13:07.0229 3088 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
06:13:07.0229 3088 VgaSave - ok
06:13:07.0245 3088 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:13:07.0245 3088 vhdmp - ok
06:13:07.0276 3088 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
06:13:07.0276 3088 viaagp - ok
06:13:07.0292 3088 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
06:13:07.0292 3088 ViaC7 - ok
06:13:07.0323 3088 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
06:13:07.0323 3088 viaide - ok
06:13:07.0370 3088 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
06:13:07.0385 3088 vmbus - ok
06:13:07.0401 3088 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
06:13:07.0401 3088 VMBusHID - ok
06:13:07.0417 3088 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:13:07.0417 3088 volmgr - ok
06:13:07.0448 3088 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:13:07.0448 3088 volmgrx - ok
06:13:07.0479 3088 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:13:07.0495 3088 volsnap - ok
06:13:07.0526 3088 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:13:07.0541 3088 vsmraid - ok
06:13:07.0573 3088 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
06:13:07.0604 3088 VSS - ok
06:13:07.0619 3088 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:13:07.0651 3088 vwifibus - ok
06:13:07.0682 3088 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
06:13:07.0682 3088 W32Time - ok
06:13:07.0713 3088 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:13:07.0744 3088 WacomPen - ok
06:13:07.0775 3088 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:13:07.0775 3088 WANARP - ok
06:13:07.0791 3088 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:13:07.0791 3088 Wanarpv6 - ok
06:13:08.0025 3088 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:13:08.0056 3088 WatAdminSvc - ok
06:13:08.0087 3088 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
06:13:08.0103 3088 wbengine - ok
06:13:08.0150 3088 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:13:08.0150 3088 WbioSrvc - ok
06:13:08.0181 3088 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:13:08.0197 3088 wcncsvc - ok
06:13:08.0197 3088 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:13:08.0197 3088 WcsPlugInService - ok
06:13:08.0228 3088 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:13:08.0228 3088 Wd - ok
06:13:08.0259 3088 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:13:08.0275 3088 Wdf01000 - ok
06:13:08.0275 3088 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:13:08.0275 3088 WdiServiceHost - ok
06:13:08.0290 3088 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:13:08.0290 3088 WdiSystemHost - ok
06:13:08.0321 3088 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
06:13:08.0321 3088 WebClient - ok
06:13:08.0399 3088 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:13:08.0415 3088 Wecsvc - ok
06:13:08.0431 3088 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:13:08.0431 3088 wercplsupport - ok
06:13:08.0446 3088 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
06:13:08.0446 3088 WerSvc - ok
06:13:08.0477 3088 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:13:08.0477 3088 WfpLwf - ok
06:13:08.0493 3088 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:13:08.0493 3088 WIMMount - ok
06:13:08.0524 3088 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
06:13:08.0540 3088 WinDefend - ok
06:13:08.0555 3088 WinHttpAutoProxySvc - ok
06:13:08.0602 3088 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:13:08.0602 3088 Winmgmt - ok
06:13:08.0727 3088 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
06:13:08.0758 3088 WinRM - ok
06:13:08.0789 3088 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:13:08.0789 3088 WinUsb - ok
06:13:08.0805 3088 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:13:08.0821 3088 Wlansvc - ok
06:13:08.0883 3088 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
06:13:08.0883 3088 wlcrasvc - ok
06:13:08.0961 3088 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:13:08.0977 3088 wlidsvc - ok
06:13:09.0008 3088 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:13:09.0008 3088 WmiAcpi - ok
06:13:09.0055 3088 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:13:09.0055 3088 wmiApSrv - ok
06:13:09.0289 3088 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
06:13:09.0304 3088 WMPNetworkSvc - ok
06:13:09.0367 3088 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:13:09.0398 3088 WPCSvc - ok
06:13:09.0445 3088 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:13:09.0445 3088 WPDBusEnum - ok
06:13:09.0523 3088 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:13:09.0538 3088 ws2ifsl - ok
06:13:09.0554 3088 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
06:13:09.0554 3088 wscsvc - ok
06:13:09.0569 3088 WSearch - ok
06:13:09.0850 3088 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
06:13:09.0913 3088 wuauserv - ok
06:13:09.0959 3088 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:13:09.0975 3088 WudfPf - ok
06:13:10.0006 3088 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:13:10.0006 3088 WUDFRd - ok
06:13:10.0022 3088 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:13:10.0022 3088 wudfsvc - ok
06:13:10.0069 3088 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
06:13:10.0084 3088 WwanSvc - ok
06:13:10.0100 3088 ================ Scan global ===============================
06:13:10.0162 3088 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
06:13:10.0178 3088 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
06:13:10.0193 3088 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
06:13:10.0209 3088 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
06:13:10.0271 3088 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
06:13:10.0271 3088 [Global] - ok
06:13:10.0271 3088 ================ Scan MBR ==================================
06:13:10.0287 3088 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
06:13:11.0129 3088 \Device\Harddisk0\DR0 - ok
06:13:11.0129 3088 ================ Scan VBR ==================================
06:13:11.0145 3088 [ 953ED4E075DE81470619821A2892DDFE ] \Device\Harddisk0\DR0\Partition1
06:13:11.0145 3088 \Device\Harddisk0\DR0\Partition1 - ok
06:13:11.0161 3088 [ C5BB440109FB5D655E408D7B972A7072 ] \Device\Harddisk0\DR0\Partition2
06:13:11.0176 3088 \Device\Harddisk0\DR0\Partition2 - ok
06:13:11.0176 3088 ============================================================
06:13:11.0176 3088 Scan finished
06:13:11.0176 3088 ============================================================
06:13:11.0192 2596 Detected object count: 0
06:13:11.0192 2596 Actual detected object count: 0
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby gugluizza » March 18th, 2013, 7:17 am

The next 2 posts will be for each log file that you requested

OTL.txt

OTL logfile created on: 3/18/2013 6:10:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael Gugluizza\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.14% Memory free
5.93 Gb Paging File | 4.71 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.06 Gb Total Space | 132.35 Gb Free Space | 57.03% Space Free | Partition Type: NTFS

Computer Name: MICHAELGUGLUIZZ | User Name: Michael Gugluizza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 06:09:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Gugluizza\Desktop\OTL.exe
PRC - [2013/03/13 17:09:15 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/10/07 05:03:06 | 000,822,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2012/10/07 05:02:38 | 000,140,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2012/10/07 04:12:36 | 000,252,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2012/09/17 12:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/27 04:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/08/26 12:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/05/01 13:54:46 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2009/05/01 13:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/05/01 13:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcyscw.dll
MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\iptk.dll
MOD - [2006/02/13 09:04:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcydrec.dll


========== Services (SafeList) ==========

SRV - [2013/03/13 17:09:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/22 05:40:54 | 000,279,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/26 06:46:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/28 12:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/27 04:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2012/11/09 07:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/11/09 07:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/11/09 07:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/11/09 07:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/11/09 07:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/11/09 07:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/11/09 07:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/02 02:46:50 | 000,252,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/11/02 02:46:50 | 000,081,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2012/05/28 11:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/27 04:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 04:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/16 18:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/06/20 07:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 11:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {51C1FD81-4293-48BC-8F5B-2A4C804239BF}
IE - HKLM\..\SearchScopes\{51C1FD81-4293-48BC-8F5B-2A4C804239BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\URLSearchHook: {07364a98-eb02-4736-bc54-ebe437fccb87} - No CLSID value found
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=e6c0e479000000000000bc305b998af8
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes\{6897C4AD-035A-4E04-AC9C-FEF4FD60291C}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes\{8092693A-5BA0-4F8A-B16A-610CCE799ACD}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/01/30 22:20:12 | 000,000,000 | ---D | M]

[2012/01/05 15:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Gugluizza\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/05 15:56:40 | 000,000,000 | ---D | M] (Serif WebPlus Community Toolbar) -- C:\Users\Michael Gugluizza\AppData\Roaming\Mozilla\Firefox\extensions\{07364a98-eb02-4736-bc54-ebe437fccb87}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - Extension: SiteAdvisor = C:\Users\Michael Gugluizza\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\

O1 HOSTS File: ([2012/10/24 16:30:06 | 000,000,882 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\Toolbar\WebBrowser: (no name) - {07364A98-EB02-4736-BC54-EBE437FCCB87} - No CLSID value found.
O3 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCYCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001..\Run: [Sqaok] C:\Users\Michael Gugluizza\AppData\Roaming\lxcydrsj.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F090DF7D-CFA5-4E6B-847C-7557167EAC35}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 06:12:00 | 000,000,000 | ---D | C] -- C:\Users\Michael Gugluizza\Desktop\tdsskiller
[2013/03/18 06:09:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Gugluizza\Desktop\OTL.exe
[2013/03/18 06:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/18 06:07:49 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/18 06:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/03/18 06:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/03/18 06:06:09 | 000,000,000 | ---D | C] -- C:\Home Computer
[2013/03/17 19:45:45 | 000,000,000 | ---D | C] -- C:\Users\Michael Gugluizza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/17 19:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/14 10:38:27 | 000,000,000 | ---D | C] -- C:\HOME CHECKLISTS
[2013/03/14 03:02:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/14 03:02:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 03:02:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 03:02:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 03:02:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/14 03:02:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 03:02:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 03:02:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/28 04:01:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/02/28 04:01:02 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/02/28 04:00:59 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 04:00:59 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 04:00:59 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 04:00:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/02/28 04:00:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 04:00:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 04:00:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 04:00:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 04:00:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 04:00:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/28 04:00:57 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/02/28 04:00:57 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/02/28 04:00:57 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/02/28 04:00:57 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/02/28 04:00:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/02/28 04:00:57 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/02/28 04:00:57 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/02/28 04:00:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/02/28 04:00:57 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/02/28 04:00:57 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/02/28 04:00:57 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/02/28 04:00:57 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/02/28 04:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 06:11:12 | 002,218,636 | ---- | M] () -- C:\Users\Michael Gugluizza\Desktop\tdsskiller.zip
[2013/03/18 06:09:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Gugluizza\Desktop\OTL.exe
[2013/03/18 06:08:44 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 06:08:44 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/03/18 06:08:43 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 06:08:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MICHAELGUGLUIZZ-Microsoft-Windows-7-Professional-(32-bit).dat
[2013/03/18 06:06:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/03/18 06:05:50 | 000,635,834 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/18 06:05:50 | 000,111,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/18 06:01:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/18 06:01:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/18 06:01:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/03/18 06:01:11 | 2387,329,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 05:58:38 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 05:58:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/14 08:33:06 | 000,098,304 | RHS- | M] () -- C:\Users\Michael Gugluizza\AppData\Roaming\lxcydrsj.dll
[2013/03/13 17:09:15 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 17:09:15 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/04 09:16:19 | 000,003,528 | ---- | M] () -- C:\bootsqm.dat
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/18 06:11:07 | 002,218,636 | ---- | C] () -- C:\Users\Michael Gugluizza\Desktop\tdsskiller.zip
[2013/03/18 06:08:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MICHAELGUGLUIZZ-Microsoft-Windows-7-Professional-(32-bit).dat
[2013/03/18 06:06:58 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/03/14 08:33:06 | 000,098,304 | RHS- | C] () -- C:\Users\Michael Gugluizza\AppData\Roaming\lxcydrsj.dll
[2013/03/04 09:16:19 | 000,003,528 | ---- | C] () -- C:\bootsqm.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/21 11:30:44 | 000,037,903 | ---- | C] () -- C:\Users\Michael Gugluizza\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/06/14 10:37:27 | 000,072,080 | ---- | C] () -- C:\Users\Michael Gugluizza\g2mdlhlpx.exe
[2011/06/08 21:00:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/23 22:43:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcyinpa.dll
[2011/05/23 22:43:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcyiesc.dll
[2011/05/23 22:43:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcyhcp.dll
[2011/05/23 22:43:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcyinst.dll
[2011/05/23 22:43:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcyserv.dll
[2011/05/23 22:43:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcyusb1.dll
[2011/05/23 22:43:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcypmui.dll
[2011/05/23 22:43:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcylmpm.dll
[2011/05/23 22:43:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcyprox.dll
[2011/05/23 22:43:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcypplc.dll
[2011/05/23 22:43:30 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcyhbn3.dll
[2011/05/23 22:43:30 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcycoms.exe
[2011/05/23 22:43:30 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcycomm.dll
[2011/05/23 22:43:30 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcyih.exe
[2011/05/23 22:43:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcycomc.dll
[2011/05/23 22:43:29 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcycfg.exe
[2011/05/23 22:23:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/23 22:06:52 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/04/26 00:00:04 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/04/26 00:00:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/04/26 00:00:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/04/26 00:00:03 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/04/26 00:00:03 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/04/26 00:00:03 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/04/26 00:00:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/25 21:22:44 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/24 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Michael Gugluizza\AppData\Roaming\Babylon
[2011/05/23 22:38:32 | 000,000,000 | ---D | M] -- C:\Users\Michael Gugluizza\AppData\Roaming\Leadertech
[2013/03/14 11:20:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Gugluizza\AppData\Roaming\PrimoPDF
[2012/01/05 15:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael Gugluizza\AppData\Roaming\Serif
[2012/05/24 15:37:10 | 000,000,000 | ---D | M] -- C:\Users\Michael Gugluizza\AppData\Roaming\SumatraPDF

========== Purity Check ==========



< End of report >
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby gugluizza » March 18th, 2013, 7:19 am

This next 1 posts will be for each log file that you requested

Extras.txt

OTL Extras logfile created on: 3/18/2013 6:10:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael Gugluizza\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.14% Memory free
5.93 Gb Paging File | 4.71 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.06 Gb Total Space | 132.35 Gb Free Space | 57.03% Space Free | Partition Type: NTFS

Computer Name: MICHAELGUGLUIZZ | User Name: Michael Gugluizza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0549560A-7A9F-4C98-AB04-F38AD8E49E0D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09A64B9C-533B-474A-8BBD-557005F6D42A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E408349-CBB9-4B88-B391-9F23F1C2A3D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3D9A1D2E-B407-47FA-B05C-FE7A5C47F79C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47F48A57-140A-419D-8625-C924D238D453}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{480372AE-436D-41BF-BA42-9B80CBDBEA9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{55F39D38-4BE3-4513-9ABF-8F3BC695A3D7}" = lport=137 | protocol=17 | dir=in | app=system |
"{593D9107-89C4-49A5-896C-C5761A3495C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D0DE42E-9286-4EF7-A63D-85CFEE4BC7A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{732158CA-C1FB-4C8E-A821-89153E77D614}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F89582A-DE2E-49D8-9CFD-B99A89772D13}" = lport=445 | protocol=6 | dir=in | app=system |
"{900FA49B-0D02-487B-9DAD-7E2013061076}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A10425D1-3ECA-4963-A391-0D6EA53945F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4EEE105-31CE-442C-9298-B29B881C7567}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B4E06020-A9F0-4EA0-AF46-443BE5B5F66F}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBFA5867-9B25-42DB-87A6-7C3B6B0D9715}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCEFE808-0F11-4EBA-871F-E03C29453DA5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D55377B1-D527-496C-8255-397C9122287C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D62D7F42-EEF1-4EDE-AEAE-04A6F57FBF3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBF3123A-E09D-4C66-A71B-CDA32A7F29C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC45F0A3-FC7A-4234-8199-52829E9C5937}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2A823DE-DD33-4E13-B6BF-CD27AEE7215B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8759681-DF5A-4A84-96DD-BC34FB4379ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDF4E759-8CC0-4FEC-94F2-8477877A980E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCB84E2C-132A-4872-9914-494832F53DA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCC2D157-9F8D-4C24-8F78-80DE80A662A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0898D4EE-6979-486C-ADC0-EEB0ADD3DCD7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C887775-C43F-4C88-903D-2EEA26181426}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{209684CC-EF82-4D69-8329-B1D49C08A910}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{21D5E6BA-36B2-4ECA-8C02-5A6A8D1B02D3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{250DB084-EA6A-46B2-BF17-AE969B67FDC0}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{2F4DC40F-707A-428A-B33C-3E3C778BD3C1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{3271C08E-B957-45F9-8E27-BA6D0CB094CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34707F03-D8F3-4D4E-B073-B92346347A51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{395F700F-3F11-45BE-B5A6-EAF430765FA0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3CD4D23E-75DE-4767-847E-B11A4C6DB0D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3D269670-2381-4C1A-B2B6-617F327F161C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FEEDC90-153E-4F38-A62A-AFF816B53B72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{406FE39E-CB51-4E5B-8881-7A327BB0E4CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E4B068B-D718-4E43-8ED8-F65EDDB646E2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4FBA95C6-84F0-46DF-8D9E-360D4A495E90}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{5BD9F989-2D6C-445B-96C1-80D370F2D506}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E9BF40B-B69B-48E8-9A57-2C9AB165BD1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6154ADFD-AAA9-4EF7-8F7F-D60C6E816235}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{62CFA163-827C-478C-8886-947527F0A5CF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{63629DB4-2054-49EF-AB07-0D6ECFAA12C0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68539317-EF29-4C86-A1D8-06733C093BE6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6C73F792-C155-4113-8E1F-D056FD5FEFC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74AFE397-08A2-440E-B931-6CC64E197636}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F52DEDC-C068-448E-8CBC-86CF15767034}" = protocol=6 | dir=out | app=system |
"{805ACB6C-7504-4CA0-A717-271C5F6A9DEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8506030E-89AF-4EE7-9484-7C1BBF450FD2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{8B9293B7-4D37-416E-8696-BFAF70814004}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{9688B1B1-163C-445F-87D1-371DD0EE3C6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A23748D-F07F-40B1-AA1C-CA1D0E66AF7F}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{A01F53F2-4870-44D3-BEAC-68E39559EED8}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{A4584CB1-5A67-4BB0-A6DF-7C6E0E11FD45}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{A915368C-F219-4AED-AF46-C4DB684307E4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B1285BCD-D26E-4CA9-A174-A3539EB3B283}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B59E11AD-93E1-4497-826E-A8E693297A00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDB86A64-6D53-421E-9ED3-3D5996B4F744}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{C415739C-7B96-441C-9EFB-E654FAB85EE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D37D6315-7E02-45BC-A2C2-D212A462DF3A}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{D3D69B49-3B8A-4682-BF92-10C0AF222580}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D60C76B9-CFD1-4E4C-8B6C-67AB4219746F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{DB50D26C-101A-4F15-832B-634E3A35FF68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFDE4E53-C1B0-4B13-9468-F5C016D114DB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E6348798-115E-4B15-B06D-4EC9FDDEF2E1}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{E89D5D3E-87BB-4448-8672-72A463147233}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA051A0D-0446-46C7-9D0A-1A89FE3A7785}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{EA293B65-C681-4EF2-9B1F-A4073696644C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAA3FB88-542F-4951-A2AA-BF11E739282B}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{EE49B910-4C59-4231-AA98-4B0DFF4A20FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F254262B-0B79-4A7F-8103-95DA50C98ABA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{4FA46975-176F-457A-A09C-DBD0CBDA65F3}" = PrintMaster 16
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6E785411-0F22-4D64-9BAE-5337EA4A01D5}" = My Photo Books (Unibind Edition)
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}" = Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Lexmark 3400 Series" = Lexmark 3400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee AntiVirus Plus
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Shockwave" = Shockwave
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WiseConvert Toolbar" = WiseConvert Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2013 1:07:18 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/6/2013 1:07:18 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9687

Error - 3/6/2013 1:07:18 PM | Computer Name = MichaelGugluizz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9687

Error - 3/7/2013 10:14:04 AM | Computer Name = MichaelGugluizz | Source = Application Error | ID = 1000
Description = Faulting application name: mcuicnt.exe, version: 5.1.169.0, time stamp:
0x50712b36 Faulting module name: MCSYST~1.DLL, version: 2.1.189.0, time stamp: 0x50712e04
Exception
code: 0xc0000094 Fault offset: 0x0001064e Faulting process id: 0x1c04 Faulting application
start time: 0x01ce193b7be4898b Faulting application path: C:\Program Files\Common
Files\McAfee\Platform\mcuicnt.exe Faulting module path: c:\PROGRA~1\COMMON~1\mcafee\platform\MCSYST~1.DLL
Report
Id: 43ccb454-8731-11e2-9695-bc305b998af8

Error - 3/7/2013 12:51:36 PM | Computer Name = MichaelGugluizz | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.6131.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d64 Start
Time: 01ce1acba5344173 Termination Time: 16 Application Path: C:\Program Files\Microsoft
Office\Office14\OUTLOOK.EXE Report Id: 333dc1eb-8747-11e2-9695-bc305b998af8

Error - 3/9/2013 6:48:34 PM | Computer Name = MichaelGugluizz | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16464,
time stamp: 0x50ec971b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00055eab Faulting
process id: 0x21c4 Faulting application start time: 0x01ce1d0805894f4d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 78a73aa0-890b-11e2-9695-bc305b998af8

Error - 3/10/2013 2:04:39 PM | Computer Name = MichaelGugluizz | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16464,
time stamp: 0x50ec971b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00056bf4 Faulting
process id: 0x22c8 Faulting application start time: 0x01ce1da696078c44 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f949e009-89ac-11e2-9695-bc305b998af8

Error - 3/12/2013 11:13:13 PM | Computer Name = MichaelGugluizz | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.6131.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2524 Start
Time: 01ce1ec0af45eede Termination Time: 0 Application Path: C:\Program Files\Microsoft
Office\Office14\OUTLOOK.EXE Report Id: e652ea3d-8b8b-11e2-9695-bc305b998af8

Error - 3/13/2013 10:21:37 PM | Computer Name = MichaelGugluizz | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.6131.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1ec4 Start
Time: 01ce20515d51c701 Termination Time: 47 Application Path: C:\Program Files\Microsoft
Office\Office14\OUTLOOK.EXE Report Id: de53b615-8c4d-11e2-9695-bc305b998af8

Error - 3/15/2013 6:00:12 PM | Computer Name = MichaelGugluizz | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.6131.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 37c Start
Time: 01ce20f533b61ef9 Termination Time: 16 Application Path: C:\Program Files\Microsoft
Office\Office14\OUTLOOK.EXE Report Id: a9f07bbc-8dbb-11e2-860a-bc305b998af8

[ System Events ]
Error - 3/14/2013 4:35:39 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 3/14/2013 8:29:42 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the UMVPFSrv service.

Error - 3/15/2013 9:51:47 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 3/15/2013 11:14:33 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/15/2013 2:48:51 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/16/2013 11:12:01 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the UMVPFSrv service.

Error - 3/17/2013 6:24:35 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/17/2013 6:11:12 PM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/18/2013 6:58:20 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/18/2013 7:01:28 AM | Computer Name = MichaelGugluizz | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0


< End of report >
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby Gary R » March 18th, 2013, 10:47 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\URLSearchHook: {07364a98-eb02-4736-bc54-ebe437fccb87} - No CLSID value found
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q= {searchTerms}&affID=109935&babsrc=SP_ss&mntrId=e6c0e479000000000000bc305b998af8
IE - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\SearchScopes\{6897C4AD-035A-4E04-AC9C-FEF4FD60291C}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3196716
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\Toolbar\WebBrowser: (no name) - {07364A98-EB02-4736-BC54-EBE437FCCB87} - No CLSID value found.
O3 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O15 - HKU\S-1-5-21-964026337-3082616824-1035162491-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2012/05/24 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Michael Gugluizza\AppData\Roaming\Babylon

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • OTL fix log
  • JRT.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirect Virus

Unread postby gugluizza » March 18th, 2013, 8:09 pm

Below is the OTL fix log requested:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ deleted successfully.
C:\Program Files\WiseConvert\prxtbWis0.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{07364a98-eb02-4736-bc54-ebe437fccb87} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07364a98-eb02-4736-bc54-ebe437fccb87}\ not found.
Registry value HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWis0.dll not found.
HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6897C4AD-035A-4E04-AC9C-FEF4FD60291C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6897C4AD-035A-4E04-AC9C-FEF4FD60291C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWis0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWis0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07364A98-EB02-4736-BC54-EBE437FCCB87} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07364A98-EB02-4736-BC54-EBE437FCCB87}\ not found.
Registry value HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}\ not found.
File C:\Program Files\WiseConvert\prxtbWis0.dll not found.
Registry key HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\$talisma_url$\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\SPL7AA7.tmp deleted successfully.
C:\Users\Michael Gugluizza\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael Gugluizza\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Gugluizza\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael Gugluizza
->Temp folder emptied: 136066341 bytes
->Temporary Internet Files folder emptied: 438434367 bytes
->Java cache emptied: 1273991 bytes
->Google Chrome cache emptied: 6858617 bytes
->Flash cache emptied: 1532 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 346877121 bytes
RecycleBin emptied: 137698091 bytes

Total Files Cleaned = 1,018.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03182013_185840

Files\Folders moved on Reboot...
File\Folder C:\Users\Michael Gugluizza\AppData\Local\Temp\OICE_DA2B6834-9C43-4FBF-A7EE-74002C6918BA.0\1205D5B7. not found!
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.
C:\Users\Michael Gugluizza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby gugluizza » March 18th, 2013, 8:20 pm

Below is the JRT log requested:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x86
Ran by Michael Gugluizza on Mon 03/18/2013 at 19:11:34.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3000930
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Michael Gugluizza\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Michael Gugluizza\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Michael Gugluizza\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Michael Gugluizza\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Michael Gugluizza\appdata\locallow\wiseconvert"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\wiseconvert"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/18/2013 at 19:15:45.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby gugluizza » March 18th, 2013, 8:38 pm

Below is the SystemLook log requested:

SystemLook 04.09.10 by jpshortstuff
Log created at 19:22 on 18/03/2013 by Michael Gugluizza
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\_OTL\MovedFiles\03182013_185840\C_Users\Michael Gugluizza\AppData\Roaming\Babylon d------ [20:36 24/05/2012]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar\BabylonToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar]
[HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar\BabylonToolbar]

-= EOF =-
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby Gary R » March 19th, 2013, 2:15 am

Looking better, but still some work to do.

First

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • Latest OTL fix log
  • E-Set log
  • Let me know how your computer is behaving now as well please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirect Virus

Unread postby gugluizza » March 19th, 2013, 10:09 pm

Below is the log file from OTL

========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_USERS\S-1-5-21-964026337-3082616824-1035162491-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-964026337-3082616824-1035162491-1001\Software\BabylonToolbar\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 03192013_210843
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby Gary R » March 20th, 2013, 2:18 am

I don't see the E-Set log I asked for, and you haven't told me how your computer is behaving now.

If you're still running the E-Set scan please post the log when you have it. If you haven't yet run the scan then please run it and post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirect Virus

Unread postby gugluizza » March 20th, 2013, 8:23 am

The ESET can is still running (after 9 hours). I will post the full log once complete. At 97% complete so far, I can see that 2 threats have been identified:

a variant of Win32/Ponmocup.GE trojan
JS/Trackware.ReadNotify.A application

The PC seems to be running fine in terms of performance. However, I have not used Google since first reporting this issue as I did not want to have the PC re-directed to any further malicious websites.
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm

Re: Google Redirect Virus

Unread postby gugluizza » March 20th, 2013, 8:39 am

Below are the results of the ESET scan

C:\Mike\Marinette Marine\Projects\3_Completed Projects\1074 - DC Office\IT Services and Support\SysArc\SysArc Fincantieri_Marine_09-24-10_.pdf JS/Trackware.ReadNotify.A application
C:\Users\Michael Gugluizza\AppData\Roaming\lxcydrsj.dll a variant of Win32/Ponmocup.GE trojan
gugluizza
Regular Member
 
Posts: 37
Joined: June 15th, 2008, 11:37 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 124 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware