Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TDSS.Rootkit.v3 Removal Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

TDSS.Rootkit.v3 Removal Help

Unread postby sharkbait » November 7th, 2011, 2:43 am

Got bit by this the other day and would appreciate removal help. Thanks.

23:34:38.0407 0404 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
23:34:38.0821 0404 ============================================================
23:34:38.0821 0404 Current date / time: 2011/11/06 23:34:38.0821
23:34:38.0821 0404 SystemInfo:
23:34:38.0821 0404
23:34:38.0821 0404 OS Version: 6.1.7601 ServicePack: 1.0
23:34:38.0821 0404 Product type: Workstation
23:34:38.0821 0404 ComputerName: BEVIS
23:34:38.0821 0404 UserName: Chris
23:34:38.0821 0404 Windows directory: C:\Windows
23:34:38.0821 0404 System windows directory: C:\Windows
23:34:38.0821 0404 Running under WOW64
23:34:38.0821 0404 Processor architecture: Intel x64
23:34:38.0821 0404 Number of processors: 4
23:34:38.0821 0404 Page size: 0x1000
23:34:38.0821 0404 Boot type: Normal boot
23:34:38.0821 0404 ============================================================
23:34:40.0019 0404 Initialize success
23:34:49.0233 3280 ============================================================
23:34:49.0233 3280 Scan started
23:34:49.0233 3280 Mode: Manual;
23:34:49.0233 3280 ============================================================
23:34:53.0734 3280 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:34:53.0737 3280 1394ohci - ok
23:34:53.0799 3280 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:34:53.0802 3280 ACPI - ok
23:34:53.0838 3280 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:34:53.0839 3280 AcpiPmi - ok
23:34:53.0881 3280 acsock (0ec911d24f14c969e980e92e4371464d) C:\Windows\system32\DRIVERS\acsock64.sys
23:34:53.0881 3280 acsock - ok
23:34:53.0936 3280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:34:53.0942 3280 adp94xx - ok
23:34:53.0989 3280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:34:53.0992 3280 adpahci - ok
23:34:54.0014 3280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:34:54.0016 3280 adpu320 - ok
23:34:54.0077 3280 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:34:54.0082 3280 AFD - ok
23:34:54.0118 3280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:34:54.0119 3280 agp440 - ok
23:34:54.0165 3280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:34:54.0166 3280 aliide - ok
23:34:54.0197 3280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:34:54.0198 3280 amdide - ok
23:34:54.0217 3280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:34:54.0219 3280 AmdK8 - ok
23:34:54.0225 3280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:34:54.0227 3280 AmdPPM - ok
23:34:54.0261 3280 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:34:54.0263 3280 amdsata - ok
23:34:54.0280 3280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:34:54.0282 3280 amdsbs - ok
23:34:54.0300 3280 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:34:54.0301 3280 amdxata - ok
23:34:54.0338 3280 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:34:54.0339 3280 AppID - ok
23:34:54.0396 3280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:34:54.0398 3280 arc - ok
23:34:54.0412 3280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:34:54.0414 3280 arcsas - ok
23:34:54.0443 3280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:34:54.0489 3280 AsyncMac - ok
23:34:54.0582 3280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:34:54.0583 3280 atapi - ok
23:34:54.0713 3280 AVerFx2hbtv64 (eba20ecce35ec2e0e1d3a13b2cdb629e) C:\Windows\system32\drivers\AVerFx2hbtv64.sys
23:34:54.0716 3280 AVerFx2hbtv64 - ok
23:34:54.0744 3280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:34:54.0749 3280 b06bdrv - ok
23:34:54.0776 3280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:34:54.0779 3280 b57nd60a - ok
23:34:54.0830 3280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:34:54.0831 3280 Beep - ok
23:34:54.0857 3280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:34:54.0858 3280 blbdrive - ok
23:34:54.0918 3280 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:34:54.0919 3280 bowser - ok
23:34:54.0945 3280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:34:54.0946 3280 BrFiltLo - ok
23:34:54.0967 3280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:34:54.0968 3280 BrFiltUp - ok
23:34:54.0998 3280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:34:55.0002 3280 Brserid - ok
23:34:55.0023 3280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:34:55.0025 3280 BrSerWdm - ok
23:34:55.0043 3280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:34:55.0044 3280 BrUsbMdm - ok
23:34:55.0050 3280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:34:55.0051 3280 BrUsbSer - ok
23:34:55.0086 3280 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
23:34:55.0087 3280 BthEnum - ok
23:34:55.0097 3280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:34:55.0099 3280 BTHMODEM - ok
23:34:55.0120 3280 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:34:55.0121 3280 BthPan - ok
23:34:55.0159 3280 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
23:34:55.0165 3280 BTHPORT - ok
23:34:55.0201 3280 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
23:34:55.0203 3280 BTHUSB - ok
23:34:55.0238 3280 btwaudio (ba1498a4c7e7372654433648a61434a7) C:\Windows\system32\drivers\btwaudio.sys
23:34:55.0240 3280 btwaudio - ok
23:34:55.0250 3280 btwavdt (ba66ceb74d49e00820c2c8d34c9caa83) C:\Windows\system32\DRIVERS\btwavdt.sys
23:34:55.0252 3280 btwavdt - ok
23:34:55.0276 3280 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:34:55.0277 3280 btwl2cap - ok
23:34:55.0319 3280 btwrchid (138771ea158e3d7a14b0e0e357c8ca93) C:\Windows\system32\DRIVERS\btwrchid.sys
23:34:55.0320 3280 btwrchid - ok
23:34:55.0340 3280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:34:55.0341 3280 cdfs - ok
23:34:55.0379 3280 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:34:55.0381 3280 cdrom - ok
23:34:55.0408 3280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:34:55.0409 3280 circlass - ok
23:34:55.0434 3280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:34:55.0437 3280 CLFS - ok
23:34:55.0468 3280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:34:55.0469 3280 CmBatt - ok
23:34:55.0504 3280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:34:55.0506 3280 cmdide - ok
23:34:55.0553 3280 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:34:55.0557 3280 CNG - ok
23:34:55.0578 3280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:34:55.0579 3280 Compbatt - ok
23:34:55.0612 3280 CompFilter64 (11cc395d18ff03e95e8c6a149c84c91b) C:\Windows\system32\DRIVERS\lvbflt64.sys
23:34:55.0613 3280 CompFilter64 - ok
23:34:55.0647 3280 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:34:55.0648 3280 CompositeBus - ok
23:34:55.0657 3280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:34:55.0658 3280 crcdisk - ok
23:34:55.0705 3280 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:34:55.0711 3280 CSC - ok
23:34:55.0768 3280 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:34:55.0770 3280 DfsC - ok
23:34:55.0809 3280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:34:55.0809 3280 discache - ok
23:34:55.0829 3280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:34:55.0830 3280 Disk - ok
23:34:55.0883 3280 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:34:55.0885 3280 Dot4 - ok
23:34:55.0913 3280 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:34:55.0914 3280 Dot4Print - ok
23:34:55.0926 3280 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:34:55.0927 3280 dot4usb - ok
23:34:55.0955 3280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:34:55.0956 3280 drmkaud - ok
23:34:55.0983 3280 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:34:55.0993 3280 DXGKrnl - ok
23:34:56.0032 3280 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
23:34:56.0035 3280 e1kexpress - ok
23:34:56.0111 3280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:34:56.0139 3280 ebdrv - ok
23:34:56.0173 3280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:34:56.0178 3280 elxstor - ok
23:34:56.0192 3280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:34:56.0193 3280 ErrDev - ok
23:34:56.0245 3280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:34:56.0248 3280 exfat - ok
23:34:56.0272 3280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:34:56.0274 3280 fastfat - ok
23:34:56.0298 3280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:34:56.0299 3280 fdc - ok
23:34:56.0330 3280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:34:56.0331 3280 FileInfo - ok
23:34:56.0345 3280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:34:56.0346 3280 Filetrace - ok
23:34:56.0357 3280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:34:56.0358 3280 flpydisk - ok
23:34:56.0396 3280 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:34:56.0399 3280 FltMgr - ok
23:34:56.0455 3280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:34:56.0457 3280 FsDepends - ok
23:34:56.0472 3280 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:34:56.0473 3280 Fs_Rec - ok
23:34:56.0510 3280 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:34:56.0512 3280 fvevol - ok
23:34:56.0527 3280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:34:56.0528 3280 gagp30kx - ok
23:34:56.0565 3280 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:34:56.0566 3280 GEARAspiWDM - ok
23:34:56.0582 3280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:34:56.0584 3280 hcw85cir - ok
23:34:56.0623 3280 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:34:56.0626 3280 HdAudAddService - ok
23:34:56.0656 3280 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:34:56.0658 3280 HDAudBus - ok
23:34:56.0672 3280 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:34:56.0674 3280 HECIx64 - ok
23:34:56.0692 3280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:34:56.0693 3280 HidBatt - ok
23:34:56.0715 3280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:34:56.0717 3280 HidBth - ok
23:34:56.0745 3280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:34:56.0746 3280 HidIr - ok
23:34:56.0803 3280 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:34:56.0804 3280 HidUsb - ok
23:34:56.0850 3280 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:34:56.0852 3280 HpSAMD - ok
23:34:56.0900 3280 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:34:56.0907 3280 HTTP - ok
23:34:56.0938 3280 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:34:56.0938 3280 hwpolicy - ok
23:34:56.0976 3280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:34:56.0978 3280 i8042prt - ok
23:34:57.0002 3280 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:34:57.0007 3280 iaStorV - ok
23:34:57.0171 3280 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:34:57.0259 3280 igfx - ok
23:34:57.0284 3280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:34:57.0286 3280 iirsp - ok
23:34:57.0380 3280 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
23:34:57.0398 3280 IntcAzAudAddService - ok
23:34:57.0459 3280 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:34:57.0462 3280 IntcDAud - ok
23:34:57.0496 3280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:34:57.0497 3280 intelide - ok
23:34:57.0512 3280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:34:57.0512 3280 intelppm - ok
23:34:57.0554 3280 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:34:57.0556 3280 IpFilterDriver - ok
23:34:57.0586 3280 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:34:57.0587 3280 IPMIDRV - ok
23:34:57.0617 3280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:34:57.0619 3280 IPNAT - ok
23:34:57.0696 3280 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
23:34:57.0697 3280 iPodDrv - ok
23:34:57.0730 3280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:34:57.0731 3280 IRENUM - ok
23:34:57.0765 3280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:34:57.0766 3280 isapnp - ok
23:34:57.0801 3280 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:34:57.0804 3280 iScsiPrt - ok
23:34:57.0829 3280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:34:57.0830 3280 kbdclass - ok
23:34:57.0866 3280 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:34:57.0868 3280 kbdhid - ok
23:34:57.0896 3280 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:34:57.0898 3280 KSecDD - ok
23:34:57.0927 3280 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:34:57.0930 3280 KSecPkg - ok
23:34:57.0968 3280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:34:57.0969 3280 ksthunk - ok
23:34:58.0016 3280 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\DRIVERS\libusb0.sys
23:34:58.0017 3280 libusb0 - ok
23:34:58.0051 3280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:34:58.0053 3280 lltdio - ok
23:34:58.0085 3280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:34:58.0087 3280 LSI_FC - ok
23:34:58.0106 3280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:34:58.0108 3280 LSI_SAS - ok
23:34:58.0124 3280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:34:58.0126 3280 LSI_SAS2 - ok
23:34:58.0139 3280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:34:58.0141 3280 LSI_SCSI - ok
23:34:58.0156 3280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:34:58.0158 3280 luafv - ok
23:34:58.0192 3280 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:34:58.0193 3280 LVPr2M64 - ok
23:34:58.0208 3280 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:34:58.0208 3280 LVPr2Mon - ok
23:34:58.0250 3280 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
23:34:58.0253 3280 LVRS64 - ok
23:34:58.0330 3280 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
23:34:58.0365 3280 LVUVC64 - ok
23:34:58.0420 3280 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
23:34:58.0422 3280 mcdbus - ok
23:34:58.0459 3280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:34:58.0460 3280 megasas - ok
23:34:58.0484 3280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:34:58.0487 3280 MegaSR - ok
23:34:58.0551 3280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:34:58.0556 3280 Modem - ok
23:34:58.0580 3280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:34:58.0580 3280 monitor - ok
23:34:58.0626 3280 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
23:34:58.0627 3280 motandroidusb - ok
23:34:58.0688 3280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:34:58.0689 3280 mouclass - ok
23:34:58.0703 3280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:34:58.0704 3280 mouhid - ok
23:34:58.0745 3280 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:34:58.0746 3280 mountmgr - ok
23:34:58.0789 3280 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:34:58.0792 3280 mpio - ok
23:34:58.0812 3280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:34:58.0814 3280 mpsdrv - ok
23:34:58.0868 3280 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:34:58.0870 3280 MRxDAV - ok
23:34:58.0909 3280 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:34:58.0911 3280 mrxsmb - ok
23:34:58.0941 3280 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:34:58.0944 3280 mrxsmb10 - ok
23:34:58.0957 3280 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:34:58.0959 3280 mrxsmb20 - ok
23:34:59.0011 3280 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:34:59.0012 3280 msahci - ok
23:34:59.0033 3280 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:34:59.0035 3280 msdsm - ok
23:34:59.0085 3280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:34:59.0086 3280 Msfs - ok
23:34:59.0099 3280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:34:59.0100 3280 mshidkmdf - ok
23:34:59.0117 3280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:34:59.0118 3280 msisadrv - ok
23:34:59.0154 3280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:34:59.0155 3280 MSKSSRV - ok
23:34:59.0169 3280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:34:59.0170 3280 MSPCLOCK - ok
23:34:59.0184 3280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:34:59.0185 3280 MSPQM - ok
23:34:59.0223 3280 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:34:59.0227 3280 MsRPC - ok
23:34:59.0251 3280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:34:59.0251 3280 mssmbios - ok
23:34:59.0271 3280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:34:59.0272 3280 MSTEE - ok
23:34:59.0288 3280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:34:59.0289 3280 MTConfig - ok
23:34:59.0303 3280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:34:59.0305 3280 Mup - ok
23:34:59.0346 3280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:34:59.0350 3280 NativeWifiP - ok
23:34:59.0412 3280 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:34:59.0421 3280 NDIS - ok
23:34:59.0446 3280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:34:59.0447 3280 NdisCap - ok
23:34:59.0460 3280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:34:59.0462 3280 NdisTapi - ok
23:34:59.0498 3280 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:34:59.0499 3280 Ndisuio - ok
23:34:59.0528 3280 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:34:59.0530 3280 NdisWan - ok
23:34:59.0576 3280 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:34:59.0578 3280 NDProxy - ok
23:34:59.0621 3280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:34:59.0622 3280 NetBIOS - ok
23:34:59.0659 3280 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:34:59.0662 3280 NetBT - ok
23:34:59.0875 3280 netr28x (68cdb276a3009f0cf000c6352c1f72e7) C:\Windows\system32\DRIVERS\netr28x.sys
23:34:59.0883 3280 netr28x - ok
23:34:59.0899 3280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:34:59.0900 3280 nfrd960 - ok
23:34:59.0920 3280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:34:59.0921 3280 Npfs - ok
23:34:59.0933 3280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:34:59.0933 3280 nsiproxy - ok
23:34:59.0993 3280 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:35:00.0008 3280 Ntfs - ok
23:35:00.0023 3280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:35:00.0024 3280 Null - ok
23:35:00.0061 3280 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:35:00.0063 3280 nvraid - ok
23:35:00.0091 3280 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:35:00.0093 3280 nvstor - ok
23:35:00.0116 3280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:35:00.0117 3280 nv_agp - ok
23:35:00.0142 3280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:35:00.0143 3280 ohci1394 - ok
23:35:00.0193 3280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:35:00.0195 3280 Parport - ok
23:35:00.0210 3280 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:35:00.0211 3280 partmgr - ok
23:35:00.0234 3280 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:35:00.0237 3280 pci - ok
23:35:00.0271 3280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:35:00.0272 3280 pciide - ok
23:35:00.0292 3280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:35:00.0295 3280 pcmcia - ok
23:35:00.0361 3280 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
23:35:00.0362 3280 PCTBD - ok
23:35:00.0403 3280 pctBTFix (006361ef165d541fe634cd48c8436168) C:\Windows\system32\Drivers\pctBTFix64.sys
23:35:00.0403 3280 pctBTFix - ok
23:35:00.0442 3280 PCTCore (b34958cf94a8e924e8870ea6fb5b1923) C:\Windows\system32\drivers\PCTCore64.sys
23:35:00.0446 3280 PCTCore - ok
23:35:00.0466 3280 pctDS (00cdbcb3178668c780a0c186b958a433) C:\Windows\system32\drivers\pctDS64.sys
23:35:00.0470 3280 pctDS - ok
23:35:00.0496 3280 pctEFA (6a509ceeb76361d12f0efe28e48f2221) C:\Windows\system32\drivers\pctEFA64.sys
23:35:00.0503 3280 pctEFA - ok
23:35:00.0552 3280 PCTFW-PacketFilter (726c4e56d244710f95c10c64410dedaa) C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
23:35:00.0554 3280 PCTFW-PacketFilter - ok
23:35:00.0596 3280 pctgntdi (07396a10e07af751a3a045872cf1e5ac) C:\Windows\System32\drivers\pctgntdi64.sys
23:35:00.0599 3280 pctgntdi - ok
23:35:00.0649 3280 pctNdisLW64 (59bffad0c8f00f0d389cd3e38f5ec0c6) C:\Windows\system32\DRIVERS\pctNdisLW64.sys
23:35:00.0650 3280 pctNdisLW64 - ok
23:35:00.0691 3280 pctplfw (d973475a08d045ce378f85f4155b511c) C:\Windows\System32\drivers\pctplfw64.sys
23:35:00.0693 3280 pctplfw - ok
23:35:00.0727 3280 pctplsg (18b9a064b02b5f20c4c78ab8c5788f04) C:\Windows\System32\drivers\pctplsg64.sys
23:35:00.0729 3280 pctplsg - ok
23:35:00.0763 3280 PCTSD (2ab248581631e918b37b630516b005e7) C:\Windows\system32\Drivers\PCTSD64.sys
23:35:00.0765 3280 PCTSD - ok
23:35:00.0787 3280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:35:00.0788 3280 pcw - ok
23:35:00.0811 3280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:35:00.0817 3280 PEAUTH - ok
23:35:00.0890 3280 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:35:00.0891 3280 PptpMiniport - ok
23:35:00.0908 3280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:35:00.0910 3280 Processor - ok
23:35:00.0960 3280 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:35:00.0961 3280 Psched - ok
23:35:01.0009 3280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:35:01.0023 3280 ql2300 - ok
23:35:01.0038 3280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:35:01.0040 3280 ql40xx - ok
23:35:01.0063 3280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:35:01.0064 3280 QWAVEdrv - ok
23:35:01.0084 3280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:35:01.0085 3280 RasAcd - ok
23:35:01.0120 3280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:35:01.0122 3280 RasAgileVpn - ok
23:35:01.0158 3280 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:35:01.0160 3280 Rasl2tp - ok
23:35:01.0190 3280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:35:01.0192 3280 RasPppoe - ok
23:35:01.0214 3280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:35:01.0216 3280 RasSstp - ok
23:35:01.0253 3280 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:35:01.0257 3280 rdbss - ok
23:35:01.0269 3280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:35:01.0270 3280 rdpbus - ok
23:35:01.0290 3280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:35:01.0291 3280 RDPCDD - ok
23:35:01.0332 3280 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:35:01.0335 3280 RDPDR - ok
23:35:01.0349 3280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:35:01.0349 3280 RDPENCDD - ok
23:35:01.0367 3280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:35:01.0367 3280 RDPREFMP - ok
23:35:01.0412 3280 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:35:01.0414 3280 RDPWD - ok
23:35:01.0452 3280 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:35:01.0454 3280 rdyboost - ok
23:35:01.0515 3280 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
23:35:01.0516 3280 Revoflt - ok
23:35:01.0556 3280 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:35:01.0558 3280 RFCOMM - ok
23:35:01.0577 3280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:35:01.0578 3280 rspndr - ok
23:35:01.0609 3280 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:35:01.0611 3280 s3cap - ok
23:35:01.0632 3280 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:35:01.0633 3280 sbp2port - ok
23:35:01.0674 3280 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:35:01.0675 3280 scfilter - ok
23:35:01.0722 3280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:35:01.0723 3280 secdrv - ok
23:35:01.0770 3280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:35:01.0772 3280 Serenum - ok
23:35:01.0793 3280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:35:01.0795 3280 Serial - ok
23:35:01.0852 3280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:35:01.0853 3280 sermouse - ok
23:35:01.0897 3280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:35:01.0899 3280 sffdisk - ok
23:35:01.0917 3280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:35:01.0918 3280 sffp_mmc - ok
23:35:01.0932 3280 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:35:01.0933 3280 sffp_sd - ok
23:35:01.0970 3280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:35:01.0971 3280 sfloppy - ok
23:35:01.0994 3280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:35:01.0995 3280 SiSRaid2 - ok
23:35:02.0011 3280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:35:02.0012 3280 SiSRaid4 - ok
23:35:02.0042 3280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:35:02.0044 3280 Smb - ok
23:35:02.0077 3280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:35:02.0079 3280 spldr - ok
23:35:02.0136 3280 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:35:02.0141 3280 srv - ok
23:35:02.0186 3280 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:35:02.0190 3280 srv2 - ok
23:35:02.0213 3280 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:35:02.0215 3280 srvnet - ok
23:35:02.0246 3280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:35:02.0247 3280 stexstor - ok
23:35:02.0294 3280 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
23:35:02.0295 3280 StillCam - ok
23:35:02.0307 3280 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:35:02.0308 3280 storflt - ok
23:35:02.0330 3280 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:35:02.0332 3280 storvsc - ok
23:35:02.0350 3280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:35:02.0351 3280 swenum - ok
23:35:02.0406 3280 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
23:35:02.0423 3280 Tcpip - ok
23:35:02.0448 3280 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
23:35:02.0455 3280 TCPIP6 - ok
23:35:02.0497 3280 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:35:02.0499 3280 tcpipreg - ok
23:35:02.0523 3280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:35:02.0524 3280 TDPIPE - ok
23:35:02.0540 3280 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:35:02.0541 3280 TDTCP - ok
23:35:02.0581 3280 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:35:02.0582 3280 tdx - ok
23:35:02.0600 3280 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:35:02.0601 3280 TermDD - ok
23:35:02.0640 3280 TfFsMon (7a9db95526d3111a7482cfac748e3150) C:\Windows\system32\drivers\TfFsMon.sys
23:35:02.0641 3280 TfFsMon - ok
23:35:02.0664 3280 TfNetMon (9189c9f2ff899a14f13f94cb9c1447cf) C:\Windows\system32\drivers\TfNetMon.sys
23:35:02.0665 3280 TfNetMon - ok
23:35:02.0693 3280 TFSysMon (af463ca8e9998cdd6c93cc285ec1516c) C:\Windows\system32\drivers\TfSysMon.sys
23:35:02.0700 3280 TFSysMon - ok
23:35:02.0744 3280 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:35:02.0745 3280 tssecsrv - ok
23:35:02.0805 3280 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:35:02.0806 3280 TsUsbFlt - ok
23:35:02.0859 3280 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:35:02.0861 3280 tunnel - ok
23:35:02.0884 3280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:35:02.0885 3280 uagp35 - ok
23:35:02.0933 3280 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:35:02.0937 3280 udfs - ok
23:35:02.0961 3280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:35:02.0962 3280 uliagpkx - ok
23:35:02.0988 3280 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:35:02.0989 3280 umbus - ok
23:35:03.0014 3280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:35:03.0015 3280 UmPass - ok
23:35:03.0084 3280 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:35:03.0084 3280 USBAAPL64 - ok
23:35:03.0105 3280 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:35:03.0106 3280 usbaudio - ok
23:35:03.0133 3280 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:35:03.0134 3280 usbccgp - ok
23:35:03.0191 3280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:35:03.0193 3280 usbcir - ok
23:35:03.0215 3280 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:35:03.0216 3280 usbehci - ok
23:35:03.0233 3280 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:35:03.0238 3280 usbhub - ok
23:35:03.0260 3280 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:35:03.0262 3280 usbohci - ok
23:35:03.0278 3280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:35:03.0279 3280 usbprint - ok
23:35:03.0320 3280 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:35:03.0322 3280 usbscan - ok
23:35:03.0342 3280 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:35:03.0343 3280 USBSTOR - ok
23:35:03.0358 3280 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:35:03.0359 3280 usbuhci - ok
23:35:03.0384 3280 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:35:03.0387 3280 usbvideo - ok
23:35:03.0425 3280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:35:03.0426 3280 vdrvroot - ok
23:35:03.0448 3280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:35:03.0449 3280 vga - ok
23:35:03.0471 3280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:35:03.0472 3280 VgaSave - ok
23:35:03.0511 3280 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:35:03.0514 3280 vhdmp - ok
23:35:03.0549 3280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:35:03.0550 3280 viaide - ok
23:35:03.0571 3280 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:35:03.0573 3280 vmbus - ok
23:35:03.0605 3280 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:35:03.0606 3280 VMBusHID - ok
23:35:03.0623 3280 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:35:03.0625 3280 volmgr - ok
23:35:03.0656 3280 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:35:03.0660 3280 volmgrx - ok
23:35:03.0702 3280 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:35:03.0706 3280 volsnap - ok
23:35:03.0744 3280 vpnva (845dae50510383b7f6aca73ce2099048) C:\Windows\system32\DRIVERS\vpnva64.sys
23:35:03.0745 3280 vpnva - ok
23:35:03.0767 3280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:35:03.0769 3280 vsmraid - ok
23:35:03.0790 3280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:35:03.0791 3280 vwifibus - ok
23:35:03.0809 3280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:35:03.0810 3280 vwififlt - ok
23:35:03.0834 3280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:35:03.0835 3280 WacomPen - ok
23:35:03.0848 3280 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:35:03.0850 3280 WANARP - ok
23:35:03.0853 3280 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:35:03.0854 3280 Wanarpv6 - ok
23:35:03.0869 3280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:35:03.0871 3280 Wd - ok
23:35:03.0893 3280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:35:03.0900 3280 Wdf01000 - ok
23:35:03.0923 3280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:35:03.0924 3280 WfpLwf - ok
23:35:03.0942 3280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:35:03.0956 3280 WIMMount - ok
23:35:03.0994 3280 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:35:03.0996 3280 WinUsb - ok
23:35:04.0056 3280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:35:04.0057 3280 WmiAcpi - ok
23:35:04.0089 3280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:35:04.0090 3280 ws2ifsl - ok
23:35:04.0140 3280 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:35:04.0142 3280 WudfPf - ok
23:35:04.0164 3280 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:35:04.0166 3280 WUDFRd - ok
23:35:04.0214 3280 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
23:35:04.0215 3280 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
23:35:04.0215 3280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
23:35:04.0233 3280 Boot (0x1200) (1a4d23d96004d2fed4f69e06e54692ca) \Device\Harddisk0\DR0\Partition0
23:35:04.0234 3280 \Device\Harddisk0\DR0\Partition0 - ok
23:35:04.0245 3280 Boot (0x1200) (b3b392e1bb1628e42bc4e5da4e54df33) \Device\Harddisk0\DR0\Partition1
23:35:04.0246 3280 \Device\Harddisk0\DR0\Partition1 - ok
23:35:04.0246 3280 ============================================================
23:35:04.0246 3280 Scan finished
23:35:04.0246 3280 ============================================================
23:35:04.0256 6268 Detected object count: 1
23:35:04.0256 6268 Actual detected object count: 1
23:36:07.0699 6268 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - skipped by user
23:36:07.0699 6268 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Skip
sharkbait
Active Member
 
Posts: 3
Joined: November 7th, 2011, 2:37 am
Advertisement
Register to Remove

Re: TDSS.Rootkit.v3 Removal Help

Unread postby sharkbait » November 7th, 2011, 2:46 am

OTL logfile created on: 11/6/2011 11:40:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.37% Memory free
7.60 Gb Paging File | 4.95 Gb Available in Paging File | 65.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.32 Gb Total Space | 779.51 Gb Free Space | 83.70% Space Free | Partition Type: NTFS
Drive W: | 750.00 Gb Total Space | 414.09 Gb Free Space | 55.21% Space Free | Partition Type: NTFS

Computer Name: BEVIS | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 23:35:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/11/06 23:34:24 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
PRC - [2011/10/28 10:02:02 | 002,658,744 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2011/10/28 10:02:02 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2011/10/27 20:49:32 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2011/10/27 20:49:28 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/10/25 12:38:10 | 000,542,672 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/09/30 16:44:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/06/01 17:15:30 | 006,123,032 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2011/05/23 11:54:07 | 000,465,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/13 17:04:50 | 000,181,504 | ---- | M] (Proxure, Inc.) -- C:\Program Files (x86)\Proxure\MCE Tunes Pro\MCETunesExtenderSupport.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/28 10:02:30 | 000,861,112 | ---- | M] () -- C:\Program Files (x86)\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll
MOD - [2011/10/28 10:02:04 | 000,376,248 | ---- | M] () -- C:\Program Files (x86)\PC Tools\PC Tools Security\PCTUI\PCTUI.dll
MOD - [2011/09/30 16:44:13 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/10/29 13:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/22 14:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 16:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 15:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 15:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 15:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 15:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 15:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 15:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 15:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 15:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 15:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/04 15:48:20 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/10/28 10:02:02 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/10/27 20:49:32 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/10/27 20:49:28 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/10/25 12:38:10 | 000,542,672 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/05/23 11:54:07 | 000,465,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/28 10:03:24 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2011/10/28 10:03:12 | 000,181,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2011/10/28 10:03:00 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/10/28 10:01:36 | 000,014,776 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctBTFix64.sys -- (pctBTFix)
DRV:64bit: - [2011/10/28 09:41:12 | 000,336,512 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011/10/27 20:49:30 | 000,706,776 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2011/10/27 20:49:30 | 000,065,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011/10/27 20:49:30 | 000,041,968 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011/10/22 14:11:24 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/10/07 16:52:26 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2011/10/07 16:52:20 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/09/28 12:14:02 | 000,070,760 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2011/08/21 13:11:46 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/07/19 09:29:12 | 000,120,200 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2011/07/08 13:36:40 | 000,076,952 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctNdisLW64.sys -- (pctNdisLW64)
DRV:64bit: - [2011/05/23 11:45:27 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/05/23 11:45:05 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/31 22:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2011/03/31 22:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/31 22:04:32 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/04 15:12:04 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/26 17:02:32 | 000,787,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/26 05:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/23 15:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/09/18 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/10 13:31:43 | 000,292,224 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 11:14:16 | 000,097,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/05/14 11:14:14 | 000,131,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/05/14 11:14:10 | 000,019,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/04/07 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http.hds.com:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.backup.ftp: "http.hds.com"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "http.hds.com"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "http.hds.com"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "http.hds.com"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "http.hds.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "http.hds.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "http.hds.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "http.hds.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "http.hds.com"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/23 11:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2011/11/04 23:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 16:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/26 16:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/21 07:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\astoolbar@pctools.com: C:\Program Files (x86)\PC Tools\PC Tools Security\SpamMonitor\PCTools Email Toolbars\Thunderbird\ [2011/11/04 23:19:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/23 11:47:25 | 000,000,000 | ---D | M]

[2011/01/23 09:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/01/23 09:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/28 23:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0z4a0kbc.default\extensions
[2011/08/25 07:20:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0z4a0kbc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/10/22 13:36:08 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0z4a0kbc.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/07/20 10:02:51 | 000,002,569 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0z4a0kbc.default\searchplugins\askcom.xml
[2011/08/24 19:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/23 20:29:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/24 19:54:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Z4A0KBC.DEFAULT\EXTENSIONS\{9AB67D74-EC41-4CB2-B417-DF5D93BA1BEB}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Z4A0KBC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Z4A0KBC.DEFAULT\EXTENSIONS\MOVABLEAPPBUTTON@MERCI.CHAO.XPI
[2011/09/30 16:44:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/06 17:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/24 19:54:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 17:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/05/07 21:36:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [MCE Tunes Extender Support] C:\Program Files (x86)\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://usindsecvpn03.hds.com/CACHE/stc ... vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4991278E-154D-49F5-BC87-781A6BF49709}: DhcpNameServer = 172.27.35.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{41b6f0d1-cf39-11e0-970e-7071bcbc9cbb}\Shell - "" = AutoRun
O33 - MountPoints2\{41b6f0d1-cf39-11e0-970e-7071bcbc9cbb}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 23:35:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/11/06 23:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/06 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/05 16:29:21 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/11/04 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PC Tools
[2011/11/04 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Spam Monitor
[2011/11/04 23:19:34 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/11/04 23:19:34 | 000,070,760 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2011/11/04 23:19:33 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/11/04 23:19:33 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/11/04 23:18:41 | 000,336,512 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/11/04 23:18:41 | 000,141,312 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/11/04 23:18:34 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2011/11/04 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/11/04 23:18:31 | 000,706,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/11/04 23:18:31 | 000,065,664 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/11/04 23:18:31 | 000,041,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/11/04 23:18:26 | 000,181,000 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2011/11/04 23:18:26 | 000,120,200 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2011/11/04 23:18:26 | 000,076,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdisLW64.sys
[2011/11/04 23:18:26 | 000,042,456 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2011/11/04 23:18:25 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/11/04 23:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2011/11/04 23:16:33 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/11/04 23:16:33 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/11/04 23:16:28 | 000,367,912 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/11/04 23:16:27 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011/11/04 23:15:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TestApp
[2011/11/04 11:09:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\APN
[2011/11/04 11:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011
[2011/11/04 10:50:15 | 000,000,000 | ---D | C] -- C:\Temp
[2011/11/04 10:44:25 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/03 17:17:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/10/28 22:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2011/10/28 22:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2011/10/28 09:59:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011/10/22 13:36:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Sling Media
[2011/10/21 17:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adams EForms
[2011/10/21 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\TOPS
[2011/10/14 22:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/14 22:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/14 22:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/14 22:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/14 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/14 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 02:01:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/12 02:01:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/12 02:01:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/12 02:01:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/12 02:01:05 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/12 02:01:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/12 02:01:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/12 02:01:04 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/12 02:01:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/11 16:23:29 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/11 16:23:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/11 16:23:29 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/11 16:23:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/11 16:23:21 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/11 16:23:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/06 23:35:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/11/06 23:34:24 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/11/06 23:34:17 | 001,545,217 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/11/06 23:25:52 | 000,002,975 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/11/06 23:12:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2975628360-876759939-2616348851-1001UA.job
[2011/11/06 22:31:43 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 22:31:43 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 22:27:57 | 000,730,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 22:27:57 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 22:27:57 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/06 22:24:54 | 002,388,880 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/11/06 22:21:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 22:21:30 | 3061,825,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 20:38:32 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/11/06 14:20:57 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2975628360-876759939-2616348851-1001Core.job
[2011/11/05 16:05:50 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/05 06:22:52 | 501,727,088 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/04 23:20:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2011/11/04 23:18:34 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2011/11/04 23:15:46 | 000,001,531 | ---- | M] () -- C:\Users\Chris\Desktop\issetup.exe.lnk
[2011/11/04 10:58:13 | 000,000,432 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/04 10:58:12 | 000,000,296 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/04 10:58:12 | 000,000,200 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/03 19:22:59 | 000,004,230 | ---- | M] () -- C:\Users\Chris\Desktop\GLDPLUB110411.pdf
[2011/10/29 14:52:08 | 000,037,566 | ---- | M] () -- C:\Users\Chris\Documents\erp.hds.com_OA_HTML_OA.jsp_page=_oracle_apps_ap_oie_entry_summary_webui_ConfirmationPG&_ti=55020092&retainAM=Y&addBreadCrumb=N&oapc=71.pdf
[2011/10/28 22:23:49 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2011/10/28 10:03:24 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/10/28 10:03:12 | 000,181,000 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2011/10/28 10:03:00 | 000,230,952 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011/10/28 10:01:36 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2011/10/28 09:59:39 | 000,001,345 | ---- | M] () -- C:\Users\Chris\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
[2011/10/28 09:41:16 | 000,141,312 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/10/28 09:41:12 | 000,336,512 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/10/27 20:49:30 | 000,706,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/10/27 20:49:30 | 000,065,664 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/10/27 20:49:30 | 000,041,968 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/10/27 05:13:09 | 000,002,394 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2011/10/25 12:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/10/25 12:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/10/25 12:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/10/25 12:38:08 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2011/10/22 14:11:24 | 000,367,912 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/10/21 22:18:12 | 001,676,435 | ---- | M] () -- C:\Users\Chris\Desktop\MotoXoom_lo_res_09_27.pdf
[2011/10/21 17:33:28 | 000,000,685 | ---- | M] () -- C:\Users\Chris\Desktop\Living Will Forms.lnk
[2011/10/15 23:02:27 | 000,015,545 | ---- | M] () -- C:\Users\Chris\Desktop\Wendy Platt PADI eLearning record.pdf
[2011/10/14 22:42:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 02:27:27 | 000,430,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 23:32:38 | 001,545,217 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/11/06 23:25:52 | 000,002,975 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/11/04 23:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2011/11/04 23:19:34 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/11/04 23:19:34 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2011/11/04 23:19:34 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/11/04 23:19:34 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/11/04 23:19:34 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/11/04 23:18:34 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2011/11/04 23:15:46 | 000,001,531 | ---- | C] () -- C:\Users\Chris\Desktop\issetup.exe.lnk
[2011/11/04 10:52:02 | 000,000,296 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/04 10:52:02 | 000,000,200 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/04 10:51:42 | 000,000,432 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/03 19:22:58 | 000,004,230 | ---- | C] () -- C:\Users\Chris\Desktop\GLDPLUB110411.pdf
[2011/10/29 14:52:07 | 000,037,566 | ---- | C] () -- C:\Users\Chris\Documents\erp.hds.com_OA_HTML_OA.jsp_page=_oracle_apps_ap_oie_entry_summary_webui_ConfirmationPG&_ti=55020092&retainAM=Y&addBreadCrumb=N&oapc=71.pdf
[2011/10/28 22:23:49 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2011/10/28 09:59:39 | 000,001,345 | ---- | C] () -- C:\Users\Chris\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
[2011/10/21 22:18:09 | 001,676,435 | ---- | C] () -- C:\Users\Chris\Desktop\MotoXoom_lo_res_09_27.pdf
[2011/10/21 17:33:28 | 000,000,685 | ---- | C] () -- C:\Users\Chris\Desktop\Living Will Forms.lnk
[2011/10/15 23:02:25 | 000,015,545 | ---- | C] () -- C:\Users\Chris\Desktop\Wendy Platt PADI eLearning record.pdf
[2011/10/14 22:42:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/05 21:43:04 | 000,187,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/19 17:34:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/31 22:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/03/31 22:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/03/31 22:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/13 12:12:16 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/27 12:51:05 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/27 12:50:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/28 13:51:18 | 000,221,369 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/01/28 13:51:18 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/01/23 15:03:25 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/23 11:12:30 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
sharkbait
Active Member
 
Posts: 3
Joined: November 7th, 2011, 2:37 am

Re: TDSS.Rootkit.v3 Removal Help

Unread postby sharkbait » November 7th, 2011, 2:48 am

OTL Extras logfile created on: 11/6/2011 11:40:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.37% Memory free
7.60 Gb Paging File | 4.95 Gb Available in Paging File | 65.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.32 Gb Total Space | 779.51 Gb Free Space | 83.70% Space Free | Partition Type: NTFS
Drive W: | 750.00 Gb Total Space | 414.09 Gb Free Space | 55.21% Space Free | Partition Type: NTFS

Computer Name: BEVIS | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java(TM) SE Development Kit 6 Update 27 (64-bit)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C1C9924-3755-483C-87B1-8371B7454B1A}" = HP Photosmart Plus B210 series Product Improvement Study
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C634C1E3-53CF-4D8E-9FF6-4006CBB0F630}" = Outlook 2010 Toolbar
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F4330A8B-3610-4483-975E-69789B70A764}" = HP Photosmart Plus B210 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Allway Sync_is1" = Allway Sync version 11.2.2
"doPDF 7 printer_is1" = doPDF 7.1 printer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"PROSet" = Intel(R) Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java(TM) SE Development Kit 6 Update 27
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{678400CC-C814-4AC5-B3BF-F4EDC5822C52}" = RAID Manager for WindowsNT/x64
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B50289E4-36DB-4FEA-AC5D-043EF7F6DAE3}" = Cisco AnyConnect Secure Mobility Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6270F59-57C0-4924-B5EB-E79616B5590F}" = Garmin City Navigator North America NT 2011.40 Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE46FEE3-4D5F-446F-ACEC-89E3ED081293}" = MCE Tunes Pro
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"ActiveTouchMeetingClient" = WebEx
"Adams Living Will Forms" = Adams Living Will Forms
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Android SDK Tools" = Android SDK Tools
"Browser Defender_is1" = Browser Defender 4.0
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"doubleTwist" = doubleTwist
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Reader_is1" = Foxit Reader 5.1
"FTP Voyager_is1" = FTP Voyager 15.2
"HP Photo Creations" = HP Photo Creations
"Jawbone Updater" = Jawbone Updater
"Last Will And Testament CD_is1" = Last Will And Testament CD 1.0
"Logitech Vid" = Logitech Vid HD
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.14)" = Mozilla Thunderbird (3.1.14)
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Spyware Doctor" = PC Tools Internet Security 9.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
sharkbait
Active Member
 
Posts: 3
Joined: November 7th, 2011, 2:37 am

Re: TDSS.Rootkit.v3 Removal Help

Unread postby deltalima » November 7th, 2011, 4:13 am

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware