I scanned and cleaned the PC with Malewarebytes, Houcall free AV and TDSSKiller. All three cleaned something. Now I cannot boot the PC (XP Pro SP3) in normal mode. I get the log on screen but then when I log on it reboots. I can log on in Safe mode with networking. The issue happened following TDSSKiller tried to clean the root kit. Any suggestion. This is an urgent matter. I use this PC for work. Thanks.
OTL logfile created on: 2013-03-11 18:14:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
1,90 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 80,59% Memory free
3,23 Gb Paging File | 3,03 Gb Available in Paging File | 93,81% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 440,94 Gb Free Space | 94,67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: LAROCQUE | User Name: alarocque | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-03-11 18:13:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2013-02-19 07:02:01 | 002,163,040 | ---- | M] (TeamViewer GmbH) -- c:\Documents and Settings\user\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2013-02-19 07:02:00 | 007,293,280 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\user\Local Settings\Temp\TeamViewer\Version6\TeamViewer.exe
PRC - [2013-02-19 04:59:12 | 000,108,896 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\user\Local Settings\Temp\TeamViewer\Version6\tv_w32.exe
PRC - [2008-04-13 20:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008-04-13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2008-04-13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
========== Services (SafeList) ==========
SRV - [2013-02-26 17:22:22 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-02-19 07:02:01 | 002,439,520 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- c:\Documents and Settings\user\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-10-26 13:27:42 | 000,703,080 | ---- | M] (Fortinet Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2009-11-04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-11-04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-10-26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009-10-16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009-09-04 20:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2009-09-04 20:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2009-08-19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009-07-15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009-07-06 14:19:04 | 000,345,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\6dd0de3ac83198fd.sys -- (6dd0de3ac83198fd)
DRV - [2011-10-24 15:03:04 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011-10-24 15:02:44 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011-07-12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011-07-12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011-07-12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010-07-19 18:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010-01-29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-11-20 19:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009-11-20 19:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009-11-17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-10-15 17:16:04 | 000,205,824 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009-08-06 02:28:16 | 000,155,688 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx)
DRV - [2009-08-03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009-07-21 18:53:06 | 000,036,384 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pppop.sys -- (pppop)
DRV - [2009-07-15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009-06-05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-06-19 08:44:12 | 000,013,824 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008-06-04 23:58:18 | 000,144,480 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008-05-23 16:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008-04-13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-06-12 16:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2004-08-12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001-08-17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-08-17 08:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001-01-30 17:34:38 | 000,025,381 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSSUSBF.sys -- (DSSUSBF)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/advanced_search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/de...fr-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5101914A-749F-41e1-8563-C4AA491AE618}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{5390DEDC-A809-4869-A9D5-CBB3798A02EB}: "URL" = http://ca.search.yah...cevm&type=STDVM
IE - HKCU\..\SearchScopes\{5F472885-5798-4242-8C98-79E4CB426B3A}: "URL" = http://websearch.ask...2C-E5076165FB23
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enCA402
IE - HKCU\..\SearchScopes\{AA304BE5-0DB0-450f-8271-DBD839212C7C}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: FortiClient SSL VPN CacheClean Service (Enabled) = C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll
CHR - plugin: FortiClient SSL VPN Tunnel Service (Enabled) = C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Recherche Google = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2001-08-18 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1363030100140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.243.189 24.200.241.37 24.201.245.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09E3DB22-DFCE-4DDD-A73C-65CD67E979A7}: DhcpNameServer = 206.191.0.210 206.191.0.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB33A13-D3F8-4F6C-B046-64778A9A7D33}: DhcpNameServer = 172.16.0.20 206.191.0.140 206.191.0.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BA7B319-DF11-4C3A-82A5-7BF7D8E08CE1}: DhcpNameServer = 206.191.0.210 206.191.0.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D0CCD3B-09C7-4239-A519-EFFB2A149DD3}: DhcpNameServer = 24.200.243.189 24.200.241.37 24.201.245.77
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-05-30 10:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013-03-11 18:13:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2013-03-11 17:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013-03-11 17:13:09 | 003,498,400 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\user\Desktop\TeamViewerQS.exe
[2013-03-11 16:04:23 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2013-03-11 16:02:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013-03-11 15:57:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2013-03-11 15:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro OfficeScan Client
[2013-03-11 15:27:45 | 073,693,233 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\Roaming32bit.exe
[2013-03-07 12:11:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013-03-06 10:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Druide
[2013-02-14 18:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Le Petit Robert 2009
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013-03-11 18:13:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2013-03-11 18:12:16 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Word 2007 (2).lnk
[2013-03-11 18:11:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-03-11 18:09:55 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-11 18:09:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013-03-11 17:34:49 | 000,000,213 | RHS- | M] () -- C:\boot.ini
[2013-03-11 17:13:09 | 003,498,400 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\user\Desktop\TeamViewerQS.exe
[2013-03-11 16:02:24 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013-03-11 15:58:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B0E313CD-E755-490A-B9FF-306F2013738C}.job
[2013-03-11 15:56:21 | 000,210,986 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2013-03-11 15:56:18 | 000,189,083 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2013-03-11 15:55:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2013-03-11 15:55:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013-03-11 15:47:53 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2013-03-11 15:41:07 | 000,446,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-03-11 15:41:07 | 000,072,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-03-11 15:41:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-11 15:28:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2939561921-1449655655-3289834387-1007UA.job
[2013-03-11 15:22:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-03-11 15:04:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-11 15:01:07 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\user\My Documents\Default.rdp
[2013-03-11 08:28:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2939561921-1449655655-3289834387-1007Core.job
[2013-03-08 17:41:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-03-06 10:31:37 | 000,000,161 | ---- | M] () -- C:\WINDOWS\Antidote.ini
[2013-03-06 10:28:52 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office PowerPoint 2007 (2).lnk
[2013-02-14 18:36:14 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Le Petit Robert 2009.lnk
[2013-02-14 09:15:42 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-02-13 20:37:46 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013-03-11 15:56:21 | 000,210,986 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2013-03-11 15:56:18 | 000,189,083 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2013-03-11 15:47:04 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2013-03-11 15:04:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013-02-14 18:36:14 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Le Petit Robert 2009.lnk
[2013-01-10 18:45:43 | 000,187,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012-10-06 16:03:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-02-16 14:04:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-04-07 15:40:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2011-03-17 14:06:55 | 000,016,197 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009-11-27 12:18:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PFP100JPR.{PB
[2009-11-27 12:18:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PFP100JCM.{PB
[2008-06-18 11:14:02 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2008-08-01 13:05:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008-04-13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012-04-26 09:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010-10-12 09:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASUS OC Profiles
[2010-10-13 19:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Le Robert
[2009-09-21 13:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safend
[2013-03-06 10:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Druide
[2012-03-26 11:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
[2010-07-16 08:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 2013-03-11 18:14:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
1,90 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 80,59% Memory free
3,23 Gb Paging File | 3,03 Gb Available in Paging File | 93,81% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 440,94 Gb Free Space | 94,67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: LAROCQUE | User Name: alarocque | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"29961:TCP" = 29961:TCP:*:Enabled:Trend Micro OfficeScan Listener
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" = C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Microsoft Office2007\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Le Robert\Le Petit Robert 2009\prnet.exe" = C:\Program Files\Le Robert\Le Petit Robert 2009\prnet.exe:*:Enabled:Le Petit Robert 2008 -- (Dictionnaire Le Robert)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{86A803A1-4D71-11D5-A770-00A0C9E895EB}" = WordPerfect Office 2002
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E35083D-B04F-4823-A260-C07FDD3D40FD}" = Olympus DSS Player Pro
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A34DCE59-0004-0000-2085-3F8A9926B752}" = FortiClient SSL VPN v4.0.2085
"{A474EA56-5DBD-4181-8230-806A4762EA7F}" = Antidote RX v8
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{BDE813B0-BF65-11D2-92B4-0060B0686AFB}" = SpeechMike Executive
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F872A4F8-4EC5-4668-A908-7C7275B0BE49}" = hppusgP2030
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Barre LogiTermWeb 5_is1" = Barre LogiTermWeb 5.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HP LaserJet P2030 Series" = HP LaserJet P2030 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"ITPM" = Intel® Trusted Platform Module
"Larousse Chambers Advanced Dictionary" = Larousse Chambers Advanced Dictionary
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxDriver" = marvell 61xx
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"OfficeScanNT" = Trend Micro OfficeScan Client
"PR1CD2009" = Le Petit Robert 2009
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2013-01-16 10:05:59 | Computer Name = LAROCQUE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2013-01-24 11:26:41 | Computer Name = LAROCQUE | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 2013-01-29 11:05:10 | Computer Name = LAROCQUE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2013-02-25 06:24:59 | Computer Name = LAROCQUE | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting
module localspl.dll, version 5.1.2600.6226, fault address 0x00023731.
Error - 2013-02-25 06:25:10 | Computer Name = LAROCQUE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.6600.1000, stamp 4de50c7e,
faulting module ppcore.dll, version 12.0.6654.5000, stamp 4e8d280f, debug? 0, fault
address 0x000f4db2.
Error - 2013-03-06 15:46:52 | Computer Name = LAROCQUE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.6600.1000, stamp 4de50c7e,
faulting module mssp3fr.dll, version 5.0.8150.105, stamp 44e6ce8e, debug? 0, fault
address 0x0000f93c.
Error - 2013-03-07 12:12:37 | Computer Name = LAROCQUE | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
Off Mode: Append Type: Normal Consult the backup report for more details.
Error - 2013-03-07 12:12:40 | Computer Name = LAROCQUE | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.
Error - 2013-03-09 16:41:42 | Computer Name = LAROCQUE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2013-03-11 15:57:22 | Computer Name = LAROCQUE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 2012-10-01 12:48:52 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 551 seconds with 480 seconds of active time. This session ended with a crash.
Error - 2012-10-02 14:50:45 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1146
seconds with 900 seconds of active time. This session ended with a crash.
Error - 2012-11-22 12:00:29 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1913 seconds with 1200 seconds of active time. This session ended with a
crash.
Error - 2012-12-01 16:53:25 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 718 seconds with 540 seconds of active time. This session ended with a crash.
Error - 2012-12-17 17:34:59 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1977
seconds with 1440 seconds of active time. This session ended with a crash.
Error - 2012-12-17 17:42:27 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 439
seconds with 300 seconds of active time. This session ended with a crash.
Error - 2012-12-17 20:48:51 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2012-12-21 19:04:29 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1509
seconds with 960 seconds of active time. This session ended with a crash.
Error - 2013-02-25 06:25:09 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 215 seconds with 180 seconds of active time. This session ended with a crash.
Error - 2013-03-06 15:46:51 | Computer Name = LAROCQUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 2084 seconds with 1620 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 2013-03-11 17:54:02 | Computer Name = LAROCQUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 2013-03-11 17:54:13 | Computer Name = LAROCQUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2013-03-11 17:55:00 | Computer Name = LAROCQUE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 2013-03-11 17:55:00 | Computer Name = LAROCQUE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 2013-03-11 17:55:00 | Computer Name = LAROCQUE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 2013-03-11 17:55:00 | Computer Name = LAROCQUE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 2013-03-11 17:55:00 | Computer Name = LAROCQUE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AsIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
Error - 2013-03-11 18:08:47 | Computer Name = LAROCQUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2013-03-11 18:11:50 | Computer Name = LAROCQUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2013-03-11 18:12:52 | Computer Name = LAROCQUE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO Fips intelppm tmtdi
< End of report >
16:01:24.0546 2596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:01:24.0875 2596 ============================================================
16:01:24.0875 2596 Current date / time: 2013/03/11 16:01:24.0875
16:01:24.0875 2596 SystemInfo:
16:01:24.0875 2596
16:01:24.0875 2596 OS Version: 5.1.2600 ServicePack: 3.0
16:01:24.0875 2596 Product type: Workstation
16:01:24.0875 2596 ComputerName: LAROCQUE
16:01:24.0875 2596 UserName: alarocque
16:01:24.0875 2596 Windows directory: C:\WINDOWS
16:01:24.0875 2596 System windows directory: C:\WINDOWS
16:01:24.0875 2596 Processor architecture: Intel x86
16:01:24.0875 2596 Number of processors: 4
16:01:24.0875 2596 Page size: 0x1000
16:01:24.0875 2596 Boot type: Normal boot
16:01:24.0875 2596 ============================================================
16:01:28.0984 2596 !crdlk
16:01:29.0093 2596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:01:29.0093 2596 ============================================================
16:01:29.0093 2596 \Device\Harddisk0\DR0:
16:01:29.0093 2596 MBR partitions:
16:01:29.0093 2596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:01:29.0093 2596 ============================================================
16:01:29.0125 2596 C: <-> \Device\Harddisk0\DR0\Partition1
16:01:29.0125 2596 ============================================================
16:01:29.0125 2596 Initialize success
16:01:29.0125 2596 ============================================================
16:01:38.0609 2752 ============================================================
16:01:38.0609 2752 Scan started
16:01:38.0609 2752 Mode: Manual;
16:01:38.0609 2752 ============================================================
16:01:39.0359 2752 ================ Scan system memory ========================
16:01:39.0359 2752 System memory - ok
16:01:39.0359 2752 ================ Scan services =============================
16:01:39.0468 2752 6dd0de3ac83198fd - ok
16:01:39.0546 2752 Abiosdsk - ok
16:01:39.0562 2752 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:01:39.0562 2752 abp480n5 - ok
16:01:39.0625 2752 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
16:01:39.0625 2752 ac97intc - ok
16:01:39.0671 2752 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
16:01:39.0671 2752 ACPI - ok
16:01:39.0703 2752 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:01:39.0703 2752 ACPIEC - ok
16:01:39.0812 2752 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:01:39.0828 2752 AdobeFlashPlayerUpdateSvc - ok
16:01:39.0875 2752 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:01:39.0875 2752 adpu160m - ok
16:01:39.0906 2752 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:01:39.0906 2752 aec - ok
16:01:39.0937 2752 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:01:39.0937 2752 AFD - ok
16:01:39.0968 2752 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:01:39.0968 2752 agp440 - ok
16:01:39.0984 2752 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:01:39.0984 2752 agpCPQ - ok
16:01:40.0000 2752 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:01:40.0000 2752 Aha154x - ok
16:01:40.0031 2752 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:01:40.0031 2752 aic78u2 - ok
16:01:40.0046 2752 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:01:40.0046 2752 aic78xx - ok
16:01:40.0093 2752 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:01:40.0093 2752 Alerter - ok
16:01:40.0109 2752 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:01:40.0109 2752 ALG - ok
16:01:40.0125 2752 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:01:40.0125 2752 AliIde - ok
16:01:40.0156 2752 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:01:40.0156 2752 alim1541 - ok
16:01:40.0265 2752 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
16:01:40.0281 2752 Ambfilt - ok
16:01:40.0296 2752 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:01:40.0296 2752 amdagp - ok
16:01:40.0312 2752 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:01:40.0312 2752 amsint - ok
16:01:40.0359 2752 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:01:40.0375 2752 AppMgmt - ok
16:01:40.0406 2752 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:01:40.0406 2752 Arp1394 - ok
16:01:40.0421 2752 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:01:40.0421 2752 asc - ok
16:01:40.0437 2752 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:01:40.0437 2752 asc3350p - ok
16:01:40.0468 2752 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:01:40.0468 2752 asc3550 - ok
16:01:40.0500 2752 [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
16:01:40.0500 2752 AsIO - ok
16:01:40.0578 2752 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:01:40.0609 2752 aspnet_state - ok
16:01:40.0687 2752 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
16:01:40.0687 2752 AsSysCtrlService - ok
16:01:40.0734 2752 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:01:40.0734 2752 AsyncMac - ok
16:01:40.0765 2752 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
16:01:40.0765 2752 atapi - ok
16:01:40.0796 2752 Atdisk - ok
16:01:40.0828 2752 [ 9027AE586EF5F0E6A40175E92917B44C ] ati2mpaa C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
16:01:40.0843 2752 ati2mpaa - ok
16:01:40.0875 2752 [ 2D030C2F6B036CA0BC243E1B16D924D1 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
16:01:40.0875 2752 ati2mtaa - ok
16:01:40.0906 2752 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:01:40.0906 2752 Atmarpc - ok
16:01:40.0953 2752 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:01:40.0953 2752 AudioSrv - ok
16:01:40.0984 2752 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:01:40.0984 2752 audstub - ok
16:01:41.0015 2752 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
16:01:41.0031 2752 BCUService - ok
16:01:41.0125 2752 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:01:41.0125 2752 Beep - ok
16:01:41.0187 2752 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:01:41.0250 2752 BITS - ok
16:01:41.0312 2752 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:01:41.0312 2752 Browser - ok
16:01:41.0312 2752 Suspicious service (NoAccess): c3631cae1dc3f35d
16:01:41.0359 2752 [ 0A16219AFCE6DE9020EF3C8D477CEA62 ] c3631cae1dc3f35d C:\WINDOWS\System32\Drivers\c3631cae1dc3f35d.sys
16:01:41.0359 2752 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\c3631cae1dc3f35d.sys. md5: 0A16219AFCE6DE9020EF3C8D477CEA62
16:01:41.0890 2752 c3631cae1dc3f35d ( Rootkit.Win32.Necurs.gen ) - infected
16:01:41.0890 2752 c3631cae1dc3f35d - detected Rootkit.Win32.Necurs.gen (0)
16:01:42.0000 2752 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:01:42.0000 2752 cbidf - ok
16:01:42.0031 2752 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:01:42.0031 2752 cbidf2k - ok
16:01:42.0062 2752 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:01:42.0062 2752 cd20xrnt - ok
16:01:42.0093 2752 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:01:42.0093 2752 Cdaudio - ok
16:01:42.0125 2752 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:01:42.0125 2752 Cdfs - ok
16:01:42.0187 2752 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:01:42.0187 2752 Cdrom - ok
16:01:42.0187 2752 Changer - ok
16:01:42.0234 2752 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
16:01:42.0234 2752 cisvc - ok
16:01:42.0250 2752 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:01:42.0250 2752 ClipSrv - ok
16:01:42.0296 2752 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:01:42.0390 2752 clr_optimization_v2.0.50727_32 - ok
16:01:42.0437 2752 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:01:42.0437 2752 CmdIde - ok
16:01:42.0437 2752 COMSysApp - ok
16:01:42.0484 2752 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:01:42.0484 2752 Cpqarray - ok
16:01:42.0531 2752 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:01:42.0546 2752 CryptSvc - ok
16:01:42.0578 2752 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
16:01:42.0578 2752 ctljystk - ok
16:01:42.0703 2752 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:01:42.0703 2752 dac2w2k - ok
16:01:42.0718 2752 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:01:42.0718 2752 dac960nt - ok
16:01:42.0812 2752 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:01:42.0812 2752 DcomLaunch - ok
16:01:42.0859 2752 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:01:42.0875 2752 Dhcp - ok
16:01:42.0875 2752 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:42.0890 2752 Disk - ok
16:01:42.0906 2752 dmadmin - ok
16:01:42.0937 2752 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:01:42.0937 2752 dmboot - ok
16:01:42.0968 2752 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:01:42.0968 2752 dmio - ok
16:01:42.0984 2752 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:01:42.0984 2752 dmload - ok
16:01:43.0046 2752 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:01:43.0046 2752 dmserver - ok
16:01:43.0062 2752 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:01:43.0062 2752 DMusic - ok
16:01:43.0125 2752 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:01:43.0125 2752 Dnscache - ok
16:01:43.0171 2752 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:01:43.0187 2752 Dot3svc - ok
16:01:43.0218 2752 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:01:43.0218 2752 dpti2o - ok
16:01:43.0234 2752 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:01:43.0234 2752 drmkaud - ok
16:01:43.0296 2752 [ A539DAAE5463F8D3ACDBCE50C7D20740 ] DSSUSBF C:\WINDOWS\system32\DRIVERS\DSSUSBF.sys
16:01:43.0296 2752 DSSUSBF - ok
16:01:43.0375 2752 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
16:01:43.0375 2752 DvmMDES - ok
16:01:43.0437 2752 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:01:43.0437 2752 E100B - ok
16:01:43.0500 2752 [ 1D4D0BD8427154963C7E0DB562D741C0 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:01:43.0500 2752 e1express - ok
16:01:43.0531 2752 [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
16:01:43.0546 2752 e1kexpress - ok
16:01:43.0593 2752 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:01:43.0593 2752 EapHost - ok
16:01:43.0609 2752 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
16:01:43.0625 2752 emu10k - ok
16:01:43.0625 2752 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
16:01:43.0625 2752 emu10k1 - ok
16:01:43.0671 2752 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:01:43.0671 2752 ERSvc - ok
16:01:43.0718 2752 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:01:43.0718 2752 Eventlog - ok
16:01:43.0750 2752 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
16:01:43.0765 2752 EventSystem - ok
16:01:43.0812 2752 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:01:43.0812 2752 Fastfat - ok
16:01:43.0843 2752 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:01:43.0843 2752 FastUserSwitchingCompatibility - ok
16:01:43.0859 2752 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:01:43.0859 2752 Fdc - ok
16:01:43.0890 2752 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:01:43.0890 2752 Fips - ok
16:01:43.0906 2752 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:01:43.0906 2752 Flpydisk - ok
16:01:43.0937 2752 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:01:43.0937 2752 FltMgr - ok
16:01:43.0968 2752 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:01:43.0968 2752 FontCache3.0.0.0 - ok
16:01:44.0046 2752 [ 2BAF167BB033B43BB5319A3C5F111C60 ] FortiSslvpnDaemon C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
16:01:44.0046 2752 FortiSslvpnDaemon - ok
16:01:44.0062 2752 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:01:44.0062 2752 Fs_Rec - ok
16:01:44.0109 2752 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:01:44.0109 2752 Ftdisk - ok
16:01:44.0156 2752 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:01:44.0156 2752 gameenum - ok
16:01:44.0234 2752 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:01:44.0234 2752 Gpc - ok
16:01:44.0296 2752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:01:44.0296 2752 gupdate - ok
16:01:44.0343 2752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:01:44.0343 2752 gupdatem - ok
16:01:44.0390 2752 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:01:44.0390 2752 gusvc - ok
16:01:44.0421 2752 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:01:44.0421 2752 HDAudBus - ok
16:01:44.0453 2752 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
16:01:44.0453 2752 HECI - ok
16:01:44.0546 2752 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:01:44.0546 2752 helpsvc - ok
16:01:44.0578 2752 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:01:44.0578 2752 HidServ - ok
16:01:44.0625 2752 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:01:44.0625 2752 hidusb - ok
16:01:44.0671 2752 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:01:44.0687 2752 hkmsvc - ok
16:01:44.0734 2752 [ E4E0B356A8756066CF89080D9DA69F22 ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys
16:01:44.0734 2752 HPFXBULK - ok
16:01:44.0781 2752 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:01:44.0781 2752 hpn - ok
16:01:44.0796 2752 hpt3xx - ok
16:01:44.0843 2752 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:01:44.0843 2752 HTTP - ok
16:01:44.0890 2752 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:01:44.0906 2752 HTTPFilter - ok
16:01:44.0937 2752 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:01:44.0937 2752 i2omgmt - ok
16:01:44.0968 2752 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:01:44.0968 2752 i2omp - ok
16:01:44.0968 2752 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:01:44.0968 2752 i8042prt - ok
16:01:45.0062 2752 [ ED3D980E2D3E15FE179269699D65F5A7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:01:45.0062 2752 ialm - ok
16:01:45.0156 2752 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:01:45.0171 2752 idsvc - ok
16:01:45.0218 2752 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:01:45.0218 2752 Imapi - ok
16:01:45.0250 2752 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
16:01:45.0250 2752 ImapiService - ok
16:01:45.0281 2752 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:01:45.0281 2752 ini910u - ok
16:01:45.0390 2752 [ 0C71866E54627717596E58C255815768 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:01:45.0406 2752 IntcAzAudAddService - ok
16:01:45.0468 2752 [ F2BFC65DFBCA35734ACCD03C10105F9E ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
16:01:45.0468 2752 IntcDAud - ok
16:01:45.0484 2752 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\drivers\intelide.sys
16:01:45.0484 2752 IntelIde - ok
16:01:45.0531 2752 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:01:45.0531 2752 intelppm - ok
16:01:45.0562 2752 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:01:45.0562 2752 ip6fw - ok
16:01:45.0593 2752 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:01:45.0593 2752 IpFilterDriver - ok
16:01:45.0609 2752 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:01:45.0609 2752 IpInIp - ok
16:01:45.0656 2752 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:01:45.0656 2752 IpNat - ok
16:01:45.0656 2752 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:01:45.0656 2752 IPSec - ok
16:01:45.0687 2752 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:01:45.0687 2752 IRENUM - ok
16:01:45.0734 2752 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
16:01:45.0734 2752 isapnp - ok
16:01:45.0875 2752 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:01:45.0875 2752 JavaQuickStarterService - ok
16:01:45.0906 2752 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:01:45.0906 2752 Kbdclass - ok
16:01:45.0937 2752 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:01:45.0937 2752 kbdhid - ok
16:01:45.0968 2752 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:01:45.0968 2752 kmixer - ok
16:01:46.0015 2752 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:01:46.0015 2752 KSecDD - ok
16:01:46.0046 2752 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:01:46.0046 2752 lanmanserver - ok
16:01:46.0109 2752 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:01:46.0109 2752 lanmanworkstation - ok
16:01:46.0140 2752 lbrtfdc - ok
16:01:46.0171 2752 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:01:46.0187 2752 LmHosts - ok
16:01:46.0250 2752 [ D0E7FF91B52FE9FD2F9522B91F27CB09 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:01:46.0250 2752 LMS - ok
16:01:46.0312 2752 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
16:01:46.0312 2752 MDM - ok
16:01:46.0343 2752 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:01:46.0343 2752 Messenger - ok
16:01:46.0390 2752 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:01:46.0390 2752 mnmdd - ok
16:01:46.0421 2752 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:01:46.0421 2752 mnmsrvc - ok
16:01:46.0437 2752 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:01:46.0437 2752 Modem - ok
16:01:46.0500 2752 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
16:01:46.0531 2752 Monfilt - ok
16:01:46.0562 2752 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:01:46.0562 2752 Mouclass - ok
16:01:46.0609 2752 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:01:46.0609 2752 mouhid - ok
16:01:46.0640 2752 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:01:46.0640 2752 MountMgr - ok
16:01:46.0656 2752 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:01:46.0656 2752 mraid35x - ok
16:01:46.0671 2752 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:01:46.0671 2752 MRxDAV - ok
16:01:46.0687 2752 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:01:46.0703 2752 MRxSmb - ok
16:01:46.0718 2752 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:01:46.0718 2752 MSDTC - ok
16:01:46.0750 2752 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:01:46.0750 2752 Msfs - ok
16:01:46.0765 2752 MSIServer - ok
16:01:46.0781 2752 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:01:46.0781 2752 MSKSSRV - ok
16:01:46.0828 2752 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:01:46.0828 2752 MSPCLOCK - ok
16:01:46.0828 2752 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:01:46.0828 2752 MSPQM - ok
16:01:46.0843 2752 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:01:46.0843 2752 mssmbios - ok
16:01:46.0890 2752 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:01:46.0890 2752 MTsensor - ok
16:01:46.0921 2752 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:01:46.0921 2752 Mup - ok
16:01:46.0984 2752 [ A1AE994C0F4C5F48E5FBF3A2A6453C81 ] mv61xx C:\WINDOWS\system32\DRIVERS\mv61xx.sys
16:01:46.0984 2752 mv61xx - ok
16:01:47.0046 2752 [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
16:01:47.0046 2752 NAL - ok
16:01:47.0109 2752 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:01:47.0125 2752 napagent - ok
16:01:47.0187 2752 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:01:47.0203 2752 NDIS - ok
16:01:47.0250 2752 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:01:47.0250 2752 NdisTapi - ok
16:01:47.0281 2752 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:01:47.0281 2752 Ndisuio - ok
16:01:47.0296 2752 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:01:47.0296 2752 NdisWan - ok
16:01:47.0328 2752 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:01:47.0328 2752 NDProxy - ok
16:01:47.0406 2752 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:01:47.0406 2752 NetBIOS - ok
16:01:47.0421 2752 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:01:47.0437 2752 NetBT - ok
16:01:47.0500 2752 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:01:47.0500 2752 NetDDE - ok
16:01:47.0531 2752 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:01:47.0531 2752 NetDDEdsdm - ok
16:01:47.0562 2752 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
16:01:47.0562 2752 Netlogon - ok
16:01:47.0609 2752 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:01:47.0609 2752 Netman - ok
16:01:47.0656 2752 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:01:47.0656 2752 NetTcpPortSharing - ok
16:01:47.0718 2752 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:01:47.0718 2752 NIC1394 - ok
16:01:47.0750 2752 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:01:47.0750 2752 Nla - ok
16:01:47.0781 2752 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:01:47.0781 2752 Npfs - ok
16:01:47.0796 2752 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:01:47.0796 2752 Ntfs - ok
16:01:47.0828 2752 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:01:47.0828 2752 NtLmSsp - ok
16:01:47.0859 2752 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:01:47.0859 2752 NtmsSvc - ok
16:01:48.0031 2752 [ 32E9E017EFEAEF961BDE32D140FC8071 ] ntrtscan C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
16:01:48.0046 2752 ntrtscan - ok
16:01:48.0062 2752 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:01:48.0062 2752 Null - ok
16:01:48.0125 2752 [ 68C890DDB21028CB1EA5551B47B29E1B ] nusb3hub C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
16:01:48.0125 2752 nusb3hub - ok
16:01:48.0140 2752 [ 2CF970C1A9E05D3B91039C2DD4471C0E ] nusb3xhc C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
16:01:48.0140 2752 nusb3xhc - ok
16:01:48.0187 2752 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:01:48.0187 2752 NwlnkFlt - ok
16:01:48.0203 2752 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:01:48.0203 2752 NwlnkFwd - ok
16:01:48.0296 2752 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:01:48.0296 2752 odserv - ok
16:01:48.0359 2752 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:01:48.0359 2752 ohci1394 - ok
16:01:48.0406 2752 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:01:48.0406 2752 ose - ok
16:01:48.0468 2752 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:01:48.0468 2752 Parport - ok
16:01:48.0500 2752 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:01:48.0500 2752 PartMgr - ok
16:01:48.0531 2752 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:01:48.0531 2752 ParVdm - ok
16:01:48.0578 2752 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\drivers\pci.sys
16:01:48.0578 2752 PCI - ok
16:01:48.0593 2752 PCIDump - ok
16:01:48.0625 2752 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\pciide.sys
16:01:48.0625 2752 PCIIde - ok
16:01:48.0656 2752 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:01:48.0656 2752 Pcmcia - ok
16:01:48.0687 2752 PDCOMP - ok
16:01:48.0687 2752 PDFRAME - ok
16:01:48.0703 2752 PDRELI - ok
16:01:48.0703 2752 PDRFRAME - ok
16:01:48.0718 2752 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:01:48.0718 2752 perc2 - ok
16:01:48.0750 2752 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:01:48.0750 2752 perc2hib - ok
16:01:48.0781 2752 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:01:48.0781 2752 PlugPlay - ok
16:01:48.0843 2752 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\hpzipm12.dll
16:01:48.0843 2752 Pml Driver HPZ12 - ok
16:01:48.0875 2752 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
16:01:48.0875 2752 PolicyAgent - ok
16:01:48.0921 2752 [ 4FB133321E33CF310B0010F7F3631536 ] pppop C:\WINDOWS\system32\DRIVERS\pppop.sys
16:01:48.0921 2752 pppop - ok
16:01:49.0015 2752 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:01:49.0015 2752 PptpMiniport - ok
16:01:49.0015 2752 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\drivers\processr.sys
16:01:49.0031 2752 Processor - ok
16:01:49.0031 2752 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:01:49.0046 2752 ProtectedStorage - ok
16:01:49.0093 2752 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:01:49.0093 2752 PSched - ok
16:01:49.0125 2752 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:01:49.0125 2752 Ptilink - ok
16:01:49.0156 2752 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:01:49.0171 2752 ql1080 - ok
16:01:49.0187 2752 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:01:49.0187 2752 Ql10wnt - ok
16:01:49.0203 2752 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:01:49.0203 2752 ql12160 - ok
16:01:49.0218 2752 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:01:49.0218 2752 ql1240 - ok
16:01:49.0250 2752 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:01:49.0250 2752 ql1280 - ok
16:01:49.0265 2752 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:01:49.0265 2752 RasAcd - ok
16:01:49.0296 2752 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:01:49.0296 2752 RasAuto - ok
16:01:49.0312 2752 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:01:49.0312 2752 Rasl2tp - ok
16:01:49.0343 2752 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:01:49.0343 2752 RasMan - ok
16:01:49.0359 2752 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:01:49.0359 2752 RasPppoe - ok
16:01:49.0375 2752 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:01:49.0375 2752 Raspti - ok
16:01:49.0390 2752 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:01:49.0390 2752 Rdbss - ok
16:01:49.0406 2752 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:01:49.0406 2752 RDPCDD - ok
16:01:49.0437 2752 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:01:49.0437 2752 rdpdr - ok
16:01:49.0468 2752 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:01:49.0484 2752 RDPWD - ok
16:01:49.0531 2752 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:01:49.0546 2752 RDSessMgr - ok
16:01:49.0593 2752 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:01:49.0593 2752 redbook - ok
16:01:49.0640 2752 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:01:49.0640 2752 RemoteAccess - ok
16:01:49.0687 2752 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:01:49.0687 2752 RemoteRegistry - ok
16:01:49.0718 2752 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
16:01:49.0718 2752 RpcLocator - ok
16:01:49.0765 2752 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:01:49.0765 2752 RpcSs - ok
16:01:49.0796 2752 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:01:49.0796 2752 RSVP - ok
16:01:49.0859 2752 [ E47C52F0380F0950E2BC9F1BCDC0DE9B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:01:49.0859 2752 RTLE8023xp - ok
16:01:49.0890 2752 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:01:49.0890 2752 SamSs - ok
16:01:49.0937 2752 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:01:49.0937 2752 SCardSvr - ok
16:01:49.0968 2752 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:01:49.0968 2752 Schedule - ok
16:01:50.0015 2752 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:01:50.0015 2752 Secdrv - ok
16:01:50.0031 2752 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:01:50.0046 2752 seclogon - ok
16:01:50.0078 2752 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:01:50.0078 2752 SENS - ok
16:01:50.0078 2752 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:01:50.0093 2752 serenum - ok
16:01:50.0109 2752 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:01:50.0109 2752 Serial - ok
16:01:50.0140 2752 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:01:50.0140 2752 Sfloppy - ok
16:01:50.0203 2752 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
16:01:50.0203 2752 sfman - ok
16:01:50.0234 2752 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:01:50.0234 2752 SharedAccess - ok
16:01:50.0265 2752 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:01:50.0265 2752 ShellHWDetection - ok
16:01:50.0281 2752 Simbad - ok
16:01:50.0312 2752 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:01:50.0312 2752 sisagp - ok
16:01:50.0343 2752 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:01:50.0343 2752 Sparrow - ok
16:01:50.0359 2752 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:01:50.0359 2752 splitter - ok
16:01:50.0406 2752 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:01:50.0421 2752 Spooler - ok
16:01:50.0453 2752 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:01:50.0453 2752 sr - ok
16:01:50.0500 2752 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
16:01:50.0500 2752 srservice - ok
16:01:50.0609 2752 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:01:50.0609 2752 Srv - ok
16:01:50.0640 2752 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:01:50.0640 2752 SSDPSRV - ok
16:01:50.0671 2752 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:01:50.0671 2752 stisvc - ok
16:01:50.0718 2752 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:01:50.0718 2752 swenum - ok
16:01:50.0750 2752 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:01:50.0750 2752 swmidi - ok
16:01:50.0765 2752 SwPrv - ok
16:01:50.0781 2752 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:01:50.0781 2752 symc810 - ok
16:01:50.0796 2752 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:01:50.0796 2752 symc8xx - ok
16:01:50.0812 2752 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:01:50.0812 2752 sym_hi - ok
16:01:50.0828 2752 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:01:50.0828 2752 sym_u3 - ok
16:01:50.0843 2752 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:01:50.0843 2752 sysaudio - ok
16:01:50.0890 2752 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:01:50.0890 2752 SysmonLog - ok
16:01:50.0921 2752 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:01:50.0937 2752 TapiSrv - ok
16:01:50.0968 2752 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:01:50.0968 2752 Tcpip - ok
16:01:51.0000 2752 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:01:51.0000 2752 TDPIPE - ok
16:01:51.0000 2752 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:01:51.0015 2752 TDTCP - ok
16:01:51.0218 2752 [ 1E942A4759AC46C2C92826951B1B6E43 ] TeamViewer6 c:\docume~1\user\locals~1\temp\teamviewer\version6\TeamViewer_Service.exe
16:01:51.0218 2752 TeamViewer6 - ok
16:01:51.0281 2752 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:01:51.0281 2752 TermDD - ok
16:01:51.0343 2752 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:01:51.0343 2752 TermService - ok
16:01:51.0359 2752 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:01:51.0359 2752 Themes - ok
16:01:51.0390 2752 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
16:01:51.0390 2752 TlntSvr - ok
16:01:51.0562 2752 [ 1125044215CBA381CFA3AF68B864C0C1 ] tmlisten C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
16:01:51.0578 2752 tmlisten - ok
16:01:51.0625 2752 [ 379C4F99994A56B66E11D1E32BB22A1C ] TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
16:01:51.0625 2752 TmPreFilter - ok
16:01:51.0703 2752 [ 0FEC6C50B2BE07C57651573CDD1C721F ] TmProxy C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
16:01:51.0718 2752 TmProxy - ok
16:01:51.0765 2752 [ 44C262C1B2412DED35078B6166D2ACC2 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
16:01:51.0765 2752 tmtdi - ok
16:01:51.0828 2752 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:01:51.0828 2752 TosIde - ok
16:01:51.0890 2752 [ 298572A7E0D5A63A90E134BB34CCACEB ] tpm C:\WINDOWS\system32\DRIVERS\tpm.sys
16:01:51.0890 2752 tpm - ok
16:01:51.0937 2752 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:01:51.0937 2752 TrkWks - ok
16:01:51.0953 2752 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:01:51.0953 2752 Udfs - ok
16:01:51.0968 2752 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:01:51.0968 2752 ultra - ok
16:01:52.0078 2752 [ A7377410BC0D28C5A72135A4BE1A1068 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:01:52.0109 2752 UNS - ok
16:01:52.0171 2752 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:01:52.0171 2752 Update - ok
16:01:52.0203 2752 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:01:52.0203 2752 upnphost - ok
16:01:52.0234 2752 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:01:52.0234 2752 UPS - ok
16:01:52.0281 2752 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:01:52.0281 2752 usbccgp - ok
16:01:52.0328 2752 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:01:52.0328 2752 usbehci - ok
16:01:52.0343 2752 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:01:52.0343 2752 usbhub - ok
16:01:52.0406 2752 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:01:52.0406 2752 usbprint - ok
16:01:52.0453 2752 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:01:52.0453 2752 USBSTOR - ok
16:01:52.0484 2752 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:01:52.0484 2752 usbuhci - ok
16:01:52.0546 2752 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:01:52.0546 2752 VgaSave - ok
16:01:52.0578 2752 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:01:52.0578 2752 viaagp - ok
16:01:52.0609 2752 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:01:52.0625 2752 ViaIde - ok
16:01:52.0640 2752 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:01:52.0640 2752 VolSnap - ok
16:01:52.0687 2752 [ 642EB152CB980AD9181B2161066BE629 ] VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
16:01:52.0687 2752 VSApiNt - ok
16:01:52.0734 2752 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:01:52.0734 2752 VSS - ok
16:01:52.0781 2752 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
16:01:52.0781 2752 W32Time - ok
16:01:52.0828 2752 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:01:52.0828 2752 Wanarp - ok
16:01:52.0843 2752 WDICA - ok
16:01:52.0890 2752 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:01:52.0890 2752 wdmaud - ok
16:01:52.0906 2752 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:01:52.0921 2752 WebClient - ok
16:01:53.0015 2752 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:01:53.0015 2752 winmgmt - ok
16:01:53.0093 2752 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:01:53.0093 2752 WmdmPmSN - ok
16:01:53.0140 2752 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:01:53.0156 2752 Wmi - ok
16:01:53.0187 2752 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:01:53.0187 2752 WmiAcpi - ok
16:01:53.0218 2752 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:01:53.0218 2752 WmiApSrv - ok
16:01:53.0296 2752 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:01:53.0296 2752 WMPNetworkSvc - ok
16:01:53.0359 2752 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:01:53.0375 2752 wscsvc - ok
16:01:53.0406 2752 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:01:53.0406 2752 wuauserv - ok
16:01:53.0453 2752 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:01:53.0453 2752 WudfPf - ok
16:01:53.0468 2752 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:01:53.0468 2752 WudfRd - ok
16:01:53.0500 2752 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:01:53.0500 2752 WudfSvc - ok
16:01:53.0546 2752 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:01:53.0546 2752 WZCSVC - ok
16:01:53.0593 2752 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:01:53.0593 2752 xmlprov - ok
16:01:53.0765 2752 ================ Scan global ===============================
16:01:53.0812 2752 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:01:53.0843 2752 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:01:53.0843 2752 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:01:53.0875 2752 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:01:53.0875 2752 [Global] - ok
16:01:53.0875 2752 ================ Scan MBR ==================================
16:01:53.0906 2752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:01:54.0031 2752 \Device\Harddisk0\DR0 - ok
16:01:54.0031 2752 ================ Scan VBR ==================================
16:01:54.0031 2752 [ C495D4343A82915F1260F296976083D0 ] \Device\Harddisk0\DR0\Partition1
16:01:54.0031 2752 \Device\Harddisk0\DR0\Partition1 - ok
16:01:54.0031 2752 ============================================================
16:01:54.0031 2752 Scan finished
16:01:54.0031 2752 ============================================================
16:01:54.0062 2732 Detected object count: 1
16:01:54.0062 2732 Actual detected object count: 1
16:02:00.0171 2732 C:\WINDOWS\System32\Drivers\c3631cae1dc3f35d.sys - copied to quarantine
16:02:00.0203 2732 HKLM\SYSTEM\ControlSet001\services\c3631cae1dc3f35d - will be deleted on reboot
16:02:00.0250 2732 HKLM\SYSTEM\ControlSet002\services\c3631cae1dc3f35d - will be deleted on reboot
16:02:01.0796 2732 C:\WINDOWS\System32\Drivers\c3631cae1dc3f35d.sys - will be deleted on reboot
16:02:01.0796 2732 c3631cae1dc3f35d ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
16:02:09.0062 1328 Deinitialize success