Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Virus, PC protected or PC at Risk?????

Options
  • 19-10-2012 8:10pm
    #1
    phog
    Registered Users Posts: 24,038 ✭✭✭✭


    Ok, I've had three recent virus attacks on my laptop. Toshiba Satellite, MS Windows and IE8.

    Recently I've noticed a Windows Security Alert icon and now I get a warning that my MS Security Essentials isn't switched on but when I check it, it seems to be on. The Windows Security Alert could always have been there but I only took noice of it once I got my first hit.

    I've taken a screen shot of both windows to show what I see.

    DC7374A2E45440ABB475665F0F0500C9-0000316185-0003048801-00800L-9D11E0D5B12046548A3A35ED189CDFC7.jpg

    How does this make sense? Is the Windows Security Alert a virus? :confused:


Comments

  • Options
    #2
    Sound of Silence
    Registered Users Posts: 1,192 ✭✭✭Sound of Silence


    Download and run Malwarebytes or SuperAntiSpyware. Give the computer a scan and see what you find.


  • Options
    #3
    phog
    Registered Users Posts: 24,038 ✭✭✭✭phog


    Sound of Silence wrote: »
    Download and run Malwarebytes or SuperAntiSpyware. Give the computer a scan and see what you find.

    Thanks.

    I have done the Malwarebytes scans over the last few days, most recent one in the last few hours, log here.

    I have also used OTL and Combibox (?) to get rid of the garda virus.

    I'm just still concerned/confused about the conflicting statuses of my virus protection.


  • Options
    #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    phog is that the machine that we were fixing recently ? It got re-infected ?


    I wouldn't worry about windows security centre, if MSE is telling you its running then you can trust that.


  • Options
    #5
    phog
    Registered Users Posts: 24,038 ✭✭✭✭phog


    ASJ112 wrote: »
    phog is that the machine that we were fixing recently ? It got re-infected ?


    .

    Yes, 3 times :eek:
    I wouldn't worry about windows security centre, if MSE is telling you its running then you can trust that

    I had the same faith in it until this week.


  • Options
    #6
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    You must have a new variant of a rootkit that combofix isn't targeting yet. I know more scans sucks but these are specifically for rootkits, if these don't find it then format is the only solution.

    download TDSSKiller

    http://support.kaspersky.com/downloads/utils/tdsskiller.exe

    doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    If an infected file is detected, the default action will be Cure, click on Continue.
    If a suspicious file is detected, the default action will be Skip, click on Continue.
    It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



    download aswmbr

    http://public.avast.com/~gmerek/aswMBR.exe

    Double click the aswMBR.exe icon to run it
    it will ask to download extra definitions - ALLOW IT
    Click the Scan button to start the scan
    On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


  • Advertisement
  • Options
    #7
    phog
    Registered Users Posts: 24,038 ✭✭✭✭phog


    The tdss log

    22:03:21.0625 1004 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    22:03:21.0921 1004 ============================================================
    22:03:21.0921 1004 Current date / time: 2012/10/19 22:03:21.0921
    22:03:21.0921 1004 SystemInfo:
    22:03:21.0921 1004
    22:03:21.0921 1004 OS Version: 5.1.2600 ServicePack: 3.0
    22:03:21.0921 1004 Product type: Workstation
    22:03:21.0921 1004 ComputerName: TOSHIBA
    22:03:21.0921 1004 UserName: PATRICK
    22:03:21.0921 1004 Windows directory: C:\WINDOWS
    22:03:21.0921 1004 System windows directory: C:\WINDOWS
    22:03:21.0921 1004 Processor architecture: Intel x86
    22:03:21.0921 1004 Number of processors: 2
    22:03:21.0921 1004 Page size: 0x1000
    22:03:21.0921 1004 Boot type: Safe boot with network
    22:03:21.0921 1004 ============================================================
    22:03:24.0718 1004 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:03:24.0718 1004 ============================================================
    22:03:24.0718 1004 \Device\Harddisk0\DR0:
    22:03:24.0718 1004 MBR partitions:
    22:03:24.0718 1004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
    22:03:24.0718 1004 ============================================================
    22:03:24.0734 1004 C: <-> \Device\Harddisk0\DR0\Partition1
    22:03:24.0796 1004 ============================================================
    22:03:24.0796 1004 Initialize success
    22:03:24.0796 1004 ============================================================
    22:03:36.0609 0604 ============================================================
    22:03:36.0609 0604 Scan started
    22:03:36.0609 0604 Mode: Manual;
    22:03:36.0609 0604 ============================================================
    22:03:38.0593 0604 ================ Scan system memory ========================
    22:03:38.0593 0604 System memory - ok
    22:03:38.0593 0604 ================ Scan services =============================
    22:03:38.0843 0604 Abiosdsk - ok
    22:03:38.0843 0604 abp480n5 - ok
    22:03:39.0078 0604 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    22:03:39.0078 0604 ACDaemon - ok
    22:03:39.0156 0604 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:03:39.0156 0604 ACPI - ok
    22:03:39.0171 0604 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    22:03:39.0187 0604 ACPIEC - ok
    22:03:39.0312 0604 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    22:03:39.0312 0604 AdobeActiveFileMonitor5.0 - ok
    22:03:39.0312 0604 adpu160m - ok
    22:03:39.0359 0604 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    22:03:39.0359 0604 aec - ok
    22:03:39.0421 0604 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    22:03:39.0421 0604 AegisP - ok
    22:03:39.0500 0604 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    22:03:39.0500 0604 AFD - ok
    22:03:39.0609 0604 [ C41A5740468D0B9CB46E6390A0E15CE3 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    22:03:39.0687 0604 AgereSoftModem - ok
    22:03:39.0687 0604 Aha154x - ok
    22:03:39.0718 0604 aic78u2 - ok
    22:03:39.0734 0604 aic78xx - ok
    22:03:39.0812 0604 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    22:03:39.0812 0604 Alerter - ok
    22:03:39.0828 0604 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    22:03:39.0843 0604 ALG - ok
    22:03:39.0843 0604 AliIde - ok
    22:03:39.0859 0604 amsint - ok
    22:03:39.0921 0604 [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb C:\WINDOWS\system32\Drivers\androidusb.sys
    22:03:39.0921 0604 androidusb - ok
    22:03:39.0968 0604 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    22:03:39.0968 0604 AppMgmt - ok
    22:03:40.0015 0604 [ 65B963F05458A7EE00473EB21CE3789D ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
    22:03:40.0046 0604 AR5211 - ok
    22:03:40.0125 0604 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
    22:03:40.0125 0604 ArcSoftKsUFilter - ok
    22:03:40.0187 0604 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    22:03:40.0187 0604 Arp1394 - ok
    22:03:40.0203 0604 asc - ok
    22:03:40.0218 0604 asc3350p - ok
    22:03:40.0234 0604 asc3550 - ok
    22:03:40.0437 0604 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    22:03:40.0453 0604 aspnet_state - ok
    22:03:40.0500 0604 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:03:40.0500 0604 AsyncMac - ok
    22:03:40.0531 0604 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:03:40.0531 0604 atapi - ok
    22:03:40.0546 0604 Atdisk - ok
    22:03:40.0625 0604 [ C4B5144443A368741E6427FAA44C5491 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    22:03:40.0640 0604 Ati HotKey Poller - ok
    22:03:40.0750 0604 [ 221F0A33229CCE7BF2F7640D3BB8845D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    22:03:40.0843 0604 ati2mtag - ok
    22:03:40.0875 0604 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:03:40.0890 0604 Atmarpc - ok
    22:03:40.0953 0604 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    22:03:40.0953 0604 AudioSrv - ok
    22:03:41.0015 0604 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:03:41.0015 0604 audstub - ok
    22:03:41.0078 0604 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    22:03:41.0078 0604 Beep - ok
    22:03:41.0171 0604 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    22:03:41.0312 0604 BITS - ok
    22:03:41.0390 0604 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:03:41.0390 0604 Bonjour Service - ok
    22:03:41.0437 0604 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    22:03:41.0437 0604 Browser - ok
    22:03:41.0484 0604 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:03:41.0484 0604 cbidf2k - ok
    22:03:41.0546 0604 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    22:03:41.0562 0604 CCDECODE - ok
    22:03:41.0562 0604 cd20xrnt - ok
    22:03:41.0609 0604 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:03:41.0609 0604 Cdaudio - ok
    22:03:41.0671 0604 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    22:03:41.0671 0604 Cdfs - ok
    22:03:41.0703 0604 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:03:41.0703 0604 Cdrom - ok
    22:03:41.0859 0604 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    22:03:41.0859 0604 CFSvcs - ok
    22:03:41.0875 0604 Changer - ok
    22:03:41.0921 0604 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    22:03:41.0921 0604 CiSvc - ok
    22:03:41.0953 0604 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    22:03:41.0953 0604 ClipSrv - ok
    22:03:42.0015 0604 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:03:42.0078 0604 clr_optimization_v2.0.50727_32 - ok
    22:03:42.0187 0604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:03:42.0187 0604 clr_optimization_v4.0.30319_32 - ok
    22:03:42.0203 0604 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    22:03:42.0203 0604 CmBatt - ok
    22:03:42.0218 0604 CmdIde - ok
    22:03:42.0250 0604 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    22:03:42.0250 0604 Compbatt - ok
    22:03:42.0265 0604 COMSysApp - ok
    22:03:42.0296 0604 Cpqarray - ok
    22:03:42.0359 0604 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    22:03:42.0359 0604 CryptSvc - ok
    22:03:42.0375 0604 dac2w2k - ok
    22:03:42.0390 0604 dac960nt - ok
    22:03:42.0500 0604 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    22:03:42.0515 0604 DcomLaunch - ok
    22:03:42.0578 0604 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    22:03:42.0593 0604 Dhcp - ok
    22:03:42.0593 0604 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    22:03:42.0593 0604 Disk - ok
    22:03:42.0687 0604 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    22:03:42.0687 0604 DLABOIOM - ok
    22:03:42.0687 0604 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    22:03:42.0687 0604 DLACDBHM - ok
    22:03:42.0750 0604 [ 1E6C6597833A04C2157BE7B39EA92CE1 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
    22:03:42.0750 0604 DLADResN - ok
    22:03:42.0765 0604 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    22:03:42.0765 0604 DLAIFS_M - ok
    22:03:42.0796 0604 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    22:03:42.0796 0604 DLAOPIOM - ok
    22:03:42.0812 0604 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    22:03:42.0812 0604 DLAPoolM - ok
    22:03:42.0828 0604 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    22:03:42.0828 0604 DLARTL_N - ok
    22:03:42.0859 0604 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    22:03:42.0859 0604 DLAUDFAM - ok
    22:03:42.0875 0604 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    22:03:42.0890 0604 DLAUDF_M - ok
    22:03:42.0890 0604 dmadmin - ok
    22:03:43.0000 0604 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    22:03:43.0031 0604 dmboot - ok
    22:03:43.0078 0604 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    22:03:43.0078 0604 dmio - ok
    22:03:43.0093 0604 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    22:03:43.0093 0604 dmload - ok
    22:03:43.0156 0604 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    22:03:43.0156 0604 dmserver - ok
    22:03:43.0218 0604 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    22:03:43.0218 0604 DMusic - ok
    22:03:43.0265 0604 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    22:03:43.0265 0604 Dnscache - ok
    22:03:43.0328 0604 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    22:03:43.0343 0604 Dot3svc - ok
    22:03:43.0343 0604 dpti2o - ok
    22:03:43.0375 0604 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    22:03:43.0375 0604 drmkaud - ok
    22:03:43.0453 0604 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    22:03:43.0468 0604 DRVMCDB - ok
    22:03:43.0468 0604 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    22:03:43.0468 0604 DRVNDDM - ok
    22:03:43.0500 0604 [ 83403675CAB29E7A4B885B11E7C855D8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    22:03:43.0515 0604 E100B - ok
    22:03:43.0546 0604 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    22:03:43.0546 0604 EapHost - ok
    22:03:43.0578 0604 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    22:03:43.0578 0604 ERSvc - ok
    22:03:43.0640 0604 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    22:03:43.0656 0604 Eventlog - ok
    22:03:43.0734 0604 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    22:03:43.0734 0604 EventSystem - ok
    22:03:43.0859 0604 [ 6A197698A141FFE7651B962AE3172008 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    22:03:43.0859 0604 EvtEng - ok
    22:03:43.0890 0604 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    22:03:43.0890 0604 Fastfat - ok
    22:03:43.0968 0604 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    22:03:43.0968 0604 FastUserSwitchingCompatibility - ok
    22:03:44.0031 0604 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    22:03:44.0031 0604 Fdc - ok
    22:03:44.0062 0604 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    22:03:44.0062 0604 Fips - ok
    22:03:44.0078 0604 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:03:44.0078 0604 Flpydisk - ok
    22:03:44.0140 0604 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    22:03:44.0140 0604 FltMgr - ok
    22:03:44.0218 0604 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    22:03:44.0234 0604 FontCache3.0.0.0 - ok
    22:03:44.0265 0604 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:03:44.0265 0604 Fs_Rec - ok
    22:03:44.0296 0604 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:03:44.0296 0604 Ftdisk - ok
    22:03:44.0359 0604 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    22:03:44.0359 0604 GEARAspiWDM - ok
    22:03:44.0375 0604 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:03:44.0375 0604 Gpc - ok
    22:03:44.0515 0604 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    22:03:44.0515 0604 gupdate - ok
    22:03:44.0546 0604 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    22:03:44.0546 0604 gupdatem - ok
    22:03:44.0687 0604 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:03:44.0703 0604 gusvc - ok
    22:03:44.0781 0604 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:03:44.0781 0604 HDAudBus - ok
    22:03:44.0890 0604 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:03:44.0906 0604 helpsvc - ok
    22:03:44.0968 0604 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    22:03:44.0968 0604 HidServ - ok
    22:03:45.0031 0604 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:03:45.0031 0604 HidUsb - ok
    22:03:45.0078 0604 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    22:03:45.0078 0604 hkmsvc - ok
    22:03:45.0093 0604 hpn - ok
    22:03:45.0171 0604 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    22:03:45.0171 0604 HTTP - ok
    22:03:45.0250 0604 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    22:03:45.0281 0604 HTTPFilter - ok
    22:03:45.0296 0604 i2omgmt - ok
    22:03:45.0312 0604 i2omp - ok
    22:03:45.0375 0604 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:03:45.0390 0604 i8042prt - ok
    22:03:45.0515 0604 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    22:03:45.0593 0604 ialm - ok
    22:03:45.0703 0604 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:03:45.0703 0604 IDriverT - ok
    22:03:45.0796 0604 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:03:45.0828 0604 idsvc - ok
    22:03:45.0875 0604 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:03:45.0875 0604 Imapi - ok
    22:03:45.0953 0604 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    22:03:45.0953 0604 ImapiService - ok
    22:03:45.0984 0604 ini910u - ok
    22:03:46.0265 0604 [ 7C09D605FCAE64E3CB11EBF90FB1E3A1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:03:46.0531 0604 IntcAzAudAddService - ok
    22:03:46.0531 0604 IntelIde - ok
    22:03:46.0609 0604 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:03:46.0609 0604 intelppm - ok
    22:03:46.0656 0604 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    22:03:46.0656 0604 Ip6Fw - ok
    22:03:46.0703 0604 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:03:46.0703 0604 IpFilterDriver - ok
    22:03:46.0750 0604 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:03:46.0750 0604 IpInIp - ok
    22:03:46.0781 0604 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:03:46.0781 0604 IpNat - ok
    22:03:46.0875 0604 [ 05CF6A56FBF436C347BB87FD1957ADC1 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:03:46.0906 0604 iPod Service - ok
    22:03:46.0937 0604 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:03:46.0937 0604 IPSec - ok
    22:03:46.0968 0604 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:03:46.0968 0604 IRENUM - ok
    22:03:47.0015 0604 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:03:47.0015 0604 isapnp - ok
    22:03:47.0031 0604 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
    22:03:47.0031 0604 Iviaspi - ok
    22:03:47.0265 0604 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    22:03:47.0265 0604 JavaQuickStarterService - ok
    22:03:47.0328 0604 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:03:47.0328 0604 Kbdclass - ok
    22:03:47.0343 0604 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:03:47.0343 0604 kbdhid - ok
    22:03:47.0375 0604 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    22:03:47.0390 0604 kmixer - ok
    22:03:47.0453 0604 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    22:03:47.0453 0604 KSecDD - ok
    22:03:47.0531 0604 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    22:03:47.0546 0604 lanmanserver - ok
    22:03:47.0609 0604 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    22:03:47.0625 0604 lanmanworkstation - ok
    22:03:47.0640 0604 lbrtfdc - ok
    22:03:47.0671 0604 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    22:03:47.0671 0604 LmHosts - ok
    22:03:47.0765 0604 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    22:03:47.0765 0604 MBAMProtector - ok
    22:03:47.0859 0604 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    22:03:47.0875 0604 MBAMScheduler - ok
    22:03:47.0921 0604 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    22:03:47.0953 0604 MBAMService - ok
    22:03:48.0062 0604 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
    22:03:48.0062 0604 McrdSvc - ok
    22:03:48.0125 0604 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    22:03:48.0125 0604 Messenger - ok
    22:03:48.0171 0604 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
    22:03:48.0171 0604 MHN - ok
    22:03:48.0218 0604 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    22:03:48.0218 0604 MHNDRV - ok
    22:03:48.0265 0604 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    22:03:48.0265 0604 mnmdd - ok
    22:03:48.0328 0604 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    22:03:48.0328 0604 mnmsrvc - ok
    22:03:48.0375 0604 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    22:03:48.0375 0604 Modem - ok
    22:03:48.0390 0604 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:03:48.0390 0604 Mouclass - ok
    22:03:48.0453 0604 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:03:48.0453 0604 mouhid - ok
    22:03:48.0515 0604 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    22:03:48.0515 0604 MountMgr - ok
    22:03:48.0593 0604 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    22:03:48.0609 0604 MpFilter - ok
    22:03:48.0609 0604 mraid35x - ok
    22:03:48.0656 0604 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:03:48.0656 0604 MRxDAV - ok
    22:03:48.0750 0604 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:03:48.0765 0604 MRxSmb - ok
    22:03:48.0828 0604 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    22:03:48.0828 0604 MSDTC - ok
    22:03:48.0875 0604 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    22:03:48.0875 0604 Msfs - ok
    22:03:48.0890 0604 MSIServer - ok
    22:03:48.0953 0604 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:03:48.0953 0604 MSKSSRV - ok
    22:03:49.0062 0604 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    22:03:49.0109 0604 MsMpSvc - ok
    22:03:49.0140 0604 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:03:49.0140 0604 MSPCLOCK - ok
    22:03:49.0156 0604 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    22:03:49.0156 0604 MSPQM - ok
    22:03:49.0203 0604 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:03:49.0203 0604 mssmbios - ok
    22:03:49.0281 0604 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    22:03:49.0281 0604 MSTEE - ok
    22:03:49.0343 0604 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    22:03:49.0343 0604 Mup - ok
    22:03:49.0390 0604 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    22:03:49.0406 0604 NABTSFEC - ok
    22:03:49.0453 0604 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    22:03:49.0468 0604 napagent - ok
    22:03:49.0531 0604 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    22:03:49.0531 0604 NDIS - ok
    22:03:49.0562 0604 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    22:03:49.0578 0604 NdisIP - ok
    22:03:49.0625 0604 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:03:49.0625 0604 NdisTapi - ok
    22:03:49.0640 0604 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:03:49.0640 0604 Ndisuio - ok
    22:03:49.0656 0604 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:03:49.0671 0604 NdisWan - ok
    22:03:49.0718 0604 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    22:03:49.0718 0604 NDProxy - ok
    22:03:49.0734 0604 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:03:49.0734 0604 NetBIOS - ok
    22:03:49.0765 0604 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:03:49.0765 0604 NetBT - ok
    22:03:49.0843 0604 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    22:03:49.0843 0604 NetDDE - ok
    22:03:49.0859 0604 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    22:03:49.0859 0604 NetDDEdsdm - ok
    22:03:49.0921 0604 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
    22:03:49.0937 0604 Netdevio - ok
    22:03:49.0984 0604 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    22:03:49.0984 0604 Netlogon - ok
    22:03:50.0062 0604 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    22:03:50.0062 0604 Netman - ok
    22:03:50.0140 0604 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:03:50.0156 0604 NetTcpPortSharing - ok
    22:03:50.0296 0604 [ 50F5DE54E1D1646C02078F3EDDC15A8E ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    22:03:50.0390 0604 NETw3x32 - ok
    22:03:50.0468 0604 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    22:03:50.0468 0604 NIC1394 - ok
    22:03:50.0500 0604 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    22:03:50.0500 0604 Nla - ok
    22:03:50.0578 0604 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
    22:03:50.0578 0604 nmwcd - ok
    22:03:50.0640 0604 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
    22:03:50.0640 0604 nmwcdc - ok
    22:03:50.0671 0604 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    22:03:50.0671 0604 Npfs - ok
    22:03:50.0734 0604 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    22:03:50.0765 0604 Ntfs - ok
    22:03:50.0781 0604 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    22:03:50.0781 0604 NtLmSsp - ok
    22:03:50.0843 0604 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    22:03:50.0875 0604 NtmsSvc - ok
    22:03:50.0921 0604 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    22:03:50.0921 0604 Null - ok
    22:03:51.0109 0604 [ AC5267C71F72FB42511ED5790BA0E9F5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:03:51.0250 0604 nv - ok
    22:03:51.0265 0604 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:03:51.0265 0604 NwlnkFlt - ok
    22:03:51.0281 0604 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:03:51.0296 0604 NwlnkFwd - ok
    22:03:51.0515 0604 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:03:51.0531 0604 odserv - ok
    22:03:51.0593 0604 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    22:03:51.0593 0604 ohci1394 - ok
    22:03:51.0640 0604 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:03:51.0640 0604 ose - ok
    22:03:51.0671 0604 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    22:03:51.0671 0604 Parport - ok
    22:03:51.0703 0604 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    22:03:51.0718 0604 PartMgr - ok
    22:03:51.0750 0604 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    22:03:51.0765 0604 ParVdm - ok
    22:03:51.0843 0604 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    22:03:51.0843 0604 pccsmcfd - ok
    22:03:51.0875 0604 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    22:03:51.0875 0604 PCI - ok
    22:03:51.0890 0604 PCIDump - ok
    22:03:51.0906 0604 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:03:51.0906 0604 PCIIde - ok
    22:03:51.0937 0604 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    22:03:51.0937 0604 Pcmcia - ok
    22:03:51.0953 0604 PDCOMP - ok
    22:03:51.0968 0604 PDFRAME - ok
    22:03:51.0984 0604 PDRELI - ok
    22:03:52.0031 0604 PDRFRAME - ok
    22:03:52.0046 0604 perc2 - ok
    22:03:52.0078 0604 perc2hib - ok
    22:03:52.0125 0604 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
    22:03:52.0125 0604 Pfc - ok
    22:03:52.0171 0604 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    22:03:52.0187 0604 PlugPlay - ok
    22:03:52.0203 0604 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    22:03:52.0203 0604 PolicyAgent - ok
    22:03:52.0281 0604 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:03:52.0281 0604 PptpMiniport - ok
    22:03:52.0296 0604 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    22:03:52.0296 0604 ProtectedStorage - ok
    22:03:52.0312 0604 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    22:03:52.0312 0604 PSched - ok
    22:03:52.0328 0604 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:03:52.0328 0604 Ptilink - ok
    22:03:52.0359 0604 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:03:52.0359 0604 PxHelp20 - ok
    22:03:52.0375 0604 ql1080 - ok
    22:03:52.0390 0604 Ql10wnt - ok
    22:03:52.0406 0604 ql12160 - ok
    22:03:52.0437 0604 ql1240 - ok
    22:03:52.0453 0604 ql1280 - ok
    22:03:52.0484 0604 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:03:52.0484 0604 RasAcd - ok
    22:03:52.0531 0604 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    22:03:52.0531 0604 RasAuto - ok
    22:03:52.0546 0604 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:03:52.0546 0604 Rasl2tp - ok
    22:03:52.0609 0604 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    22:03:52.0609 0604 RasMan - ok
    22:03:52.0640 0604 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:03:52.0640 0604 RasPppoe - ok
    22:03:52.0718 0604 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:03:52.0718 0604 Raspti - ok
    22:03:52.0734 0604 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:03:52.0734 0604 Rdbss - ok
    22:03:52.0750 0604 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:03:52.0750 0604 RDPCDD - ok
    22:03:52.0796 0604 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:03:52.0796 0604 rdpdr - ok
    22:03:52.0859 0604 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    22:03:52.0875 0604 RDPWD - ok
    22:03:52.0937 0604 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    22:03:52.0953 0604 RDSessMgr - ok
    22:03:53.0000 0604 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:03:53.0000 0604 redbook - ok
    22:03:53.0046 0604 [ D8F61AAAE73A1FBDE6F538BECC891F2F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    22:03:53.0046 0604 RegSrvc - ok
    22:03:53.0109 0604 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    22:03:53.0109 0604 RemoteAccess - ok
    22:03:53.0171 0604 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    22:03:53.0171 0604 RemoteRegistry - ok
    22:03:53.0203 0604 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    22:03:53.0203 0604 RpcLocator - ok
    22:03:53.0281 0604 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    22:03:53.0281 0604 RpcSs - ok
    22:03:53.0343 0604 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    22:03:53.0359 0604 RSVP - ok
    22:03:53.0468 0604 [ 25F697E3AFA7B337BBCADDBCE38E6934 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    22:03:53.0515 0604 S24EventMonitor - ok
    22:03:53.0531 0604 [ 2862ADB14481AC28F98105FF33A99EB0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
    22:03:53.0546 0604 s24trans - ok
    22:03:53.0562 0604 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    22:03:53.0562 0604 SamSs - ok
    22:03:53.0609 0604 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    22:03:53.0609 0604 SCardSvr - ok
    22:03:53.0671 0604 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    22:03:53.0671 0604 Schedule - ok
    22:03:53.0703 0604 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    22:03:53.0703 0604 sdbus - ok
    22:03:53.0750 0604 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:03:53.0750 0604 Secdrv - ok
    22:03:53.0796 0604 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    22:03:53.0796 0604 seclogon - ok
    22:03:53.0812 0604 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    22:03:53.0828 0604 SENS - ok
    22:03:53.0843 0604 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    22:03:53.0843 0604 Serial - ok
    22:03:54.0015 0604 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    22:03:54.0062 0604 ServiceLayer - ok
    22:03:54.0171 0604 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:03:54.0171 0604 Sfloppy - ok
    22:03:54.0250 0604 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    22:03:54.0250 0604 SharedAccess - ok
    22:03:54.0281 0604 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    22:03:54.0281 0604 ShellHWDetection - ok
    22:03:54.0296 0604 Simbad - ok
    22:03:54.0718 0604 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    22:03:54.0843 0604 Skype C2C Service - ok
    22:03:54.0968 0604 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    22:03:54.0968 0604 SkypeUpdate - ok
    22:03:55.0015 0604 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    22:03:55.0031 0604 SLIP - ok
    22:03:55.0078 0604 [ 972DEA0D8149D73C5B7A2C97B2E749E3 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    22:03:55.0093 0604 SmartDefragDriver - ok
    22:03:55.0140 0604 Sparrow - ok
    22:03:55.0187 0604 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    22:03:55.0187 0604 splitter - ok
    22:03:55.0234 0604 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    22:03:55.0234 0604 Spooler - ok
    22:03:55.0265 0604 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    22:03:55.0265 0604 sr - ok
    22:03:55.0343 0604 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    22:03:55.0343 0604 srservice - ok
    22:03:55.0406 0604 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    22:03:55.0406 0604 Srv - ok
    22:03:55.0437 0604 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    22:03:55.0437 0604 SSDPSRV - ok
    22:03:55.0484 0604 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    22:03:55.0484 0604 stisvc - ok
    22:03:55.0578 0604 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    22:03:55.0578 0604 streamip - ok
    22:03:55.0609 0604 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:03:55.0609 0604 swenum - ok
    22:03:55.0640 0604 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    22:03:55.0640 0604 swmidi - ok
    22:03:55.0656 0604 SwPrv - ok
    22:03:55.0687 0604 symc810 - ok
    22:03:55.0703 0604 symc8xx - ok
    22:03:55.0734 0604 sym_hi - ok
    22:03:55.0750 0604 sym_u3 - ok
    22:03:55.0828 0604 [ CFB41BF11AE95C26133BAE3EC2E334BD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
    22:03:55.0828 0604 SynTP - ok
    22:03:55.0859 0604 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    22:03:55.0859 0604 sysaudio - ok
    22:03:55.0906 0604 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    22:03:55.0906 0604 SysmonLog - ok
    22:03:55.0968 0604 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    22:03:55.0968 0604 TapiSrv - ok
    22:03:56.0046 0604 [ 36772B5EAAAF42DB5C5EE6EEB0EC0AF7 ] TAPPSRV C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    22:03:56.0046 0604 TAPPSRV - ok
    22:03:56.0140 0604 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:03:56.0140 0604 Tcpip - ok
    22:03:56.0187 0604 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:03:56.0187 0604 TDPIPE - ok
    22:03:56.0218 0604 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    22:03:56.0218 0604 TDTCP - ok
    22:03:56.0250 0604 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:03:56.0250 0604 TermDD - ok
    22:03:56.0328 0604 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    22:03:56.0328 0604 TermService - ok
    22:03:56.0359 0604 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    22:03:56.0359 0604 Themes - ok
    22:03:56.0453 0604 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    22:03:56.0453 0604 tifm21 - ok
    22:03:56.0515 0604 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    22:03:56.0515 0604 TlntSvr - ok
    22:03:56.0640 0604 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    22:03:56.0640 0604 TomTomHOMEService - ok
    22:03:56.0656 0604 TosIde - ok
    22:03:56.0703 0604 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    22:03:56.0718 0604 tosrfec - ok
    22:03:56.0765 0604 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    22:03:56.0781 0604 TrkWks - ok
    22:03:56.0843 0604 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    22:03:56.0843 0604 TVALD - ok
    22:03:56.0859 0604 [ 546DFBA6486569120D33F7AD6E94EFDD ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
    22:03:56.0859 0604 Tvs - ok
    22:03:56.0984 0604 [ 722991C68D250AC1FDCDFF58034D21ED ] twingostoragedriver C:\Program Files\Cisco\Cisco Secure Desktop\CSD44dde.sys
    22:03:56.0984 0604 twingostoragedriver - ok
    22:03:57.0046 0604 [ 099F4131FDB0778680D48ADFCDD2B248 ] TwingoStorageService C:\Program Files\Cisco\Cisco Secure Desktop\Storage.exe
    22:03:57.0046 0604 TwingoStorageService - ok
    22:03:57.0109 0604 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    22:03:57.0125 0604 Udfs - ok
    22:03:57.0140 0604 ultra - ok
    22:03:57.0187 0604 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    22:03:57.0203 0604 Update - ok
    22:03:57.0265 0604 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    22:03:57.0265 0604 upnphost - ok
    22:03:57.0328 0604 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    22:03:57.0328 0604 upperdev - ok
    22:03:57.0343 0604 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    22:03:57.0359 0604 UPS - ok
    22:03:57.0484 0604 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    22:03:57.0484 0604 usbaudio - ok
    22:03:57.0578 0604 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:03:57.0578 0604 usbccgp - ok
    22:03:57.0609 0604 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:03:57.0609 0604 usbehci - ok
    22:03:57.0671 0604 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:03:57.0671 0604 usbhub - ok
    22:03:57.0734 0604 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:03:57.0734 0604 usbprint - ok
    22:03:57.0812 0604 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:03:57.0812 0604 usbscan - ok
    22:03:57.0875 0604 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
    22:03:57.0875 0604 usbser - ok
    22:03:57.0953 0604 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    22:03:57.0953 0604 UsbserFilt - ok
    22:03:58.0000 0604 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:03:58.0015 0604 USBSTOR - ok
    22:03:58.0031 0604 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:03:58.0031 0604 usbuhci - ok
    22:03:58.0078 0604 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    22:03:58.0093 0604 usbvideo - ok
    22:03:58.0140 0604 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    22:03:58.0140 0604 VgaSave - ok
    22:03:58.0156 0604 ViaIde - ok
    22:03:58.0234 0604 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    22:03:58.0234 0604 VolSnap - ok
    22:03:58.0296 0604 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    22:03:58.0312 0604 VSS - ok
    22:03:58.0359 0604 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    22:03:58.0359 0604 W32Time - ok
    22:03:58.0390 0604 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:03:58.0390 0604 Wanarp - ok
    22:03:58.0453 0604 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    22:03:58.0500 0604 Wdf01000 - ok
    22:03:58.0515 0604 WDICA - ok
    22:03:58.0562 0604 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    22:03:58.0562 0604 wdmaud - ok
    22:03:58.0578 0604 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    22:03:58.0578 0604 WebClient - ok
    22:03:58.0718 0604 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:03:58.0718 0604 winmgmt - ok
    22:03:58.0812 0604 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    22:03:58.0921 0604 WinRM - ok
    22:03:58.0984 0604 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    22:03:58.0984 0604 WmdmPmSN - ok
    22:03:59.0109 0604 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    22:03:59.0156 0604 Wmi - ok
    22:03:59.0218 0604 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:03:59.0218 0604 WmiApSrv - ok
    22:03:59.0312 0604 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    22:03:59.0343 0604 WMPNetworkSvc - ok
    22:03:59.0406 0604 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    22:03:59.0406 0604 WpdUsb - ok
    22:03:59.0484 0604 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:03:59.0562 0604 WPFFontCache_v0400 - ok
    22:03:59.0593 0604 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    22:03:59.0593 0604 WS2IFSL - ok
    22:03:59.0656 0604 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    22:03:59.0671 0604 wscsvc - ok
    22:03:59.0718 0604 WSearch - ok
    22:03:59.0781 0604 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    22:03:59.0781 0604 WSTCODEC - ok
    22:03:59.0843 0604 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    22:03:59.0890 0604 wuauserv - ok
    22:03:59.0937 0604 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:03:59.0937 0604 WudfPf - ok
    22:03:59.0968 0604 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    22:03:59.0984 0604 WudfRd - ok
    22:04:00.0015 0604 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    22:04:00.0015 0604 WudfSvc - ok
    22:04:00.0109 0604 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    22:04:00.0109 0604 WZCSVC - ok
    22:04:00.0171 0604 [ 81E8DA36CE70858898D5EB81E28A47D2 ] X10Hid C:\WINDOWS\system32\Drivers\x10hid.sys
    22:04:00.0171 0604 X10Hid - ok
    22:04:00.0234 0604 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    22:04:00.0250 0604 x10nets - ok
    22:04:00.0312 0604 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    22:04:00.0312 0604 xmlprov - ok
    22:04:00.0375 0604 ================ Scan global ===============================
    22:04:00.0421 0604 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    22:04:00.0500 0604 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    22:04:00.0578 0604 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    22:04:00.0593 0604 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    22:04:00.0609 0604 [Global] - ok
    22:04:00.0609 0604 ================ Scan MBR ==================================
    22:04:00.0640 0604 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    22:04:00.0875 0604 \Device\Harddisk0\DR0 - ok
    22:04:00.0875 0604 ================ Scan VBR ==================================
    22:04:00.0890 0604 [ 0F449D30F0CCD1A0371654C8CA8736C1 ] \Device\Harddisk0\DR0\Partition1
    22:04:00.0890 0604 \Device\Harddisk0\DR0\Partition1 - ok
    22:04:00.0890 0604 ============================================================
    22:04:00.0890 0604 Scan finished
    22:04:00.0890 0604 ============================================================
    22:04:00.0921 1304 Detected object count: 0
    22:04:00.0921 1304 Actual detected object count: 0


    The aswMBR log

    <snip>
    I think I may have saved the log too early, running a new scan now, will post log later.


  • Options
    #8
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Two options. Like I said above, this seems to be a new infection that isn't being removed by any of the tools

    1) Format the machine
    2) MBAM or Combofix should be updated to remove this infection eventually, could be a day or a week till that happens.


    If you cant format, update mbam, run a quick scan post that log. download a new copy of combofix, run it, post that log.


    I've looked around at other malware forums and there doesn't appear to be a cure out there at the moment :(


  • Options
    #9
    phog
    Registered Users Posts: 24,038 ✭✭✭✭phog


    ASJ112 wrote: »
    Two options. Like I said above, this seems to be a new infection that isn't being removed by any of the tools

    1) Format the machine
    2) MBAM or Combofix should be updated to remove this infection eventually, could be a day or a week till that happens.


    If you cant format, update mbam, run a quick scan post that log. download a new copy of combofix, run it, post that log.


    I've looked around at other malware forums and there doesn't appear to be a cure out there at the moment :(

    Thanks again for your time. I think option one can wait for a few days, I'll wait for a fix first.


  • Options
    #10
    phog
    Registered Users Posts: 24,038 ✭✭✭✭phog


    The aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-19 22:09:40
    22:09:40.031 OS Version: Windows 5.1.2600 Service Pack 3
    22:09:40.031 Number of processors: 2 586 0xE08
    22:09:40.031 ComputerName: TOSHIBA UserName: PATRICK
    22:09:40.937 Initialize success
    22:16:38.687 AVAST engine defs: 12101901
    22:17:47.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:17:47.984 Disk 0 Vendor: FUJITSU_MHV2080BH_PL 0000002A Size: 76319MB BusType: 3
    22:17:48.390 Disk 0 MBR read successfully
    22:17:48.406 Disk 0 MBR scan
    22:17:48.437 Disk 0 Windows XP default MBR code
    22:17:48.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    22:17:48.468 Disk 0 scanning sectors +156296385
    22:17:48.562 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:18:03.312 Service scanning
    22:18:36.578 Modules scanning
    22:18:43.187 Disk 0 trace - called modules:
    22:18:43.250 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:18:43.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ed0ab8]
    22:18:43.296 3 CLASSPNP.SYS[f765efd7] -> nt!IofCallDriver -> \Device\00000081[0x86ed39e8]
    22:18:43.328 5 ACPI.sys[f75b5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f53d98]
    22:18:43.937 AVAST engine scan C:\WINDOWS
    22:18:58.109 AVAST engine scan C:\WINDOWS\system32
    22:22:52.000 AVAST engine scan C:\WINDOWS\system32\drivers
    22:23:14.812 AVAST engine scan C:\Documents and Settings\PATRICK
    22:25:42.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\MBR.dat"
    22:25:42.546 The log file has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\aswMBR.txt"
    22:27:37.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\MBR.dat"
    22:27:37.125 The log file has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\aswMBR.txt"
    22:29:12.125 AVAST engine scan C:\Documents and Settings\All Users
    22:40:57.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\MBR.dat"
    22:40:57.281 The log file has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-19 22:43:41
    22:43:41.953 OS Version: Windows 5.1.2600 Service Pack 3
    22:43:41.953 Number of processors: 2 586 0xE08
    22:43:41.953 ComputerName: TOSHIBA UserName: PATRICK
    22:43:45.171 Initialize success
    22:44:06.453 AVAST engine defs: 12101901
    22:44:17.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:44:17.078 Disk 0 Vendor: FUJITSU_MHV2080BH_PL 0000002A Size: 76319MB BusType: 3
    22:44:17.125 Disk 0 MBR read successfully
    22:44:17.140 Disk 0 MBR scan
    22:44:17.171 Disk 0 Windows XP default MBR code
    22:44:17.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    22:44:17.203 Disk 0 scanning sectors +156296385
    22:44:17.359 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:44:44.046 Service scanning
    22:45:17.421 Modules scanning
    22:45:34.281 Disk 0 trace - called modules:
    22:45:34.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:45:34.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ed0ab8]
    22:45:34.312 3 CLASSPNP.SYS[f765efd7] -> nt!IofCallDriver -> \Device\00000081[0x86ed39e8]
    22:45:34.312 5 ACPI.sys[f75b5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f53d98]
    22:45:36.062 AVAST engine scan C:\WINDOWS
    22:46:03.671 AVAST engine scan C:\WINDOWS\system32
    22:54:17.578 AVAST engine scan C:\WINDOWS\system32\drivers
    22:55:15.140 AVAST engine scan C:\Documents and Settings\PATRICK
    23:06:16.953 AVAST engine scan C:\Documents and Settings\All Users
    23:35:03.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\MBR.dat"
    23:35:03.296 The log file has been saved successfully to "C:\Documents and Settings\PATRICK\Desktop\aswMBR.txt"


  • Options
    #11
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks fine, if mbam and combofix find anything let me know


  • Advertisement
Advertisement