Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Previously infected with poison ivy backdoor


  • Please log in to reply
5 replies to this topic

#1 TinyC

TinyC

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 29 April 2012 - 10:50 AM

Yesterday I downloaded a poison ivy backdoor onto my computer. I scanned with MBAM, Bitdefender, TDSSKiller, and ESET, and removed everything pertaining to the infection.

I've been told to reformat my computer after a backdoor, but I don't have the tools to back up the files I need. Is it safe to use my computer without reformatting?
~Tiny

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:31 PM

Posted 29 April 2012 - 11:09 PM

Hello .. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


So its not something we can guareantee.


Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TinyC

TinyC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 30 April 2012 - 09:07 PM

I'll clean it. Backing up all my important files is too much of a hassle.
~Tiny

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:31 PM

Posted 30 April 2012 - 09:31 PM

You may have already removed the damage. can you post the ESET ahd TDSS logs.

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.


TDSS
A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.


Next
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TinyC

TinyC
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 01 May 2012 - 03:02 PM

I uninstalled ESET after I scanned, so I don't have the log (it didn't detect anything btw because I removed everything with MBAM)

TDSS log:

20:29:03.0734 3120 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:29:04.0281 3120 ============================================================
20:29:04.0281 3120 Current date / time: 2012/04/28 20:29:04.0281
20:29:04.0281 3120 SystemInfo:
20:29:04.0281 3120
20:29:04.0281 3120 OS Version: 5.1.2600 ServicePack: 3.0
20:29:04.0281 3120 Product type: Workstation
20:29:04.0281 3120 ComputerName: RICKY
20:29:04.0281 3120 UserName: Epic Phail
20:29:04.0281 3120 Windows directory: C:\WINDOWS
20:29:04.0281 3120 System windows directory: C:\WINDOWS
20:29:04.0281 3120 Processor architecture: Intel x86
20:29:04.0281 3120 Number of processors: 1
20:29:04.0281 3120 Page size: 0x1000
20:29:04.0281 3120 Boot type: Normal boot
20:29:04.0281 3120 ============================================================
20:29:06.0125 3120 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:29:06.0125 3120 ============================================================
20:29:06.0125 3120 \Device\Harddisk0\DR0:
20:29:06.0125 3120 MBR partitions:
20:29:06.0125 3120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
20:29:06.0125 3120 ============================================================
20:29:06.0156 3120 C: <-> \Device\Harddisk0\DR0\Partition0
20:29:06.0156 3120 ============================================================
20:29:06.0156 3120 Initialize success
20:29:06.0156 3120 ============================================================
20:29:31.0703 1756 ============================================================
20:29:31.0703 1756 Scan started
20:29:31.0703 1756 Mode: Manual; TDLFS;
20:29:31.0703 1756 ============================================================
20:29:32.0062 1756 Abiosdsk - ok
20:29:32.0078 1756 abp480n5 - ok
20:29:32.0156 1756 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:32.0156 1756 ACPI - ok
20:29:32.0203 1756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:29:32.0203 1756 ACPIEC - ok
20:29:32.0343 1756 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:29:32.0359 1756 AdobeFlashPlayerUpdateSvc - ok
20:29:32.0375 1756 adpu160m - ok
20:29:32.0546 1756 AdvancedSystemCareService5 (7d60666fd94fa0c1b77367d28700fadb) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2012\ASCService.exe
20:29:32.0562 1756 AdvancedSystemCareService5 - ok
20:29:32.0609 1756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:29:32.0609 1756 aec - ok
20:29:32.0640 1756 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:29:32.0640 1756 AegisP - ok
20:29:32.0734 1756 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:29:32.0734 1756 AFD - ok
20:29:32.0750 1756 Aha154x - ok
20:29:32.0781 1756 aic78u2 - ok
20:29:32.0796 1756 aic78xx - ok
20:29:32.0843 1756 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:29:32.0843 1756 Alerter - ok
20:29:32.0890 1756 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:29:32.0890 1756 ALG - ok
20:29:32.0921 1756 AliIde - ok
20:29:32.0937 1756 amsint - ok
20:29:33.0000 1756 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:29:33.0000 1756 ApfiltrService - ok
20:29:33.0062 1756 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:29:33.0062 1756 AppMgmt - ok
20:29:33.0125 1756 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:29:33.0125 1756 Arp1394 - ok
20:29:33.0156 1756 asc - ok
20:29:33.0171 1756 asc3350p - ok
20:29:33.0187 1756 asc3550 - ok
20:29:33.0343 1756 ASCAntivirusSrv (c6bddf1a5c31d6054d7743d4fdcfebe7) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2012\ASCAntivirusService.exe
20:29:33.0359 1756 ASCAntivirusSrv - ok
20:29:33.0531 1756 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:29:33.0546 1756 aspnet_state - ok
20:29:33.0593 1756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:33.0593 1756 AsyncMac - ok
20:29:33.0625 1756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:33.0625 1756 atapi - ok
20:29:33.0671 1756 Atdisk - ok
20:29:33.0718 1756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:29:33.0718 1756 Atmarpc - ok
20:29:33.0781 1756 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:29:33.0781 1756 AudioSrv - ok
20:29:33.0828 1756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:33.0828 1756 audstub - ok
20:29:33.0906 1756 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
20:29:33.0921 1756 bdfsfltr - ok
20:29:33.0968 1756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:29:33.0968 1756 Beep - ok
20:29:34.0046 1756 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:29:34.0062 1756 BITS - ok
20:29:34.0125 1756 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:29:34.0125 1756 Browser - ok
20:29:34.0171 1756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:34.0171 1756 cbidf2k - ok
20:29:34.0203 1756 cd20xrnt - ok
20:29:34.0250 1756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:29:34.0250 1756 Cdaudio - ok
20:29:34.0343 1756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:34.0343 1756 Cdfs - ok
20:29:34.0390 1756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:34.0390 1756 Cdrom - ok
20:29:34.0406 1756 Changer - ok
20:29:34.0468 1756 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:29:34.0468 1756 ClipSrv - ok
20:29:34.0593 1756 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:34.0609 1756 clr_optimization_v2.0.50727_32 - ok
20:29:34.0734 1756 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:29:34.0796 1756 clr_optimization_v4.0.30319_32 - ok
20:29:34.0843 1756 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:29:34.0843 1756 CmBatt - ok
20:29:34.0859 1756 CmdIde - ok
20:29:34.0890 1756 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:29:34.0890 1756 Compbatt - ok
20:29:34.0921 1756 COMSysApp - ok
20:29:34.0968 1756 Cpqarray - ok
20:29:35.0000 1756 cpudrv - ok
20:29:35.0046 1756 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:29:35.0046 1756 CryptSvc - ok
20:29:35.0078 1756 dac2w2k - ok
20:29:35.0093 1756 dac960nt - ok
20:29:35.0171 1756 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:29:35.0187 1756 DcomLaunch - ok
20:29:35.0218 1756 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:29:35.0234 1756 Dhcp - ok
20:29:35.0265 1756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:35.0265 1756 Disk - ok
20:29:35.0296 1756 dmadmin - ok
20:29:35.0390 1756 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:29:35.0406 1756 dmboot - ok
20:29:35.0484 1756 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:29:35.0484 1756 DMICall - ok
20:29:35.0515 1756 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:29:35.0515 1756 dmio - ok
20:29:35.0562 1756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:29:35.0562 1756 dmload - ok
20:29:35.0609 1756 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:29:35.0609 1756 dmserver - ok
20:29:35.0671 1756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:29:35.0671 1756 DMusic - ok
20:29:35.0734 1756 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:29:35.0734 1756 Dnscache - ok
20:29:35.0796 1756 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:29:35.0796 1756 Dot3svc - ok
20:29:35.0812 1756 dpti2o - ok
20:29:35.0875 1756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:29:35.0875 1756 drmkaud - ok
20:29:35.0937 1756 E100B (5182244c0bb338a7545306cb6ca1daba) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:29:35.0937 1756 E100B - ok
20:29:35.0968 1756 EagleNT - ok
20:29:35.0984 1756 EagleXNt - ok
20:29:36.0031 1756 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:29:36.0031 1756 EapHost - ok
20:29:36.0093 1756 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:29:36.0093 1756 ERSvc - ok
20:29:36.0156 1756 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:29:36.0156 1756 Eventlog - ok
20:29:36.0218 1756 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:29:36.0234 1756 EventSystem - ok
20:29:36.0453 1756 EvtEng (12b0134bb2f5e482128f901e34e7138e) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:29:36.0453 1756 EvtEng - ok
20:29:36.0531 1756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:36.0531 1756 Fastfat - ok
20:29:36.0609 1756 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:36.0609 1756 FastUserSwitchingCompatibility - ok
20:29:36.0640 1756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:29:36.0640 1756 Fdc - ok
20:29:36.0703 1756 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:29:36.0703 1756 Fips - ok
20:29:36.0718 1756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:29:36.0718 1756 Flpydisk - ok
20:29:36.0796 1756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:36.0796 1756 FltMgr - ok
20:29:36.0953 1756 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:29:36.0953 1756 FontCache3.0.0.0 - ok
20:29:37.0000 1756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:37.0000 1756 Fs_Rec - ok
20:29:37.0046 1756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:37.0046 1756 Ftdisk - ok
20:29:37.0093 1756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:37.0093 1756 Gpc - ok
20:29:37.0140 1756 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:29:37.0140 1756 HDAudBus - ok
20:29:37.0203 1756 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:29:37.0203 1756 helpsvc - ok
20:29:37.0281 1756 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:29:37.0281 1756 HidUsb - ok
20:29:37.0375 1756 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:29:37.0390 1756 hkmsvc - ok
20:29:37.0406 1756 hpn - ok
20:29:37.0500 1756 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:29:37.0500 1756 HSFHWAZL - ok
20:29:37.0593 1756 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:29:37.0609 1756 HSF_DPV - ok
20:29:37.0687 1756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:37.0703 1756 HTTP - ok
20:29:37.0734 1756 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:29:37.0734 1756 HTTPFilter - ok
20:29:37.0765 1756 i2omgmt - ok
20:29:37.0781 1756 i2omp - ok
20:29:37.0828 1756 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:29:37.0828 1756 i8042prt - ok
20:29:37.0968 1756 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:29:37.0968 1756 ialm - ok
20:29:38.0109 1756 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:29:38.0109 1756 IDriverT - ok
20:29:38.0375 1756 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:29:38.0390 1756 idsvc - ok
20:29:38.0562 1756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:38.0562 1756 Imapi - ok
20:29:38.0625 1756 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:29:38.0625 1756 ImapiService - ok
20:29:38.0671 1756 ini910u - ok
20:29:39.0265 1756 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:29:39.0375 1756 IntcAzAudAddService - ok
20:29:39.0546 1756 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:29:39.0546 1756 IntelIde - ok
20:29:39.0593 1756 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:29:39.0593 1756 intelppm - ok
20:29:39.0640 1756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:29:39.0640 1756 Ip6Fw - ok
20:29:39.0718 1756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:29:39.0734 1756 IpFilterDriver - ok
20:29:39.0765 1756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:29:39.0765 1756 IpInIp - ok
20:29:39.0812 1756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:39.0812 1756 IpNat - ok
20:29:39.0875 1756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:29:39.0875 1756 IPSec - ok
20:29:39.0906 1756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:29:39.0906 1756 IRENUM - ok
20:29:39.0937 1756 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:29:39.0937 1756 isapnp - ok
20:29:40.0078 1756 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
20:29:40.0078 1756 JavaQuickStarterService - ok
20:29:40.0125 1756 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:29:40.0125 1756 Kbdclass - ok
20:29:40.0187 1756 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:29:40.0187 1756 kbdhid - ok
20:29:40.0218 1756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:29:40.0218 1756 kmixer - ok
20:29:40.0312 1756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:29:40.0312 1756 KSecDD - ok
20:29:40.0390 1756 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:29:40.0390 1756 lanmanworkstation - ok
20:29:40.0421 1756 lbrtfdc - ok
20:29:40.0484 1756 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:29:40.0500 1756 LmHosts - ok
20:29:40.0546 1756 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:29:40.0546 1756 mdmxsdk - ok
20:29:40.0593 1756 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:29:40.0593 1756 Messenger - ok
20:29:40.0625 1756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:29:40.0625 1756 mnmdd - ok
20:29:40.0687 1756 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:29:40.0687 1756 mnmsrvc - ok
20:29:40.0750 1756 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:29:40.0750 1756 Modem - ok
20:29:40.0781 1756 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:29:40.0781 1756 Mouclass - ok
20:29:40.0828 1756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:29:40.0828 1756 mouhid - ok
20:29:40.0875 1756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:29:40.0875 1756 MountMgr - ok
20:29:40.0890 1756 mraid35x - ok
20:29:40.0953 1756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:29:40.0953 1756 MRxDAV - ok
20:29:41.0015 1756 MrxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:29:41.0031 1756 MrxSmb - ok
20:29:41.0140 1756 MSCSPTISRV (a5fe164169e82e446d717511b390d5d2) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
20:29:41.0140 1756 MSCSPTISRV - ok
20:29:41.0187 1756 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:29:41.0187 1756 MSDTC - ok
20:29:41.0281 1756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:29:41.0281 1756 Msfs - ok
20:29:41.0296 1756 MSIServer - ok
20:29:41.0359 1756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:29:41.0359 1756 MSKSSRV - ok
20:29:41.0390 1756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:29:41.0390 1756 MSPCLOCK - ok
20:29:41.0421 1756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:29:41.0421 1756 MSPQM - ok
20:29:41.0484 1756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:29:41.0484 1756 mssmbios - ok
20:29:41.0546 1756 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:29:41.0546 1756 Mup - ok
20:29:41.0625 1756 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:29:41.0625 1756 napagent - ok
20:29:41.0687 1756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:29:41.0703 1756 NDIS - ok
20:29:41.0734 1756 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:29:41.0734 1756 NdisTapi - ok
20:29:41.0765 1756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:29:41.0765 1756 Ndisuio - ok
20:29:41.0796 1756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:29:41.0796 1756 NdisWan - ok
20:29:41.0828 1756 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:29:41.0828 1756 NDProxy - ok
20:29:41.0875 1756 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
20:29:41.0875 1756 Net Driver HPZ12 - ok
20:29:41.0906 1756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:29:41.0906 1756 NetBIOS - ok
20:29:41.0953 1756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:29:41.0953 1756 NetBT - ok
20:29:42.0093 1756 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:29:42.0093 1756 NetDDE - ok
20:29:42.0125 1756 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:29:42.0125 1756 NetDDEdsdm - ok
20:29:42.0171 1756 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:42.0171 1756 Netlogon - ok
20:29:42.0218 1756 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:29:42.0234 1756 Netman - ok
20:29:42.0421 1756 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:29:42.0421 1756 NetTcpPortSharing - ok
20:29:42.0531 1756 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:29:42.0531 1756 NIC1394 - ok
20:29:42.0593 1756 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:29:42.0609 1756 Nla - ok
20:29:42.0640 1756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:29:42.0640 1756 Npfs - ok
20:29:42.0734 1756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:29:42.0750 1756 Ntfs - ok
20:29:42.0781 1756 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:42.0796 1756 NtLmSsp - ok
20:29:42.0875 1756 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:29:42.0875 1756 NtmsSvc - ok
20:29:42.0937 1756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:29:42.0937 1756 Null - ok
20:29:42.0984 1756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:29:42.0984 1756 NwlnkFlt - ok
20:29:43.0015 1756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:29:43.0015 1756 NwlnkFwd - ok
20:29:43.0187 1756 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:29:43.0187 1756 odserv - ok
20:29:43.0250 1756 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:29:43.0250 1756 ohci1394 - ok
20:29:43.0296 1756 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:43.0312 1756 ose - ok
20:29:43.0390 1756 PACSPTISVR (2aacb80f75a0683e32cf350b0c60a17f) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
20:29:43.0390 1756 PACSPTISVR - ok
20:29:43.0453 1756 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:29:43.0453 1756 Parport - ok
20:29:43.0484 1756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:29:43.0484 1756 PartMgr - ok
20:29:43.0531 1756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:29:43.0531 1756 ParVdm - ok
20:29:43.0562 1756 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:29:43.0562 1756 PCI - ok
20:29:43.0593 1756 PCIDump - ok
20:29:43.0625 1756 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:29:43.0625 1756 PCIIde - ok
20:29:43.0671 1756 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:29:43.0671 1756 Pcmcia - ok
20:29:43.0703 1756 PCTINDIS5 - ok
20:29:43.0718 1756 PDCOMP - ok
20:29:43.0734 1756 PDFRAME - ok
20:29:43.0765 1756 PDRELI - ok
20:29:43.0781 1756 PDRFRAME - ok
20:29:43.0796 1756 perc2 - ok
20:29:43.0812 1756 perc2hib - ok
20:29:43.0906 1756 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:29:43.0906 1756 PlugPlay - ok
20:29:43.0953 1756 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
20:29:43.0953 1756 Pml Driver HPZ12 - ok
20:29:44.0000 1756 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:44.0000 1756 PolicyAgent - ok
20:29:44.0046 1756 PortTalk (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PortTalk.sys
20:29:44.0046 1756 PortTalk - ok
20:29:44.0109 1756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:29:44.0109 1756 PptpMiniport - ok
20:29:44.0125 1756 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:44.0125 1756 ProtectedStorage - ok
20:29:44.0156 1756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:29:44.0156 1756 Ptilink - ok
20:29:44.0234 1756 PuranDefrag (d9495810ec4efd4ca906c1ccd494b895) C:\WINDOWS\system32\PuranDefragS.exe
20:29:44.0234 1756 PuranDefrag - ok
20:29:44.0296 1756 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:29:44.0296 1756 PxHelp20 - ok
20:29:44.0328 1756 ql1080 - ok
20:29:44.0343 1756 Ql10wnt - ok
20:29:44.0359 1756 ql12160 - ok
20:29:44.0375 1756 ql1240 - ok
20:29:44.0406 1756 ql1280 - ok
20:29:44.0484 1756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:29:44.0484 1756 RasAcd - ok
20:29:44.0546 1756 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:29:44.0546 1756 RasAuto - ok
20:29:44.0593 1756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:29:44.0593 1756 Rasl2tp - ok
20:29:44.0687 1756 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:29:44.0703 1756 RasMan - ok
20:29:44.0718 1756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:29:44.0718 1756 RasPppoe - ok
20:29:44.0765 1756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:29:44.0765 1756 Raspti - ok
20:29:44.0796 1756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:29:44.0796 1756 Rdbss - ok
20:29:44.0843 1756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:29:44.0843 1756 RDPCDD - ok
20:29:44.0890 1756 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:29:44.0906 1756 rdpdr - ok
20:29:44.0984 1756 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:29:44.0984 1756 RDPWD - ok
20:29:45.0031 1756 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:29:45.0046 1756 RDSessMgr - ok
20:29:45.0093 1756 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:29:45.0093 1756 redbook - ok
20:29:45.0171 1756 RegSrvc (b9732eaaef554978e61dc97d15a1c877) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:29:45.0187 1756 RegSrvc - ok
20:29:45.0234 1756 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:29:45.0234 1756 RemoteAccess - ok
20:29:45.0281 1756 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:29:45.0281 1756 RemoteRegistry - ok
20:29:45.0343 1756 RimUsb (c48ed71f500f07a01aa8ac274e144e93) C:\WINDOWS\system32\Drivers\RimUsb.sys
20:29:45.0343 1756 RimUsb - ok
20:29:45.0406 1756 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:29:45.0406 1756 RimVSerPort - ok
20:29:45.0484 1756 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:29:45.0484 1756 ROOTMODEM - ok
20:29:45.0546 1756 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:29:45.0546 1756 RpcLocator - ok
20:29:45.0640 1756 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:29:45.0640 1756 RpcSs - ok
20:29:45.0718 1756 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:29:45.0718 1756 RSVP - ok
20:29:45.0781 1756 S24EventMonitor (02b4b912d7ad5ed9f2f37eac6a68d4af) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:29:45.0781 1756 S24EventMonitor - ok
20:29:45.0812 1756 s24trans (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:29:45.0812 1756 s24trans - ok
20:29:45.0859 1756 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:45.0859 1756 SamSs - ok
20:29:45.0937 1756 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:29:45.0937 1756 SCardSvr - ok
20:29:46.0000 1756 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:29:46.0015 1756 Schedule - ok
20:29:46.0062 1756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:29:46.0062 1756 Secdrv - ok
20:29:46.0109 1756 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:29:46.0109 1756 seclogon - ok
20:29:46.0156 1756 SEMWModem (9d06827395b38c489bc3cd81664326d6) C:\WINDOWS\system32\DRIVERS\GCXX.sys
20:29:46.0156 1756 SEMWModem - ok
20:29:46.0203 1756 SEMWWNIC (2d02e441e3e3f3e85f97a5c87634f4b9) C:\WINDOWS\system32\DRIVERS\GCXXNet.sys
20:29:46.0203 1756 SEMWWNIC - ok
20:29:46.0250 1756 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:29:46.0250 1756 SENS - ok
20:29:46.0281 1756 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:29:46.0281 1756 Serial - ok
20:29:46.0375 1756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:29:46.0375 1756 Sfloppy - ok
20:29:46.0453 1756 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:29:46.0453 1756 SharedAccess - ok
20:29:46.0531 1756 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:46.0531 1756 ShellHWDetection - ok
20:29:46.0546 1756 Simbad - ok
20:29:46.0625 1756 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
20:29:46.0625 1756 SNC - ok
20:29:46.0640 1756 Sparrow - ok
20:29:46.0687 1756 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
20:29:46.0687 1756 SPI - ok
20:29:46.0718 1756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:46.0718 1756 splitter - ok
20:29:46.0765 1756 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:29:46.0765 1756 Spooler - ok
20:29:46.0859 1756 SPTISRV (b451765e79957d651fb4b7abb2dd804f) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
20:29:46.0859 1756 SPTISRV - ok
20:29:46.0906 1756 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:46.0906 1756 sr - ok
20:29:46.0968 1756 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:29:46.0968 1756 srservice - ok
20:29:47.0031 1756 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:29:47.0031 1756 SSDPSRV - ok
20:29:47.0093 1756 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:29:47.0109 1756 stisvc - ok
20:29:47.0156 1756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:47.0156 1756 swenum - ok
20:29:47.0203 1756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:47.0203 1756 swmidi - ok
20:29:47.0218 1756 SwPrv - ok
20:29:47.0250 1756 symc810 - ok
20:29:47.0265 1756 symc8xx - ok
20:29:47.0296 1756 sym_hi - ok
20:29:47.0312 1756 sym_u3 - ok
20:29:47.0343 1756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:47.0343 1756 sysaudio - ok
20:29:47.0390 1756 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:29:47.0390 1756 SysmonLog - ok
20:29:47.0453 1756 tap0901 (5c7c939bbd03784fe58c80578d065cc9) C:\WINDOWS\system32\DRIVERS\tap0901.sys
20:29:47.0453 1756 tap0901 - ok
20:29:47.0515 1756 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:29:47.0515 1756 taphss - ok
20:29:47.0593 1756 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:29:47.0593 1756 TapiSrv - ok
20:29:47.0703 1756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:47.0718 1756 Tcpip - ok
20:29:47.0765 1756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:47.0781 1756 TDPIPE - ok
20:29:47.0812 1756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:47.0812 1756 TDTCP - ok
20:29:47.0843 1756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:47.0843 1756 TermDD - ok
20:29:47.0921 1756 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:29:47.0937 1756 TermService - ok
20:29:48.0000 1756 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:48.0000 1756 Themes - ok
20:29:48.0062 1756 ti21sony (46a1fe5dd63ea3ec02c7e13dd0bfcbec) C:\WINDOWS\system32\drivers\ti21sony.sys
20:29:48.0078 1756 ti21sony - ok
20:29:48.0125 1756 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:29:48.0125 1756 TlntSvr - ok
20:29:48.0187 1756 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
20:29:48.0187 1756 toshidpt - ok
20:29:48.0203 1756 TosIde - ok
20:29:48.0250 1756 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:29:48.0250 1756 tosporte - ok
20:29:48.0296 1756 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:29:48.0312 1756 Tosrfbd - ok
20:29:48.0343 1756 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:29:48.0343 1756 Tosrfbnp - ok
20:29:48.0375 1756 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:29:48.0375 1756 Tosrfcom - ok
20:29:48.0406 1756 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:29:48.0406 1756 Tosrfhid - ok
20:29:48.0421 1756 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:29:48.0421 1756 tosrfnds - ok
20:29:48.0468 1756 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
20:29:48.0468 1756 TosRfSnd - ok
20:29:48.0500 1756 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:29:48.0500 1756 Tosrfusb - ok
20:29:48.0546 1756 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:29:48.0546 1756 TrkWks - ok
20:29:48.0625 1756 Trufos (b7c681175e3f8de967cefe90e46440b5) C:\WINDOWS\system32\DRIVERS\TRUFOS.sys
20:29:48.0625 1756 Trufos - ok
20:29:48.0734 1756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:48.0734 1756 Udfs - ok
20:29:48.0765 1756 ultra - ok
20:29:48.0859 1756 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
20:29:48.0859 1756 UltraMonUtility - ok
20:29:48.0890 1756 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
20:29:48.0906 1756 UMWdf - ok
20:29:48.0984 1756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:48.0984 1756 Update - ok
20:29:49.0062 1756 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:29:49.0078 1756 upnphost - ok
20:29:49.0109 1756 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:29:49.0109 1756 UPS - ok
20:29:49.0140 1756 USBAAPL - ok
20:29:49.0203 1756 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:29:49.0203 1756 usbaudio - ok
20:29:49.0250 1756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:49.0250 1756 usbccgp - ok
20:29:49.0281 1756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:49.0281 1756 usbehci - ok
20:29:49.0343 1756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:49.0343 1756 usbhub - ok
20:29:49.0375 1756 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:49.0375 1756 usbstor - ok
20:29:49.0421 1756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:49.0421 1756 usbuhci - ok
20:29:49.0515 1756 VAIO Event Service (2b0eac2b6e5f1c5e007dabae101028b0) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
20:29:49.0515 1756 VAIO Event Service - ok
20:29:49.0546 1756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:49.0546 1756 VgaSave - ok
20:29:49.0562 1756 ViaIde - ok
20:29:49.0609 1756 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:49.0609 1756 VolSnap - ok
20:29:49.0687 1756 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:29:49.0703 1756 VSS - ok
20:29:49.0906 1756 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:29:49.0937 1756 w29n51 - ok
20:29:50.0078 1756 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:29:50.0093 1756 W32Time - ok
20:29:50.0187 1756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:50.0187 1756 Wanarp - ok
20:29:50.0203 1756 WDICA - ok
20:29:50.0250 1756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:50.0250 1756 wdmaud - ok
20:29:50.0296 1756 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:29:50.0296 1756 WebClient - ok
20:29:50.0390 1756 winachsf (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:29:50.0406 1756 winachsf - ok
20:29:50.0515 1756 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:29:50.0515 1756 winmgmt - ok
20:29:50.0640 1756 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
20:29:50.0687 1756 WinRM - ok
20:29:50.0765 1756 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
20:29:50.0781 1756 WmdmPmSN - ok
20:29:50.0890 1756 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:29:50.0906 1756 Wmi - ok
20:29:51.0000 1756 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:29:51.0000 1756 WmiApSrv - ok
20:29:51.0203 1756 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:29:51.0218 1756 WPFFontCache_v0400 - ok
20:29:51.0281 1756 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:29:51.0281 1756 WS2IFSL - ok
20:29:51.0328 1756 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:29:51.0328 1756 wscsvc - ok
20:29:51.0375 1756 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:29:51.0375 1756 wuauserv - ok
20:29:51.0453 1756 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:29:51.0468 1756 WZCSVC - ok
20:29:51.0515 1756 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:29:51.0515 1756 xmlprov - ok
20:29:51.0609 1756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:29:51.0875 1756 \Device\Harddisk0\DR0 - ok
20:29:51.0890 1756 Boot (0x1200) (3cb24dab5492bf9705c6df4aabb6b2cc) \Device\Harddisk0\DR0\Partition0
20:29:51.0890 1756 \Device\Harddisk0\DR0\Partition0 - ok
20:29:51.0906 1756 ============================================================
20:29:51.0906 1756 Scan finished
20:29:51.0906 1756 ============================================================
20:29:51.0937 2056 Detected object count: 0
20:29:51.0937 2056 Actual detected object count: 0
20:29:57.0671 3684 Deinitialize success

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-01 16:03:14
-----------------------------
16:03:14.468 OS Version: Windows 5.1.2600 Service Pack 3
16:03:14.468 Number of processors: 1 586 0xD08
16:03:14.468 ComputerName: RICKY UserName:
16:03:15.359 Initialize success
16:03:39.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:03:39.515 Disk 0 Vendor: TOSHIBA_MK6006GAH BZ002A Size: 57231MB BusType: 3
16:03:39.531 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000092
16:03:39.546 Disk 1 Vendor: ( Size: 57231MB BusType: 0
16:03:39.546 Disk 2 \Device\Harddisk2\DR3 -> \Device\00000093
16:03:39.562 Disk 2 Vendor: ( Size: 57231MB BusType: 0
16:03:39.593 Disk 0 MBR read successfully
16:03:39.593 Disk 0 MBR scan
16:03:39.609 Disk 0 Windows XP default MBR code
16:03:39.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
16:03:39.625 Disk 0 scanning sectors +117194175
16:03:39.734 Disk 0 scanning C:\WINDOWS\system32\drivers
16:03:50.750 Service scanning
16:04:07.750 Modules scanning
16:04:22.000 Disk 0 trace - called modules:
16:04:22.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:04:22.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1f8ab8]
16:04:22.015 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a2349e8]
16:04:22.015 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a234d98]
16:04:22.015 Scan finished successfully
16:09:17.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Epic Phail\Desktop\MBR.dat"
16:09:17.218 The log file has been saved successfully to "C:\Documents and Settings\Epic Phail\Desktop\aswMBR.txt"

Edited by TinyC, 01 May 2012 - 03:10 PM.

~Tiny

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:31 PM

Posted 01 May 2012 - 04:17 PM

Looks good Tiny.. Anyting else ?

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users