Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bottom_player_track[1].js


  • Please log in to reply
13 replies to this topic

#1 diejosh2000

diejosh2000

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 20 January 2012 - 11:00 PM

Hello Nice Smart People.

1. I have this annoying virus that won't leave me alone. It is some sort of re-direct that launches sites when I do a search. I will post a few screenshots below.

2. I am on a windows XP machine and I mostly use FireFox and Chrome to browse. AVG picks up a infection called bottom_player_track[1].js.

3. I have ran MalwareBytes, SpyBot Search and Destroy and AVG a few times each with no resolve

Any assistance would be very helpful. Thanks.
JP


Here is a link to a couple screenshots.
http://www.facebook.com/media/set/?set=a.3137233988161.2160728.1184205113&type=1&l=a396b346e5

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 AM

Posted 20 January 2012 - 11:12 PM

Hello, what log was that?

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please do these next.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 20 January 2012 - 11:49 PM

Hey Boopme,
Thanks for helping out.
I am on a router. I have only the one PC. I have a Mac Laptop and 2 iphones that use the network, they never have any redirect issues.
I do use FireFox almost exclusively. My wife prefers Chrome. We never use IE.
The log in the screenshot is the virus vault from AVG Free.
I will run the other tasks you recommended shortly.

Thanks again.
JP

#4 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 21 January 2012 - 01:44 AM

MINI TOOLBOX:
https://docs.google.com/document/d/1hlN1yBsebDeNZBY7ygQ_hKzoNz0nHZnvhaYgpqm2VU8/edit

KILLER:
https://docs.google.com/document/d/1fmkfvyLCs3n8DPC2_4_Ai9tF6lgtlOcMcrobetXrys0/edit

MBAM:
https://docs.google.com/document/d/1i-R0ed5f8jnwu74JvYdguuR-oiFf6UH6lAdqZDFkv0Y/edit

Edited by diejosh2000, 21 January 2012 - 01:59 AM.


#5 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 21 January 2012 - 01:47 AM

I guess I need to post these results somewhere else and link it up. Wont let me paste something this big

Edited by diejosh2000, 21 January 2012 - 01:52 AM.


#6 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 21 January 2012 - 03:12 PM

Ran the scans, still having re-direct issues.
Thanks.
JP

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 AM

Posted 21 January 2012 - 08:00 PM

Hello, we need to rerun TDSS after....
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy


DEFOGGER
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Your MBAM log says "No Action Taken" Did you click the REmove SElected button?

We need rerun it amyway but FUL now.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


If you atill redirect it may be in Firefox,it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 21 January 2012 - 10:45 PM

Defogger did not report and error:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:34 on 21/01/2012 (Monkey)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

KILLER LOG::
17:43:11.0671 2144 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
17:43:12.0109 2144 ============================================================
17:43:12.0109 2144 Current date / time: 2012/01/21 17:43:12.0109
17:43:12.0109 2144 SystemInfo:
17:43:12.0109 2144
17:43:12.0109 2144 OS Version: 5.1.2600 ServicePack: 3.0
17:43:12.0109 2144 Product type: Workstation
17:43:12.0109 2144 ComputerName: MONKEY3
17:43:12.0109 2144 UserName: Monkey
17:43:12.0109 2144 Windows directory: C:\WINDOWS
17:43:12.0109 2144 System windows directory: C:\WINDOWS
17:43:12.0109 2144 Processor architecture: Intel x86
17:43:12.0109 2144 Number of processors: 2
17:43:12.0109 2144 Page size: 0x1000
17:43:12.0109 2144 Boot type: Normal boot
17:43:12.0109 2144 ============================================================
17:43:12.0609 2144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:43:12.0609 2144 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:43:13.0234 2144 Initialize success
17:43:25.0734 1464 ============================================================
17:43:25.0734 1464 Scan started
17:43:25.0734 1464 Mode: Manual;
17:43:25.0734 1464 ============================================================
17:43:28.0093 1464 Abiosdsk - ok
17:43:28.0140 1464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:43:28.0156 1464 abp480n5 - ok
17:43:28.0218 1464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:43:28.0218 1464 ACPI - ok
17:43:28.0250 1464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:43:28.0265 1464 ACPIEC - ok
17:43:28.0281 1464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:43:28.0296 1464 adpu160m - ok
17:43:28.0421 1464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:43:28.0453 1464 aec - ok
17:43:28.0625 1464 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:43:28.0640 1464 AegisP - ok
17:43:28.0843 1464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:43:28.0859 1464 AFD - ok
17:43:28.0968 1464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:43:29.0000 1464 agp440 - ok
17:43:29.0078 1464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:43:29.0109 1464 agpCPQ - ok
17:43:29.0125 1464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:43:29.0156 1464 Aha154x - ok
17:43:29.0234 1464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:43:29.0281 1464 aic78u2 - ok
17:43:29.0375 1464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:43:29.0406 1464 aic78xx - ok
17:43:29.0515 1464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:43:29.0531 1464 AliIde - ok
17:43:29.0640 1464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:43:29.0671 1464 alim1541 - ok
17:43:29.0734 1464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:43:29.0765 1464 amdagp - ok
17:43:30.0093 1464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:43:30.0109 1464 amsint - ok
17:43:30.0265 1464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:43:30.0296 1464 Arp1394 - ok
17:43:30.0406 1464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:43:30.0421 1464 asc - ok
17:43:30.0453 1464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:43:30.0468 1464 asc3350p - ok
17:43:30.0515 1464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:43:30.0531 1464 asc3550 - ok
17:43:30.0562 1464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:43:30.0593 1464 AsyncMac - ok
17:43:30.0687 1464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:43:30.0734 1464 atapi - ok
17:43:30.0828 1464 Atdisk - ok
17:43:30.0937 1464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:43:30.0953 1464 Atmarpc - ok
17:43:31.0031 1464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:43:31.0046 1464 audstub - ok
17:43:31.0093 1464 AvgLdx86 (7d8ef4bbeb7ba61674e4cc1427ce3186) C:\WINDOWS\System32\Drivers\avgldx86.sys
17:43:31.0109 1464 Suspicious file (Forged): C:\WINDOWS\System32\Drivers\avgldx86.sys. Real md5: 7d8ef4bbeb7ba61674e4cc1427ce3186, Fake md5: bc12f2404bb6f2b6b2ff3c4c246cb752
17:43:31.0109 1464 AvgLdx86 ( Virus.Win32.ZAccess.k ) - infected
17:43:31.0109 1464 AvgLdx86 - detected Virus.Win32.ZAccess.k (0)
17:43:31.0125 1464 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
17:43:31.0140 1464 AvgMfx86 - ok
17:43:31.0187 1464 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
17:43:31.0203 1464 AvgTdiX - ok
17:43:31.0531 1464 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
17:43:31.0546 1464 BCM42RLY - ok
17:43:31.0578 1464 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:43:31.0578 1464 BCM43XX - ok
17:43:31.0609 1464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:43:31.0609 1464 Beep - ok
17:43:31.0640 1464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:43:31.0656 1464 cbidf - ok
17:43:31.0671 1464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:43:31.0671 1464 cbidf2k - ok
17:43:31.0687 1464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:43:31.0687 1464 cd20xrnt - ok
17:43:31.0703 1464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:43:31.0703 1464 Cdaudio - ok
17:43:31.0734 1464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:43:31.0750 1464 Cdfs - ok
17:43:31.0765 1464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:43:31.0781 1464 Cdrom - ok
17:43:31.0781 1464 Changer - ok
17:43:31.0812 1464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:43:31.0828 1464 CmBatt - ok
17:43:31.0843 1464 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:43:31.0843 1464 CmdIde - ok
17:43:31.0859 1464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:43:31.0875 1464 Compbatt - ok
17:43:31.0890 1464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:43:31.0906 1464 Cpqarray - ok
17:43:31.0921 1464 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:43:31.0937 1464 ctsfm2k - ok
17:43:31.0953 1464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:43:31.0968 1464 dac2w2k - ok
17:43:31.0968 1464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:43:31.0984 1464 dac960nt - ok
17:43:32.0000 1464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:43:32.0015 1464 Disk - ok
17:43:32.0062 1464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:43:32.0171 1464 dmboot - ok
17:43:32.0312 1464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:43:32.0343 1464 dmio - ok
17:43:32.0437 1464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:43:32.0437 1464 dmload - ok
17:43:32.0531 1464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:43:32.0531 1464 DMusic - ok
17:43:32.0671 1464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:43:32.0687 1464 dpti2o - ok
17:43:32.0828 1464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:43:32.0843 1464 drmkaud - ok
17:43:32.0953 1464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:43:33.0015 1464 Fastfat - ok
17:43:33.0109 1464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:43:33.0140 1464 Fdc - ok
17:43:33.0187 1464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:43:33.0203 1464 Fips - ok
17:43:33.0218 1464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:43:33.0234 1464 Flpydisk - ok
17:43:33.0406 1464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:43:33.0437 1464 FltMgr - ok
17:43:33.0546 1464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:43:33.0562 1464 Fs_Rec - ok
17:43:33.0640 1464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:43:33.0687 1464 Ftdisk - ok
17:43:33.0734 1464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:43:33.0750 1464 GEARAspiWDM - ok
17:43:33.0796 1464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:43:33.0828 1464 Gpc - ok
17:43:33.0890 1464 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
17:43:33.0921 1464 GTNDIS5 - ok
17:43:34.0000 1464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:43:34.0015 1464 HidUsb - ok
17:43:34.0093 1464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:43:34.0125 1464 hpn - ok
17:43:34.0265 1464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:43:34.0281 1464 HTTP - ok
17:43:34.0312 1464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:43:34.0328 1464 i2omgmt - ok
17:43:34.0343 1464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:43:34.0359 1464 i2omp - ok
17:43:34.0421 1464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:43:34.0437 1464 i8042prt - ok
17:43:34.0500 1464 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
17:43:34.0500 1464 iaStor - ok
17:43:34.0578 1464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:43:34.0578 1464 Imapi - ok
17:43:34.0640 1464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:43:34.0640 1464 ini910u - ok
17:43:34.0656 1464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:43:34.0671 1464 IntelIde - ok
17:43:34.0703 1464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:43:34.0703 1464 intelppm - ok
17:43:34.0718 1464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:43:34.0734 1464 Ip6Fw - ok
17:43:34.0750 1464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:43:34.0765 1464 IpFilterDriver - ok
17:43:34.0781 1464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:43:34.0781 1464 IpInIp - ok
17:43:34.0812 1464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:43:34.0812 1464 IpNat - ok
17:43:34.0843 1464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:43:34.0859 1464 IPSec - ok
17:43:34.0890 1464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:43:34.0906 1464 IRENUM - ok
17:43:34.0937 1464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:43:34.0953 1464 isapnp - ok
17:43:34.0968 1464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:43:34.0984 1464 Kbdclass - ok
17:43:35.0000 1464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:43:35.0000 1464 kbdhid - ok
17:43:35.0031 1464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:43:35.0031 1464 kmixer - ok
17:43:35.0062 1464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:43:35.0062 1464 KSecDD - ok
17:43:35.0078 1464 lbrtfdc - ok
17:43:35.0125 1464 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:43:35.0125 1464 MHNDRV - ok
17:43:35.0156 1464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:43:35.0156 1464 mnmdd - ok
17:43:35.0187 1464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:43:35.0187 1464 Modem - ok
17:43:35.0234 1464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:43:35.0234 1464 Mouclass - ok
17:43:35.0265 1464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:43:35.0281 1464 mouhid - ok
17:43:35.0296 1464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:43:35.0296 1464 MountMgr - ok
17:43:35.0328 1464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:43:35.0343 1464 mraid35x - ok
17:43:35.0359 1464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:43:35.0359 1464 MRxDAV - ok
17:43:35.0390 1464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:43:35.0390 1464 MRxSmb - ok
17:43:35.0421 1464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:43:35.0437 1464 Msfs - ok
17:43:35.0500 1464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:43:35.0500 1464 MSKSSRV - ok
17:43:35.0546 1464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:43:35.0562 1464 MSPCLOCK - ok
17:43:35.0609 1464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:43:35.0625 1464 MSPQM - ok
17:43:35.0687 1464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:43:35.0687 1464 mssmbios - ok
17:43:35.0734 1464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:43:35.0750 1464 Mup - ok
17:43:35.0781 1464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:43:35.0796 1464 NDIS - ok
17:43:35.0875 1464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:43:35.0875 1464 NdisTapi - ok
17:43:35.0921 1464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:43:35.0937 1464 Ndisuio - ok
17:43:36.0000 1464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:43:36.0062 1464 NdisWan - ok
17:43:36.0156 1464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:43:36.0156 1464 NDProxy - ok
17:43:36.0234 1464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:43:36.0265 1464 NetBIOS - ok
17:43:36.0343 1464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:43:36.0375 1464 NetBT - ok
17:43:36.0453 1464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:43:36.0453 1464 NIC1394 - ok
17:43:37.0140 1464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:43:37.0156 1464 Npfs - ok
17:43:37.0203 1464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:43:37.0234 1464 Ntfs - ok
17:43:37.0281 1464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:43:37.0281 1464 Null - ok
17:43:38.0046 1464 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:43:38.0312 1464 nv - ok
17:43:38.0750 1464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:43:38.0750 1464 NwlnkFlt - ok
17:43:38.0796 1464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:43:38.0812 1464 NwlnkFwd - ok
17:43:38.0859 1464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:43:38.0859 1464 ohci1394 - ok
17:43:38.0921 1464 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
17:43:38.0937 1464 ossrv - ok
17:43:39.0031 1464 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
17:43:39.0062 1464 P17 - ok
17:43:39.0109 1464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:43:39.0140 1464 Parport - ok
17:43:39.0187 1464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:43:39.0203 1464 PartMgr - ok
17:43:39.0281 1464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:43:39.0296 1464 ParVdm - ok
17:43:39.0515 1464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:43:39.0531 1464 PCI - ok
17:43:39.0546 1464 PCIDump - ok
17:43:39.0593 1464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:43:39.0609 1464 PCIIde - ok
17:43:39.0687 1464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:43:39.0718 1464 Pcmcia - ok
17:43:39.0765 1464 PDCOMP - ok
17:43:39.0781 1464 PDFRAME - ok
17:43:39.0828 1464 PDRELI - ok
17:43:39.0843 1464 PDRFRAME - ok
17:43:39.0906 1464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:43:39.0937 1464 perc2 - ok
17:43:40.0000 1464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:43:40.0031 1464 perc2hib - ok
17:43:40.0125 1464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:43:40.0140 1464 PptpMiniport - ok
17:43:40.0203 1464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:43:40.0218 1464 PSched - ok
17:43:40.0296 1464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:43:40.0312 1464 Ptilink - ok
17:43:40.0375 1464 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:43:40.0406 1464 PxHelp20 - ok
17:43:40.0531 1464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:43:40.0546 1464 ql1080 - ok
17:43:40.0609 1464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:43:40.0625 1464 Ql10wnt - ok
17:43:40.0640 1464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:43:40.0656 1464 ql12160 - ok
17:43:40.0671 1464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:43:40.0687 1464 ql1240 - ok
17:43:40.0703 1464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:43:40.0718 1464 ql1280 - ok
17:43:40.0796 1464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:43:40.0812 1464 RasAcd - ok
17:43:40.0890 1464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:43:40.0906 1464 Rasl2tp - ok
17:43:40.0937 1464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:43:40.0953 1464 RasPppoe - ok
17:43:41.0015 1464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:43:41.0031 1464 Raspti - ok
17:43:41.0093 1464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:43:41.0140 1464 Rdbss - ok
17:43:41.0187 1464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:43:41.0203 1464 RDPCDD - ok
17:43:41.0234 1464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:43:41.0281 1464 rdpdr - ok
17:43:41.0343 1464 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:43:41.0343 1464 RDPWD - ok
17:43:41.0390 1464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:43:41.0406 1464 redbook - ok
17:43:41.0468 1464 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:43:41.0484 1464 sdbus - ok
17:43:41.0531 1464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:43:41.0531 1464 Secdrv - ok
17:43:41.0593 1464 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:43:41.0593 1464 Serenum - ok
17:43:41.0609 1464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:43:41.0625 1464 Serial - ok
17:43:41.0656 1464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:43:41.0656 1464 Sfloppy - ok
17:43:41.0671 1464 Simbad - ok
17:43:41.0703 1464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:43:41.0718 1464 sisagp - ok
17:43:41.0750 1464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:43:41.0765 1464 Sparrow - ok
17:43:41.0796 1464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:43:41.0796 1464 splitter - ok
17:43:41.0812 1464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:43:41.0828 1464 sr - ok
17:43:41.0875 1464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:43:41.0875 1464 Srv - ok
17:43:41.0921 1464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:43:41.0921 1464 swenum - ok
17:43:41.0953 1464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:43:41.0968 1464 swmidi - ok
17:43:42.0000 1464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:43:42.0000 1464 symc810 - ok
17:43:42.0015 1464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:43:42.0031 1464 symc8xx - ok
17:43:42.0031 1464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:43:42.0046 1464 sym_hi - ok
17:43:42.0062 1464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:43:42.0062 1464 sym_u3 - ok
17:43:42.0093 1464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:43:42.0093 1464 sysaudio - ok
17:43:42.0156 1464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:43:42.0156 1464 Tcpip - ok
17:43:42.0187 1464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:43:42.0203 1464 TDPIPE - ok
17:43:42.0218 1464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:43:42.0234 1464 TDTCP - ok
17:43:42.0281 1464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:43:42.0296 1464 TermDD - ok
17:43:42.0328 1464 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:43:42.0343 1464 TosIde - ok
17:43:42.0390 1464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:43:42.0437 1464 Udfs - ok
17:43:42.0437 1464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:43:42.0453 1464 ultra - ok
17:43:42.0468 1464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:43:42.0484 1464 Update - ok
17:43:42.0531 1464 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:43:42.0562 1464 USBAAPL - ok
17:43:42.0625 1464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:43:42.0625 1464 usbccgp - ok
17:43:42.0703 1464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:43:42.0703 1464 usbehci - ok
17:43:42.0750 1464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:43:42.0781 1464 usbhub - ok
17:43:43.0171 1464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:43:43.0187 1464 usbprint - ok
17:43:43.0234 1464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:43:43.0250 1464 usbscan - ok
17:43:43.0343 1464 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:43:43.0359 1464 usbstor - ok
17:43:43.0453 1464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:43:43.0468 1464 usbuhci - ok
17:43:43.0578 1464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:43:43.0593 1464 VgaSave - ok
17:43:43.0671 1464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:43:43.0703 1464 viaagp - ok
17:43:43.0781 1464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:43:43.0781 1464 ViaIde - ok
17:43:43.0906 1464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:43:43.0906 1464 VolSnap - ok
17:43:43.0953 1464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:43:43.0953 1464 Wanarp - ok
17:43:44.0000 1464 WDICA - ok
17:43:44.0078 1464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:43:44.0093 1464 wdmaud - ok
17:43:44.0203 1464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:43:44.0250 1464 WudfPf - ok
17:43:44.0312 1464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:43:44.0343 1464 WudfRd - ok
17:43:44.0375 1464 MBR (0x1B8) (117ebf02f374a2469d61d1c801f8c1ff) \Device\Harddisk0\DR0
17:43:45.0406 1464 \Device\Harddisk0\DR0 - ok
17:43:45.0890 1464 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk1\DR2
17:43:45.0890 1464 \Device\Harddisk1\DR2 - ok
17:43:45.0890 1464 Boot (0x1200) (d18ce64361bfe05f78e988519ced47ce) \Device\Harddisk0\DR0\Partition0
17:43:45.0890 1464 \Device\Harddisk0\DR0\Partition0 - ok
17:43:45.0890 1464 Boot (0x1200) (b23c0d8d3b85793c92ee956300ca47c8) \Device\Harddisk1\DR2\Partition0
17:43:45.0890 1464 \Device\Harddisk1\DR2\Partition0 - ok
17:43:45.0906 1464 ============================================================
17:43:45.0906 1464 Scan finished
17:43:45.0906 1464 ============================================================
17:43:45.0906 3800 Detected object count: 1
17:43:45.0906 3800 Actual detected object count: 1
17:43:55.0640 3800 Backup copy found, using it..
17:43:55.0640 3800 C:\WINDOWS\System32\Drivers\avgldx86.sys - will be cured on reboot
17:43:57.0000 3800 AvgLdx86 ( Virus.Win32.ZAccess.k ) - User select action: Cure
17:44:03.0234 2152 Deinitialize success

MBAM::
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Monkey :: MONKEY3 [administrator]

1/21/2012 5:51:27 PM
mbam-log-2012-01-21 (17-51-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390801
Time elapsed: 1 hour(s), 41 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

EVERYTHING SEEMS TO BE GOING GOOD NOW! No redirects at this time.
Thanks again.
JP

#9 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 21 January 2012 - 10:50 PM

Question:
Comcast offers Norton Security Suite for free with my service. Should I install that and drop the AVG free that I have been using?
Thanks.
JP

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 AM

Posted 22 January 2012 - 01:48 PM

Hello, my honest opininion is either Avitra or Avast free are better and consume less system resources.
If interested in these see our list Freeware Replacements for Common Commercial Apps

Good now run an Online scan so we get what's left.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 22 January 2012 - 11:13 PM

ESET:
C:\Documents and Settings\Monkey\Application Data\Mozilla\Firefox\Profiles\d7vqozi3.default\extensions\{3baa6348-871a-4bd8-be1b-597d5439cafc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Monkey\Application Data\Mozilla\Firefox\Profiles\d7vqozi3.default\extensions\{3baa6348-871a-4bd8-be1b-597d5439cafc}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Monkey\Application Data\Sun\Java\Deployment\cache\6.0\56\1f307278-567a4426 multiple threats deleted - quarantined
C:\Documents and Settings\Monkey\My Documents\V3\NewTheSidingSpecialists\httpdocs.zip HTML/TrojanDownloader.Agent.IJ trojan deleted - quarantined
C:\Documents and Settings\Monkey\My Documents\V3\TheSidingSpecialists\httpdocs.zip HTML/TrojanDownloader.Agent.IJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\456472d2-3534aa73 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\5f65a812-32bd73b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\319850d4-639f790d a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\1847f817-7a60b67b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\60b5d41b-640f225f a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\25ac915d-3023b941 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\163c099f-631b8da4 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\530d44e1-6ff10fab a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-65f3b9d2 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\7\43c3de87-34a6a407 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache5145936003773187229.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache7831375901620968399.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache8221460274280989326.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\WINDOWS\Temp\mxzlz.exe a variant of Win32/Kryptik.ZHE trojan cleaned by deleting - quarantined
I:\macbackups\Documents\training\JavaScript\JavaScript Essential Training 2002\PowerISO v3.3.rar a variant of Win32/Keygen.AW application deleted - quarantined
I:\Backups\Weekly\Documents and Settings\Monkey\My Documents\V3\NewTheSidingSpecialists\httpdocs.zip HTML/TrojanDownloader.Agent.IJ trojan deleted - quarantined
I:\Backups\Weekly\Documents and Settings\Monkey\My Documents\V3\TheSidingSpecialists\httpdocs.zip HTML/TrojanDownloader.Agent.IJ trojan deleted - quarantined

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 AM

Posted 23 January 2012 - 08:08 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 diejosh2000

diejosh2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 January 2012 - 01:35 AM

Thanks so much Boop.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 AM

Posted 26 January 2012 - 11:38 AM

:thumbup2: our pleasure!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users