Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting When Visiting Websites


  • This topic is locked This topic is locked
12 replies to this topic

#1 nublard

nublard

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 19 November 2011 - 12:39 PM

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 210.212.5.73:3128
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Google Update] "C:\Users\Nublard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Nublard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: mozilla.org\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{BCEB2523-C180-49F6-9F03-212B88E173C6} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRunOnce-x64: [GrpConv] grpconv -o
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-9-21 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-9-21 211232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
RUnknown 6777473drv;6777473drv; [x]
RUnknown 71366055;71366055; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-5-13 21712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-19 17:25:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-17 02:15:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-17 02:14:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-11-17 02:14:59 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-11-17 02:14:29 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-11-17 02:14:29 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-11-17 02:14:29 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-11-17 02:14:29 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-11-17 02:14:29 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-11-17 02:12:51 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-17 02:12:19 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-17 02:12:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-17 02:12:19 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-17 02:12:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-17 02:11:52 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-11-17 02:11:51 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-11-17 02:11:51 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-11-11 05:13:58 -------- d-----w- C:\Users\Nublard\AppData\Local\Skyrim
2011-11-08 22:28:59 -------- d-----w- C:\ProgramData\Ironclad Games
2011-11-08 00:59:41 -------- d-----w- C:\MGADiagToolOutput
2011-11-07 02:15:39 -------- d-----w- C:\Program Files (x86)\Stardock
2011-11-07 01:29:27 -------- d-----w- C:\Users\Nublard\AppData\Local\Ironclad Games
2011-11-06 01:18:05 -------- d-----w- C:\Users\Nublard\AppData\Local\Plex Media Server
2011-11-06 01:17:18 -------- d-----w- C:\Program Files (x86)\Plex
2011-11-06 01:05:17 -------- d-----w- C:\Users\Nublard\AppData\Local\Nero
2011-11-06 01:02:52 -------- d-----w- C:\Program Files (x86)\Nero
2011-11-06 01:02:34 -------- d-----w- C:\ProgramData\Nero
.
==================== Find3M ====================
.
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 12:31:29.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 19 November 2011 - 04:16 PM

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 nublard

nublard
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 20 November 2011 - 07:33 PM

Yes, all came back clean. IIRC, TDSS may have had an issue with my CD Mounting software (which I know to be clean).

The reason I posted here is because all the above was clean =)

Will update with TDSS log (will run it again).

Thank you for your help.

The problem persists despite running all of the above.

Edited by nublard, 20 November 2011 - 07:48 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 20 November 2011 - 08:05 PM

Hi,

please let me know what TDSSkiller said exactly.. There are many infections that will modify legit drivers and insert their malicious code, TDSSKiller flagging a legit driver isn't necessarily a false positive.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 nublard

nublard
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 20 November 2011 - 08:39 PM

Hello Myrti,
Below is the TDSS log. Thank you for helping.


20:38:04.0218 4720 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
20:38:04.0545 4720 ============================================================
20:38:04.0546 4720 Current date / time: 2011/11/20 20:38:04.0545
20:38:04.0546 4720 SystemInfo:
20:38:04.0546 4720
20:38:04.0546 4720 OS Version: 6.1.7600 ServicePack: 0.0
20:38:04.0546 4720 Product type: Workstation
20:38:04.0546 4720 ComputerName: NUB
20:38:04.0546 4720 UserName: Nublard
20:38:04.0546 4720 Windows directory: C:\Windows
20:38:04.0546 4720 System windows directory: C:\Windows
20:38:04.0546 4720 Running under WOW64
20:38:04.0546 4720 Processor architecture: Intel x64
20:38:04.0546 4720 Number of processors: 4
20:38:04.0546 4720 Page size: 0x1000
20:38:04.0546 4720 Boot type: Normal boot
20:38:04.0546 4720 ============================================================
20:38:05.0802 4720 Initialize success
20:38:07.0146 2952 ============================================================
20:38:07.0146 2952 Scan started
20:38:07.0146 2952 Mode: Manual;
20:38:07.0146 2952 ============================================================
20:38:09.0333 2952 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:38:09.0336 2952 1394ohci - ok
20:38:09.0360 2952 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:38:09.0363 2952 ACPI - ok
20:38:09.0384 2952 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:38:09.0385 2952 AcpiPmi - ok
20:38:09.0425 2952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:09.0431 2952 adp94xx - ok
20:38:09.0449 2952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:38:09.0452 2952 adpahci - ok
20:38:09.0473 2952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:38:09.0476 2952 adpu320 - ok
20:38:09.0547 2952 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:38:09.0552 2952 AFD - ok
20:38:09.0568 2952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:38:09.0569 2952 agp440 - ok
20:38:09.0625 2952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:38:09.0632 2952 aliide - ok
20:38:09.0695 2952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:38:09.0696 2952 amdide - ok
20:38:09.0727 2952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:38:09.0728 2952 AmdK8 - ok
20:38:09.0904 2952 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
20:38:10.0051 2952 amdkmdag - ok
20:38:10.0072 2952 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
20:38:10.0075 2952 amdkmdap - ok
20:38:10.0091 2952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:38:10.0092 2952 AmdPPM - ok
20:38:10.0106 2952 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:38:10.0107 2952 amdsata - ok
20:38:10.0138 2952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:10.0141 2952 amdsbs - ok
20:38:10.0157 2952 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:38:10.0159 2952 amdxata - ok
20:38:10.0190 2952 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:38:10.0191 2952 AppID - ok
20:38:10.0212 2952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:38:10.0213 2952 arc - ok
20:38:10.0235 2952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:38:10.0237 2952 arcsas - ok
20:38:10.0298 2952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:10.0299 2952 AsyncMac - ok
20:38:10.0316 2952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:38:10.0317 2952 atapi - ok
20:38:10.0345 2952 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
20:38:10.0347 2952 AtiHdmiService - ok
20:38:10.0392 2952 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
20:38:10.0397 2952 atksgt - ok
20:38:10.0452 2952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:38:10.0459 2952 b06bdrv - ok
20:38:10.0485 2952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:38:11.0182 2952 b57nd60a - ok
20:38:11.0212 2952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:38:11.0218 2952 Beep - ok
20:38:11.0268 2952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:11.0269 2952 blbdrive - ok
20:38:11.0317 2952 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:38:11.0319 2952 bowser - ok
20:38:11.0335 2952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:11.0336 2952 BrFiltLo - ok
20:38:11.0356 2952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:11.0357 2952 BrFiltUp - ok
20:38:11.0414 2952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:38:11.0418 2952 Brserid - ok
20:38:11.0442 2952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:11.0444 2952 BrSerWdm - ok
20:38:11.0460 2952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:11.0462 2952 BrUsbMdm - ok
20:38:11.0477 2952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:11.0478 2952 BrUsbSer - ok
20:38:11.0495 2952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:11.0496 2952 BTHMODEM - ok
20:38:11.0544 2952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:38:11.0546 2952 cdfs - ok
20:38:11.0561 2952 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:38:11.0563 2952 cdrom - ok
20:38:11.0588 2952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:38:11.0593 2952 circlass - ok
20:38:11.0705 2952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:38:11.0716 2952 CLFS - ok
20:38:11.0807 2952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:11.0811 2952 CmBatt - ok
20:38:11.0885 2952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:38:11.0886 2952 cmdide - ok
20:38:11.0910 2952 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:38:11.0915 2952 CNG - ok
20:38:11.0928 2952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:38:11.0930 2952 Compbatt - ok
20:38:11.0939 2952 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:38:11.0940 2952 CompositeBus - ok
20:38:11.0985 2952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:11.0986 2952 crcdisk - ok
20:38:12.0053 2952 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:38:12.0058 2952 CSC - ok
20:38:12.0135 2952 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:38:12.0136 2952 DfsC - ok
20:38:12.0151 2952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:38:12.0151 2952 discache - ok
20:38:12.0169 2952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:38:12.0170 2952 Disk - ok
20:38:12.0238 2952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:38:12.0239 2952 drmkaud - ok
20:38:12.0317 2952 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
20:38:12.0318 2952 DrvAgent64 - ok
20:38:12.0384 2952 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:38:12.0396 2952 DXGKrnl - ok
20:38:12.0501 2952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:38:12.0572 2952 ebdrv - ok
20:38:12.0607 2952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:38:12.0613 2952 elxstor - ok
20:38:12.0634 2952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:38:12.0635 2952 ErrDev - ok
20:38:12.0666 2952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:38:12.0668 2952 exfat - ok
20:38:12.0689 2952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:38:12.0691 2952 fastfat - ok
20:38:12.0713 2952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:38:12.0714 2952 fdc - ok
20:38:12.0766 2952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:38:12.0768 2952 FileInfo - ok
20:38:12.0827 2952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:38:12.0829 2952 Filetrace - ok
20:38:12.0847 2952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:38:12.0849 2952 flpydisk - ok
20:38:12.0873 2952 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:38:12.0878 2952 FltMgr - ok
20:38:12.0896 2952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:38:12.0898 2952 FsDepends - ok
20:38:12.0917 2952 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:38:12.0918 2952 Fs_Rec - ok
20:38:12.0928 2952 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:38:12.0929 2952 fvevol - ok
20:38:12.0977 2952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:38:12.0978 2952 gagp30kx - ok
20:38:13.0012 2952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:38:13.0013 2952 hcw85cir - ok
20:38:13.0075 2952 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:38:13.0080 2952 HdAudAddService - ok
20:38:13.0102 2952 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:38:13.0104 2952 HDAudBus - ok
20:38:13.0119 2952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:38:13.0120 2952 HidBatt - ok
20:38:13.0137 2952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:38:13.0139 2952 HidBth - ok
20:38:13.0153 2952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:38:13.0154 2952 HidIr - ok
20:38:13.0170 2952 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:38:13.0171 2952 HidUsb - ok
20:38:13.0193 2952 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:38:13.0195 2952 HpSAMD - ok
20:38:13.0255 2952 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:38:13.0264 2952 HTTP - ok
20:38:13.0283 2952 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:38:13.0285 2952 hwpolicy - ok
20:38:13.0302 2952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:38:13.0304 2952 i8042prt - ok
20:38:13.0333 2952 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:38:13.0339 2952 iaStorV - ok
20:38:13.0372 2952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:38:13.0374 2952 iirsp - ok
20:38:13.0476 2952 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
20:38:13.0526 2952 IntcAzAudAddService - ok
20:38:13.0697 2952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:38:13.0698 2952 intelide - ok
20:38:13.0715 2952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:38:13.0717 2952 intelppm - ok
20:38:13.0774 2952 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:38:13.0776 2952 IpFilterDriver - ok
20:38:13.0794 2952 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:38:13.0796 2952 IPMIDRV - ok
20:38:13.0814 2952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:38:13.0816 2952 IPNAT - ok
20:38:13.0824 2952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:38:13.0825 2952 IRENUM - ok
20:38:13.0843 2952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:38:13.0844 2952 isapnp - ok
20:38:13.0862 2952 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:38:13.0865 2952 iScsiPrt - ok
20:38:13.0880 2952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:38:13.0881 2952 kbdclass - ok
20:38:13.0911 2952 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:38:13.0912 2952 kbdhid - ok
20:38:13.0931 2952 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:38:13.0932 2952 KSecDD - ok
20:38:13.0983 2952 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:38:13.0986 2952 KSecPkg - ok
20:38:13.0999 2952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:38:14.0000 2952 ksthunk - ok
20:38:14.0054 2952 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
20:38:14.0055 2952 lirsgt - ok
20:38:14.0068 2952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:38:14.0069 2952 lltdio - ok
20:38:14.0093 2952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:38:14.0096 2952 LSI_FC - ok
20:38:14.0157 2952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:38:14.0159 2952 LSI_SAS - ok
20:38:14.0258 2952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:38:14.0259 2952 LSI_SAS2 - ok
20:38:14.0319 2952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:38:14.0322 2952 LSI_SCSI - ok
20:38:14.0371 2952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:38:14.0373 2952 luafv - ok
20:38:14.0431 2952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:38:14.0433 2952 megasas - ok
20:38:14.0462 2952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:38:14.0467 2952 MegaSR - ok
20:38:14.0497 2952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:38:14.0498 2952 Modem - ok
20:38:14.0556 2952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:38:14.0558 2952 monitor - ok
20:38:14.0571 2952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:38:14.0573 2952 mouclass - ok
20:38:14.0588 2952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:38:14.0589 2952 mouhid - ok
20:38:14.0610 2952 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:38:14.0612 2952 mountmgr - ok
20:38:14.0673 2952 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:38:14.0675 2952 mpio - ok
20:38:14.0692 2952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:38:14.0693 2952 mpsdrv - ok
20:38:14.0745 2952 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:38:14.0746 2952 MRxDAV - ok
20:38:14.0800 2952 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:38:14.0802 2952 mrxsmb - ok
20:38:14.0849 2952 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:38:14.0851 2952 mrxsmb10 - ok
20:38:14.0864 2952 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:38:14.0866 2952 mrxsmb20 - ok
20:38:14.0879 2952 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:38:14.0880 2952 msahci - ok
20:38:14.0905 2952 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:38:14.0908 2952 msdsm - ok
20:38:14.0942 2952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:38:14.0944 2952 Msfs - ok
20:38:14.0959 2952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:38:14.0960 2952 mshidkmdf - ok
20:38:14.0976 2952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:38:14.0977 2952 msisadrv - ok
20:38:15.0030 2952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:38:15.0031 2952 MSKSSRV - ok
20:38:15.0048 2952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:38:15.0049 2952 MSPCLOCK - ok
20:38:15.0062 2952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:38:15.0063 2952 MSPQM - ok
20:38:15.0125 2952 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:38:15.0130 2952 MsRPC - ok
20:38:15.0149 2952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:38:15.0151 2952 mssmbios - ok
20:38:15.0169 2952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:38:15.0170 2952 MSTEE - ok
20:38:15.0187 2952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:38:15.0188 2952 MTConfig - ok
20:38:15.0208 2952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:38:15.0210 2952 Mup - ok
20:38:15.0278 2952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:38:15.0283 2952 NativeWifiP - ok
20:38:15.0312 2952 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:38:15.0323 2952 NDIS - ok
20:38:15.0346 2952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:38:15.0347 2952 NdisCap - ok
20:38:15.0376 2952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:38:15.0377 2952 NdisTapi - ok
20:38:15.0394 2952 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:38:15.0396 2952 Ndisuio - ok
20:38:15.0462 2952 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:38:15.0465 2952 NdisWan - ok
20:38:15.0481 2952 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:38:15.0483 2952 NDProxy - ok
20:38:15.0515 2952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:38:15.0516 2952 NetBIOS - ok
20:38:15.0537 2952 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:38:15.0540 2952 NetBT - ok
20:38:15.0572 2952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:38:15.0573 2952 nfrd960 - ok
20:38:15.0592 2952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:38:15.0593 2952 Npfs - ok
20:38:15.0617 2952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:38:15.0617 2952 nsiproxy - ok
20:38:15.0678 2952 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:38:15.0710 2952 Ntfs - ok
20:38:15.0741 2952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:38:15.0742 2952 Null - ok
20:38:15.0813 2952 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:38:15.0816 2952 nvraid - ok
20:38:15.0858 2952 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:38:15.0861 2952 nvstor - ok
20:38:15.0943 2952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:38:15.0952 2952 nv_agp - ok
20:38:16.0063 2952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:38:16.0073 2952 ohci1394 - ok
20:38:16.0219 2952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:38:16.0225 2952 Parport - ok
20:38:16.0328 2952 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:38:16.0330 2952 partmgr - ok
20:38:16.0354 2952 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:38:16.0357 2952 pci - ok
20:38:16.0373 2952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:38:16.0374 2952 pciide - ok
20:38:16.0401 2952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:38:16.0404 2952 pcmcia - ok
20:38:16.0426 2952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:38:16.0427 2952 pcw - ok
20:38:16.0507 2952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:38:16.0515 2952 PEAUTH - ok
20:38:16.0574 2952 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:38:16.0576 2952 PptpMiniport - ok
20:38:16.0598 2952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:38:16.0599 2952 Processor - ok
20:38:16.0627 2952 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:38:16.0628 2952 Psched - ok
20:38:16.0677 2952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:38:16.0708 2952 ql2300 - ok
20:38:16.0729 2952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:38:16.0731 2952 ql40xx - ok
20:38:16.0790 2952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:38:16.0792 2952 QWAVEdrv - ok
20:38:16.0829 2952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:38:16.0831 2952 RasAcd - ok
20:38:16.0874 2952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:38:16.0876 2952 RasAgileVpn - ok
20:38:16.0899 2952 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:38:16.0901 2952 Rasl2tp - ok
20:38:16.0963 2952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:38:16.0965 2952 RasPppoe - ok
20:38:16.0976 2952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:38:16.0978 2952 RasSstp - ok
20:38:17.0052 2952 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:38:17.0057 2952 rdbss - ok
20:38:17.0067 2952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:38:17.0069 2952 rdpbus - ok
20:38:17.0090 2952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:38:17.0090 2952 RDPCDD - ok
20:38:17.0146 2952 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:38:17.0147 2952 RDPDR - ok
20:38:17.0167 2952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:38:17.0168 2952 RDPENCDD - ok
20:38:17.0181 2952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:38:17.0181 2952 RDPREFMP - ok
20:38:17.0203 2952 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:38:17.0205 2952 RDPWD - ok
20:38:17.0227 2952 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:38:17.0230 2952 rdyboost - ok
20:38:17.0258 2952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:38:17.0260 2952 rspndr - ok
20:38:17.0325 2952 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\netr6164.sys
20:38:17.0331 2952 rt61x64 - ok
20:38:17.0383 2952 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:38:17.0385 2952 RTL8167 - ok
20:38:17.0435 2952 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:38:17.0437 2952 s3cap - ok
20:38:17.0501 2952 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:38:17.0503 2952 sbp2port - ok
20:38:17.0565 2952 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:38:17.0566 2952 scfilter - ok
20:38:17.0593 2952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:38:17.0595 2952 secdrv - ok
20:38:17.0659 2952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:38:17.0662 2952 Serenum - ok
20:38:17.0735 2952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:38:17.0743 2952 Serial - ok
20:38:17.0850 2952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:38:17.0853 2952 sermouse - ok
20:38:17.0884 2952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:38:17.0887 2952 sffdisk - ok
20:38:17.0960 2952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:38:17.0961 2952 sffp_mmc - ok
20:38:17.0994 2952 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:38:17.0995 2952 sffp_sd - ok
20:38:18.0025 2952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:38:18.0027 2952 sfloppy - ok
20:38:18.0065 2952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:38:18.0066 2952 SiSRaid2 - ok
20:38:18.0091 2952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:38:18.0098 2952 SiSRaid4 - ok
20:38:18.0184 2952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:38:18.0193 2952 Smb - ok
20:38:18.0339 2952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:38:18.0340 2952 spldr - ok
20:38:18.0495 2952 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:38:18.0498 2952 srv - ok
20:38:18.0663 2952 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:38:18.0666 2952 srv2 - ok
20:38:18.0744 2952 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:38:18.0745 2952 srvnet - ok
20:38:18.0911 2952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:38:18.0913 2952 stexstor - ok
20:38:19.0088 2952 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:38:19.0119 2952 storflt - ok
20:38:19.0187 2952 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:38:19.0207 2952 storvsc - ok
20:38:19.0343 2952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:38:19.0358 2952 swenum - ok
20:38:19.0858 2952 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:38:19.0873 2952 Tcpip - ok
20:38:20.0120 2952 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:38:20.0131 2952 TCPIP6 - ok
20:38:20.0192 2952 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:38:20.0194 2952 tcpipreg - ok
20:38:20.0247 2952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:38:20.0248 2952 TDPIPE - ok
20:38:20.0287 2952 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:38:20.0287 2952 TDTCP - ok
20:38:20.0321 2952 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:38:20.0322 2952 tdx - ok
20:38:20.0367 2952 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:38:20.0369 2952 TermDD - ok
20:38:20.0426 2952 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:38:20.0426 2952 tssecsrv - ok
20:38:20.0576 2952 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:38:20.0577 2952 tunnel - ok
20:38:20.0593 2952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:38:20.0595 2952 uagp35 - ok
20:38:20.0656 2952 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:38:20.0659 2952 udfs - ok
20:38:20.0689 2952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:38:20.0692 2952 uliagpkx - ok
20:38:20.0718 2952 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:38:20.0720 2952 umbus - ok
20:38:20.0737 2952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:38:20.0738 2952 UmPass - ok
20:38:20.0806 2952 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:38:20.0809 2952 usbaudio - ok
20:38:20.0857 2952 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:38:20.0859 2952 usbccgp - ok
20:38:20.0878 2952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:38:20.0880 2952 usbcir - ok
20:38:20.0896 2952 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:38:20.0897 2952 usbehci - ok
20:38:20.0921 2952 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
20:38:20.0924 2952 usbhub - ok
20:38:20.0943 2952 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:38:20.0944 2952 usbohci - ok
20:38:20.0954 2952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:38:20.0955 2952 usbprint - ok
20:38:20.0973 2952 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:38:20.0975 2952 USBSTOR - ok
20:38:20.0988 2952 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:38:20.0990 2952 usbuhci - ok
20:38:21.0040 2952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:38:21.0042 2952 vdrvroot - ok
20:38:21.0121 2952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:38:21.0122 2952 vga - ok
20:38:21.0184 2952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:38:21.0185 2952 VgaSave - ok
20:38:21.0205 2952 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:38:21.0208 2952 vhdmp - ok
20:38:21.0227 2952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:38:21.0229 2952 viaide - ok
20:38:21.0285 2952 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:38:21.0289 2952 vmbus - ok
20:38:21.0341 2952 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:38:21.0342 2952 VMBusHID - ok
20:38:21.0406 2952 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:38:21.0412 2952 volmgr - ok
20:38:21.0437 2952 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:38:21.0441 2952 volmgrx - ok
20:38:21.0463 2952 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:38:21.0467 2952 volsnap - ok
20:38:21.0501 2952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:38:21.0503 2952 vsmraid - ok
20:38:21.0523 2952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:38:21.0523 2952 vwifibus - ok
20:38:21.0556 2952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:38:21.0557 2952 vwififlt - ok
20:38:21.0577 2952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:38:21.0579 2952 WacomPen - ok
20:38:21.0603 2952 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:38:21.0606 2952 WANARP - ok
20:38:21.0609 2952 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:38:21.0610 2952 Wanarpv6 - ok
20:38:21.0669 2952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:38:21.0671 2952 Wd - ok
20:38:21.0720 2952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:38:21.0723 2952 Wdf01000 - ok
20:38:21.0790 2952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:38:21.0790 2952 WfpLwf - ok
20:38:21.0807 2952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:38:21.0807 2952 WIMMount - ok
20:38:21.0868 2952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:38:21.0870 2952 WmiAcpi - ok
20:38:21.0893 2952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:38:21.0894 2952 ws2ifsl - ok
20:38:21.0918 2952 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:38:21.0920 2952 WudfPf - ok
20:38:21.0952 2952 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:38:21.0955 2952 WUDFRd - ok
20:38:21.0974 2952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:38:21.0982 2952 \Device\Harddisk0\DR0 - ok
20:38:21.0985 2952 Boot (0x1200) (c8c89d826bbaebcc48c0c0edcff79605) \Device\Harddisk0\DR0\Partition0
20:38:21.0987 2952 \Device\Harddisk0\DR0\Partition0 - ok
20:38:21.0996 2952 Boot (0x1200) (98e02871e796a8cf2b0e2851a45b6dd5) \Device\Harddisk0\DR0\Partition1
20:38:21.0997 2952 \Device\Harddisk0\DR0\Partition1 - ok
20:38:21.0998 2952 ============================================================
20:38:21.0998 2952 Scan finished
20:38:21.0998 2952 ============================================================
20:38:22.0007 0960 Detected object count: 0
20:38:22.0007 0960 Actual detected object count: 0

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 20 November 2011 - 08:42 PM

Hi,

that log is looking clean. No sign of CD mounting software.. Did you run Defogger at some point?

Do you have a linux dualboot or live-cd at hand, by chance?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 nublard

nublard
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 20 November 2011 - 09:06 PM

I went ahead and let the virus scanner delete the CD Mounting software, just to reduce chances of contamination.

I have not run defogger, and do not have linux dualboot or live-cd.

I do have a windows 7 dvd if that helps.

Thank you!

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 21 November 2011 - 06:18 PM

Hi,

the Windows CD will come in handy when it is time to repair/fix the problem at hand. However first we need to confirm that what I suspect is actually true:
Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 nublard

nublard
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 21 November 2011 - 11:34 PM

Thank you for the instructions.

Just as an update, the problem seems to have gone away. The one website that I couldn't visit now appears to be normal. I am not having any other problems.

Should I continue to do as you advised?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 22 November 2011 - 04:14 PM

Hi,

you had only problems with one particular website and weren't being redirected to spam sites on google for example?

If so please give me the name of the site, so that we can deterine whether the problem was on your end or on theirs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 nublard

nublard
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 22 November 2011 - 11:50 PM

The site was
www.gunnertraining.com

I did a google search to see if the site was hijacked and did not find anything.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 23 November 2011 - 04:12 PM

hi

then the issue was most likely with that one site.

I thought this was a more global issue. There's no need for the live-cd in that case.

Does that mean your pc is back to normal now.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:22 AM

Posted 03 December 2011 - 09:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users