Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Crypt.AQLW Win32/Sirefef.ER


  • This topic is locked This topic is locked
23 replies to this topic

#1 JoelDC73

JoelDC73

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 25 February 2012 - 12:49 PM

AVG keeps identifying the threat Trojan Crypt.AQLW Win32/Sirefef.ER or something similar. It detected 17 after one bootup. Sometimes it says that its a critical process and won't remove it but won't let me access it. Alot of times this will cause my OS to crash. While creating some of the logs I did notice BitTorrent and something called Torrent Stream. So I know how the virus was acquired. My 15,11 & 8 yr old kids use this computer quite a bit so I suspect that's how they were installed. I have already talked to them about illegal downloads and the risk associated. BitTorrent and all things similar will be deleted immediately if safe to do so now. My wife has also downloaded a Coupon toolbars ect. This same computer had the Windows Security scam twice. The most recent was the VistaSecurty2012 right before this virus started.

I've done the DDS, attach and ARK logs. All of them were done in SAFE MODE. Its been the only way I can use the computer without it crashing. If they need to be done outside of safe mode let me know and I will redo them. Thanks for looking and I look forward to your response.


Here is the DDS.txt log Attach log is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by JoelDC at 10:17:19 on 2012-02-25
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.453 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\JoelDC\Downloads\autoruns.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bradenton.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: vshare.tv Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsh0.dll
mURLSearchHooks: vshare.tv Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsh0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: vshare.tv Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsh0.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vshare.tv Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsh0.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [Conime] %windir%\system32\conime.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMTE1NjYwODI0OS1YTzEwKzEyLUxJQysyMi1TUDErMS1GTDEwKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMzIxMTUtREQxMEYrMS1TVDEwRkFQUCsxLUwxME0rMS1GMTBNMTJBTisyMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMS1FVUxBKzEtU1QxMkZBUFArMS1TVEYxME0xMkFVRisx"&"prod=90"&"ver=2012.0.1831"&"mid=4b964f1071fc47d6b29bd153d48ff139-60c002b85c7c46c6cfb957f7d61435219a2b051d
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: c:\users\joeldc\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.17\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{124F8328-358A-4BD6-812A-F47133F41520} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{5FFF7437-954A-401D-94B4-4C0CE5CE418A} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joeldc\appdata\roaming\mozilla\firefox\profiles\24dw5ywy.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6c7bbc7b-3b7d-4a5c-a931-75a55500a1b3%7D&mid=4b964f1071fc47d6b29bd153d48ff139-60c002b85c7c46c6cfb957f7d61435219a2b051d&ds=AVG&v=8.0.0.34&lang=en&pr=fr&d=2011-09-22%2014%3A41%3A39&sap=ku&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - component: c:\users\joeldc\appdata\roaming\mozilla\firefox\profiles\24dw5ywy.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joeldc\appdata\roaming\mozilla\firefox\profiles\24dw5ywy.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\joeldc\appdata\roaming\mozilla\firefox\profiles\24dw5ywy.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\joeldc\appdata\roaming\mozilla\firefox\profiles\24dw5ywy.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko7.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
S2 mksupdateint;USA49W2KP;c:\windows\system32\svchost.exe -k netsvcs [2011-2-26 21504]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2011-2-26 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-3 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
.
=============== Created Last 30 ================
.
2012-02-17 01:06:26 -------- d-sh--w- C:\found.001
2012-02-14 02:14:31 -------- d-----w- c:\programdata\PrintProjects
2012-02-14 02:14:31 -------- d-----w- c:\program files\PrintProjects
2012-02-13 17:14:58 -------- d--h--w- C:\$AVG
2012-02-06 20:08:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-06 20:08:13 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-06 20:08:13 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-06 20:08:12 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-06 20:08:12 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-06 20:08:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-06 20:08:12 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-06 20:08:12 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-06 20:08:12 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-06 20:08:12 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-06 20:08:12 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-06 20:08:12 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-06 12:26:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:20:06.01 ===============

Thanks for looking and I look forward to your response.

Attached Files



BC AdBot (Login to Remove)

 


#2 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 25 February 2012 - 01:19 PM

I can't attach the GMER log. It is 6.27 MB

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 26 February 2012 - 02:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 28 February 2012 - 04:14 PM

Sorry for the late reply but I had some serious issues. I ran combofix it created the restore point and started running. I walked away for a few minutes and found that the computer had rebooted. I logged on and had a message that Windows had recovered from a serious issue. I waited for some time to see if combofix would restart itself. FYI- The instructions state that windows may reboot several times, but it doesn't say if you have to restart combofix.

I again clicked on the combofix.exe and it created another restore point and started running. This time I stayed to watch and my windows just shut down. Not like when other programs shut windows down it just poof went off.

I then got the BSOD that stated "page_fault_in_nonpaged_area" and I haven't been able to reboot windows. I have the vista recovery disks but can't boot from them either. I do ahave a bootable diagnostic disc (PC Doctor) and was able to run all the diagnostics with no failed tests. I've tried reboot with last known good configuration and safe mode.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 29 February 2012 - 05:40 AM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 03 March 2012 - 03:20 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 04 March 2012 - 02:52 PM

When I click repair windows I get the windows logo and status bar like it is trying to boot. Then bsod again. When I put the vista recovery disc in I dont get any of the options mentioned. It tries to boot. Then bsod. It says it is loading files from windows then boots then bsod.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 04 March 2012 - 03:05 PM

did you try both options to get into the recovery environment?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 05 March 2012 - 05:02 PM

Yes, I've tried both with no luck. I've changed the bios to boot from the DVD drive and the hard drive. I never get to the keyboard language step. After I click repair your computer option I get a message that says "Loading files from Window" with a status bar. The time it takes to load these files has varied but not consistently. I.e. longer/shorter time with the discs. I expect after these files load is when I am supposed to pick my keyboard language, but as I previously stated, I get the windows logo with status bar like its booting then the BSOD.



FYI- I don't have the original installation discs, I have Vista Recovery discs that I created previously. I have re-intalled windows from them previously. I did the disable disc emulation(?) software as recommended in the the preparation guide. Does that have anything to do with not reading the recovery discs?

I appreciate the time you are taking to help me resolve this issue. I can't seem to log onto this account with my iPhone so that is why the responses are a little delayed.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 05 March 2012 - 08:08 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 05 March 2012 - 10:56 PM

Mon Mar 5 22:38:31 UTC 2012
Driver report for /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtsp64.sys has NO Company Name! /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspl64.sys has NO Company Name! /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspx64.sys has NO Company Name!

03e8b1ea1c4c3988e2e48e315b50300d /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtsp64.sys
Symantec Corporation

04e8661e87ec17c10663f6351e0c4202 /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspl64.sys
Symantec Corporation

aae26cdb9411ded876820820847797ec /mnt/sda2/hp/apps/APP06091/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspx64.sys
Symantec Corporation

Driver report for /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers/srtspl.sys has NO Company Name! /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers/srtsp.sys has NO Company Name! /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers/srtspx.sys has NO Company Name!

fd0c0333fae09dbd1170e0d607eca5c8 /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers/srtspl.sys
Symantec Corporation

15e29eb26dd53eb6385629f4622b5519 /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers/srtsp.sys
Symantec Corporation

7e60a4a4035be470f47c6806da57db99 /mnt/sda2/hp/apps/APP06091/src/Support/SRTSP/SRTSP/System32/Drivers/srtspx.sys
Symantec Corporation

Driver report for /mnt/sda1/WINDOWS/System32/drivers

0349be02f329f4f48f1d48097fd65974 1394bus.sys
Microsoft Corporation

fcb8c7210f0135e24c6580f7f649c73c acpi.sys
Microsoft Corporation

f8a6018193be629b8ea4c5d7b2452b70 ADFUUD.SYS
bH'VS_VERSION_INFO?StringFileInfobCommentsCompanyName,FileDescription*FileVersion.:rInternalNameNetacMOD.sysLegalCopyright(LegalTrademarksBrOriginalFilenameNetacMOD.sysPrivateBuild$ProductName.ProductVersion.SpecialBuildDVarFileInfo$Translationtn<

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

16a0a5077a37c5cddc4c007b02e3ebbb afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

0ca0071da4315b00fc1328ca86b425da amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

53b202abee6455406254444303e87be1 asyncmac.sys
Microsoft Corporation

2d9c903dc76a66813d350a562de40ed9 atapi.sys
Microsoft Corporation

d1c03ae69c29e239fc8000c5c0dea709 ataport.sys
Microsoft Corporation

4cbb56fbc9c0cbc517e6e3a6889ebddc AVGIDSDriver.sys
AVG Technologies

459bce188232e2fe6152423efef65d76 AVGIDSEH.sys
AVG Technologies

91d9abe7e88eac7c167cba4ed4d983bf AVGIDSFilter.sys
AVG Technologies

3fc2714e185c04308215d46730d41a94 AVGIDSShim.sys
AVG Technologies

bf8118cd5e2255387b715b534d64acd1 avgldx86.sys
AVG Technologies

1c77ef67f196466adc9924cb288afe87 avgmfx86.sys
AVG Technologies

f2038ed7284b79dcef581468121192a9 avgrkx86.sys
AVG Technologies

a6d562b612216d8d02a35ebeb92366bd avgtdix.sys
AVG Technologies

87d8e49d1615d419efceddefe02161cc battc.sys
Microsoft Corporation

9f5f8f2318dfa3974a6f6a5602733929 bdasup.sys
Microsoft Corporation

67e506b75bd5326a3ec7b70bd014dfb6 beep.sys
Microsoft Corporation

8153396d5551276227fa146900f734e6 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

72df06d26ae4ced2e08f428b96302b0e bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

7add03e75beb9e6dd102c3081d29840a cdfs.sys
Microsoft Corporation

bf79e659c506674c0497cc9c61f1a165 cdr4_xp.sys
Sonic Solutions

2c41cd49d82d5fd85c72d57b6ca25471 cdralw2k.sys
Sonic Solutions

1ec25cea0de6ac4718bf89f9e1778b57 cdrom.sys
Microsoft Corporation

da8e0afc7baa226c538ef53ac2f90897 circlass.sys
Microsoft Corporation

4388cebb2c6a7f484ac409a90a3c9fae Classpnp.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

82b8c91d327cfecf76cb58716f7d4997 compbatt.sys
Microsoft Corporation

e9acae97f17c99cb735a1e08859bf806 crashdmp.sys
Microsoft Corporation

2a213ae086bbec5e937553c7d9a2b22c crcdisk.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

a3e9fa213f443ac77c7746119d13feec dfsc.sys
Microsoft Corporation

0183496303b4f8a5878d99a667f33170 Diskdump.sys
Microsoft Corporation

64109e623abd6955c8fb110b592e68b7 disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

97fef831ab90bee128c9af390e243f80 drmkaud.sys
Microsoft Corporation

7be5a3c671a2cb56e94403bfc2020a0d drmk.sys
Microsoft Corporation

c078d2b163f090601200fa5a6ff3ce0a Dumpata.sys
Microsoft Corporation

eaaafef04fbb45665c9576e525d45a12 dxapi.sys
Microsoft Corporation

85f33880b8cfb554bd3d9ccdb486845a dxgkrnl.sys
Microsoft Corporation

6d16255c9eb5683f83a472e1679ed2e4 dxg.sys
Microsoft Corporation

d00eeae1cacd77a1a8396bbc19140bba e100b325.sys
Intel Corporation

f88fb26547fd2ce6d0a5af2985892c48 E1G60I32.sys
Intel Corporation

dd2cd259d83d8b72c02c5f2331ff9d68 ecache.sys
Microsoft Corporation

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

0d858eb20589a34efb25695acaa6aa2d exfat.sys
Microsoft Corporation

3c489390c2e2064563727752af8eab9e fastfat.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

a8c0139a884861e3aae9cfe73b208a9f fileinfo.sys
Microsoft Corporation

0ae429a696aecbc5970e3cf2c62635ae filetrace.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

05ea53afe985443011e36dab07343b46 fltMgr.sys
Microsoft Corporation

65ea8b77b5851854f0c55c43fa51a198 fs_rec.sys
Microsoft Corporation

495fa4351a96f228b4301d1e616defa0 FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

c87b1ee051c0464491c1a7b03fa0bc99 hdaudbus.sys
Microsoft Corporation

cb04c744be0a61b1d648faed182c3b59 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

04f49ddd00a26c6ca984a9b480fdaa33 hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

175444d3a01ca45d0e1c5dc5f48df7cd hidparse.sys
Microsoft Corporation

854ca287ab7faf949617a788306d967e hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

72cc6a8ca7891031d6380db5025c773c HSX_CNXT.sys
Conexant

88749fbf8beb18c90e7d6626c8c1910b HSX_DP.sys
Conexant

fe440536bd98af772130dc3a6fe1915f HSXHWBS2.sys
Conexant

96e241624c71211a79c84f50a8e71cab http.sys
Microsoft Corporation

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

22d56c8184586b7a1f6fa60be5f5a2bd i8042prt.sys
Microsoft Corporation

25c3d5f66a74a7bddeca56085f040d2e iaStor.sys
Intel Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

e5490aea3b791c454e9933bf749ca3d8 igdkmd32.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

83aa759f3189e6370c30de5dc5590718 intelide.sys
Microsoft Corporation

224191001e78c89dfa78924c3ea595ff intelppm.sys
Microsoft Corporation

62c265c38769b864cb25b4bcf62df6c3 ipfltdrv.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

8793643a67b42cec66490b2a0cf92d68 ipnat.sys
Microsoft Corporation

e50a95179211b12946f7e035d60af560 irda.sys
Microsoft Corporation

109c0dfb82c3632fbd11949b73aeeac9 irenum.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

37605e0a8cf00cbba538e753e4344c6e kbdclass.sys
Microsoft Corporation

18247836959ba67e3511b62846b9c2e0 kbdhid.sys
Microsoft Corporation

7a0cf7908b6824d6a2a1d313e5ae3dca ksecdd.sys
Microsoft Corporation

47cb1cbb1d80517d7909d0860128e860 ks.sys
Microsoft Corporation

d1c5883087a0c3f1344d9d55a44901f6 lltdio.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

8f5c7426567798e62a3b3614965d62cc luafv.sys
Microsoft Corporation

b7ca8cc3f978201856b6ab82f40953c3 mbam.sys
Malwarebytes Corporation

b271ec02e71271a2da28b3b7bc4e4f15 mcd.sys
Microsoft Corporation

0cea2d0d3fa284b85ed5b68365114f76 mdmxsdk.sys
Conexant

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

e13b5ea0f51ba5b1512ec671393d09ba modem.sys
Microsoft Corporation

0a9bb33b56e294f686abb7c1e4e2d8a8 monitor.sys
Microsoft Corporation

5bf6a1326a335c5298477754a506d263 mouclass.sys
Microsoft Corporation

93b8d4869e12cfbe663915502900876f mouhid.sys
Microsoft Corporation

bdafc88aa6b92f7842416ea6a48e1600 mountmgr.sys
Microsoft Corporation

583a41f26278d9e0ea548163d6139397 mpio.sys
Microsoft Corporation

22241feba9b2defa669c8cb0a8dd7d2e mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

ae3de84536b6799d2267443cec8edbb9 mrxdav.sys
Microsoft Corporation

6b5fa5adfacac9dbbe0991f4566d7d55 mrxsmb10.sys
Microsoft Corporation

5c80d8159181c7abf1b14ba703b01e0b mrxsmb20.sys
Microsoft Corporation

5734a0f2be7e495f7d3ed6efd4b9f5a1 mrxsmb.sys
Microsoft Corporation

742aed7939e734c36b7e8d6228ce26b7 msahci.sys
Microsoft Corporation

3fc82a2ae4cc149165a94699183d3028 msdsm.sys
Microsoft Corporation

a9927f4a46b816c92f461acb90cf8515 msfs.sys
Microsoft Corporation

0f400e306f385c56317357d6dea56f62 msisadrv.sys
Microsoft Corporation

f247eec28317f6c739c16de420097301 msiscsi.sys
Microsoft Corporation

d8c63d34d9c9e56c059e24ec7185cc07 mskssrv.sys
Microsoft Corporation

1d373c90d62ddb641d50e55b9e78d65e mspclock.sys
Microsoft Corporation

b572da05bf4e098d4bba3a4734fb505b mspqm.sys
Microsoft Corporation

b5614aecb05a9340aa0fb55bf561cc63 msrpc.sys
Microsoft Corporation

e384487cb84be41d09711c30ca79646c mssmbios.sys
Microsoft Corporation

7199c1eec1e4993caf96b8c0a26bd58a mstee.sys
Microsoft Corporation

6dfd1d322de55b0b7db7d21b90bec49c mup.sys
Microsoft Corporation

9bdc71790fa08f0a0b5f10462b1bd0b1 ndis.sys
Microsoft Corporation

0e186e90404980569fb449ba7519ae61 ndistapi.sys
Microsoft Corporation

d6973aa34c4d5d76c0430b181c3cd389 ndisuio.sys
Microsoft Corporation

3d14c3b3496f88890d431e8aa022a411 ndiswan.sys
Microsoft Corporation

71dab552b41936358f3b541ae5997fb3 ndproxy.sys
Microsoft Corporation

bcd093a5a6777cf626434568dc7dba78 netbios.sys
Microsoft Corporation

7c5fee5b1c5728507cd96fb4a13e7a02 netbt.sys
Microsoft Corporation

cb57feb3288cf6d5cadc6ef0e50718d9 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

ecb5003f484f9ed6c608d6d6c7886cbb npfs.sys
Microsoft Corporation

609773e344a97410ce4ebf74a8914fcf nsiproxy.sys
Microsoft Corporation

b4effe29eb4f15538fd8a9681108492d ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

cf7e041663119e09d2e118521ada9300 nuidfltr.sys
Microsoft Corporation

c5dbbcda07d780bda9b685df333bb41e null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

3c21ce48ff529bb73dadb98770b54025 nwifi.sys
Microsoft Corporation

790e27c3db53410b40ff9ef2fd10a1d9 ohci1394.sys
Microsoft Corporation

bfef604508a0ed1eae2a73e872555ffb pacer.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

3b38467e7c3daed009dfe359e17f139f partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

3b1901e401473e03eb8c874271e50c26 pciide.sys
Microsoft Corporation

46ed71afe2c872931e87ab958be133fa pciidex.sys
Microsoft Corporation

01b94418deb235dff777cc80076354b4 pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

5b6c11de7e839c05248ced8825470fef pcouffin.sys
VSO Software

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

75dad0e7f4cd3cb9455a76123ac16bf3 portcls.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

390c204ced3785609ab24e9c52054a84 PS2.sys
Hewlett-Packard

feffcfdc528764a04c8ed63d5fa6e711 pxhelp20.sys
Sonic Solutions

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

9f5e0e1926014d17486901c88eca2db7 qwavedrv.sys
Microsoft Corporation

147d7f9c556d259924351feb0de606c3 rasacd.sys
Microsoft Corporation

a214adbaf4cb47dd2728859ef31f26b0 rasl2tp.sys
Microsoft Corporation

3e9d9b048107b40d87b97df2e48e0744 raspppoe.sys
Microsoft Corporation

ecfffaec0c1ecd8dbc77f39070ea1db1 raspptp.sys
Microsoft Corporation

a7d141684e9500ac928a772ed8e6b671 rassstp.sys
Microsoft Corporation

6e1c5d0457622f9ee35f683110e93d14 rdbss.sys
Microsoft Corporation

89e59be9a564262a3fb6c4f4f1cd9899 RDPCDD.sys
Microsoft Corporation

e8bd98d46f2ed77132ba927fccb47d8b rdpdr.sys
Microsoft Corporation

9d91fe5286f748862ecffa05f8a0710c RDPENCDD.sys
Microsoft Corporation

e1c18f4097a5abcec941dc4b2f99db7e rdpwd.sys
Microsoft Corporation

fdeb76bed9c0a75329ca426623297158 rmcast.sys
Microsoft Corporation

8f5db387ff2f57ad9107b7eb78a6d34b RNDISMP.sys
Microsoft Corporation

75e8a6bfa7374aba833ae92bf41ae4e6 rootmdm.sys
Microsoft Corporation

9c508f4074a39e8b4b31d27198146fad rspndr.sys
Microsoft Corporation

84ed2154239f9d013bbd3220755ada8b RTKVHDA.sys
Realtek Semiconductor

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

6f5ca34ae885645acf8a20d564db976c scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

8af3d28a879bf75db53a0ee7a4289624 sermouse.sys
Microsoft Corporation

103b79418da647736ee95645f305f68a sffdisk.sys
Microsoft Corporation

8fd08a310645fe872eeec6e08c6bf3ee sffp_mmc.sys
Microsoft Corporation

9cfa05fcfcb7124e69cfc812b72f9614 sffp_sd.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

031e6bcd53c9b2b9ace111eafec347b6 smb.sys
Microsoft Corporation

a7d7ea1771d2ed6f39a8063e79b6c3e8 smclib.sys
Microsoft Corporation

7aebdeef071fe28b0eef2cdd69102bff spldr.sys
Microsoft Corporation

f713e67c329ce82ff1e1ebb497887427 spsys.sys
Microsoft Corporation

b7ff59408034119476b00a81bb53d5d1 srv2.sys
Microsoft Corporation

2accc9b12af02030f531e6cca6f8b76e srvnet.sys
Microsoft Corporation

2252aef839b1093d16761189f45af885 srv.sys
Microsoft Corporation

39ad2c7b9c05c1ccd12480890dba4eb5 Storport.sys
Microsoft Corporation

264232ef4283f123438c60d49e52d596 stream.sys
Microsoft Corporation

7ba58ecf0c0a9a69d44b3dca62becf56 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

1239fd18895040d97b7cdbc19bc2075e tape.sys
Microsoft Corporation

d4a2e4a4b011f3a883af77315a5ae76b tcpipreg.sys
Microsoft Corporation

782568ab6a43160a159b6215b70bcce9 tcpip.sys
Microsoft Corporation

77937eff009ac696b90e09f671f9d0a4 tdi.sys
Microsoft Corporation

5dcf5e267be67a1ae926f2df77fbcc56 tdpipe.sys
Microsoft Corporation

389c63e32b3cefed425b61ed92d3f021 tdtcp.sys
Microsoft Corporation

d09276b1fab033ce1d40dcbdf303d10f tdx.sys
Microsoft Corporation

a048056f5e1a96a9bf3071b91741a5aa termdd.sys
Microsoft Corporation

dcf0f056a2e4f52287264f5ab29cf206 tssecsrv.sys
Microsoft Corporation

caecc0120ac49e3d2f758b9169872d38 TUNMP.SYS
Microsoft Corporation

6042505ff6fa9ac1ef7684d0e03b6940 tunnel.sys
Microsoft Corporation

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

8b5088058fa1d1cd897a2113ccff6c58 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

32cff9f809ae9aed85464492bf3e32d2 umbus.sys
Microsoft Corporation

88bd96a1baeed33ee8bdf9499c07a841 umpass.sys
Microsoft Corporation

d173f7b936c8f579bcc4f78da861929c usb8023.sys
Microsoft Corporation

83cafcb53201bbac04d822f32438e244 usbaapl.sys
Apple

b0b0c4970bd60e6e2b0fd33b2960490d USBCAMD2.sys
Microsoft Corporation

bf85eaab7b889e4b621111e0372cb147 USBCAMD.sys
Microsoft Corporation

caf811ae4c147ffcd5b51750c7f09142 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

790fdac6d0c762df9047c3c625a6ff6c usbd.sys
Microsoft Corporation

cebe90821810e76320155beba722fcf9 usbehci.sys
Microsoft Corporation

cc6b28e4ce39951357963119ce47b143 usbhub.sys
Microsoft Corporation

38dbc7dd6cc5a72011f187425384388b usbohci.sys
Microsoft Corporation

65ad9c60dbfa2f0ea582e691cba03f0c usbport.sys
Microsoft Corporation

e75c4b5269091d15a2e7dc0b6d35f2f5 usbprint.sys
Microsoft Corporation

a508c9bd8724980512136b039bba65e9 usbscan.sys
Microsoft Corporation

87ba6b83c5d19b69160968d07d6e2982 USBSTOR.SYS
Microsoft Corporation

814d653efc4d48be3b04a307eceff56f usbuhci.sys
Microsoft Corporation

7d92be0028ecdedec74617009084b5ef vgapnp.sys
Microsoft Corporation

2e93ac0a1d8c79d019db6c51f036636c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

c048d2c33d27441a0cdcaae2651eb03d videoprt.sys
Microsoft Corporation

69503668ac66c77c6cd7af86fbdf8c43 volmgr.sys
Microsoft Corporation

98f5ffe6316bd74e9e2c97206c190196 volmgrx.sys
Microsoft Corporation

d8b4a53dd2769f226b3eb374374987c9 volsnap.sys
Microsoft Corporation

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

55201897378cca7af8b5efd874374a26 wanarp.sys
Microsoft Corporation

6c8b7df75ecf4a7dd668bec58e268329 watchdog.sys
Microsoft Corporation

b6f0a7ad6d4bd325fbcd8bac96cd8d96 Wdf01000.sys
Microsoft Corporation

b4fc6dd9167b058e6dbe6cb14acfa2cb WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

701a9f884a294327e9141d73746ee279 wmiacpi.sys
Microsoft Corporation

c546864eed786304762d030febf6b411 wmilib.sys
Microsoft Corporation

0cec23084b51b8288099eb710224e955 WpdUsb.sys
Microsoft Corporation

e3a3cb253c0ec2494d4a61f5e43a389c ws2ifsl.sys
Microsoft Corporation

13b5f255e90624a5ba0441d39cfb6be2 WUDFPf.sys
Microsoft Corporation

ac13cb789d93412106b0fb6c7eb2bcb6 WUDFRd.sys
Microsoft Corporation

dab33cfa9dd24251aaa389ff36b64d4b XAudio.sys
Conexant

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 06 March 2012 - 09:24 AM

  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB.
  • Boot the ailing computer with to xPUD
  • A Welcome to xPUD screen will appear
  • Click the File
  • Expand mnt icon on the left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select [Intel] and press Enter
  • Use the arrows and select [MBR Code] and press Enter.
  • You will be presented with a question,"Write a new copy of MBR to first sector? (Y/N)". Type Y and press Enter.
  • Remove the flash drive and put it back in the working computer, then post the contents of (or attach) the testdisk.log file on the flash drive.

Attempt to boot normally. Let me know the outcome.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 06 March 2012 - 01:40 PM

Tue Mar 6 13:34:17 2012
Command line: TestDisk

#14 JoelDC73

JoelDC73
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 06 March 2012 - 01:46 PM

Reboot attempt:

-Windows is loading files-
-Status Bar with no windows logo-
-System Recovery Manager with options for
Run program from from disc
Run program from hard drive

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 12 March 2012 - 02:48 AM

Hello


sorry for the delay - I keep going over this as to see what we can do and it keeps coming back to our best chance is with the farbar toolwhen you press F8key do you get the Advanced Boot Options?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users