Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
23 replies to this topic

#1 karolinap

karolinap

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 17 April 2013 - 02:26 PM

I noticed this week that google has been redirecting me to different sites. It's been happening on Firefox and IE. So far this issue has not occurred with google chrome. I downloaded anti- malware and a threat was identified and removed, but the problem is still occurring. Can you please help me remove it? 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_22
Run by Caroline at 13:55:42 on 2013-04-17
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.1342 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\Indexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sharp\Sharpdesk\nsapp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Laser App Enterprise\uformagent.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\twunk_32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://ssl.schwabinstitutional.com/transact/LoginController
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {89867A4A-BDEE-4259-964A-B8E87C4892F3} - <orphaned>
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LaserAppUpdate] "c:\program files\laser app enterprise\uformagent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Lake] rundll32.exe "c:\documents and settings\caroline\local settings\application data\lake\udyoesvq.dll",RatingSetupUIW
uRun: [pEventServ] rundll32.exe "c:\documents and settings\caroline\application data\peventserv\pEventServ.dll",oleMobileppm ClipMapSvcs
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SharpTray.exe] "c:\program files\sharp\sharpdesk\SharpTray.exe"
mRun: [FtpServer.exe] "c:\program files\sharp\sharpdesk\FtpServer.exe" -usedefault
mRun: [IndexTray.exe] "c:\program files\sharp\sharpdesk\IndexTray.exe" /n
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
uExplorerRun: [defffdabdefead] c:\documents and settings\caroline\application data\5245d20e-03f5-483f-8f84-d12abd430efead\defffdabdefead.exe
StartupFolder: c:\docume~1\caroline\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\princi~1.lnk - c:\program files\morningstar\principia\schedupd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - 
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: sp-server
Trusted Zone: tmfs-crm01
Trusted Zone: vcrm
Trusted Zone: vsp
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365082303046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C5F811C2-EC0A-4C25-98B5-AB49B32D9AA1} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\caroline\application data\mozilla\firefox\profiles\j320v88p.default-1366037848363\
FF - plugin: c:\documents and settings\caroline\local settings\application data\citrix\plugins\97\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 195296]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2012-6-19 24064]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 MpKsl649da4d6;MpKsl649da4d6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a951bb-8bc0-476b-8f8b-8223e04331fa}\MpKsl649da4d6.sys [2013-4-17 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-11 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-27 701512]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-24 168616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-27 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-17 40776]
S0 cerc6;cerc6; [x]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-20 81920]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2011-2-24 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2011-2-24 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2011-2-24 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2011-2-24 10368]
.
=============== Created Last 30 ================
.
2013-04-17 18:49:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-17 18:47:35 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a951bb-8bc0-476b-8f8b-8223e04331fa}\offreg.dll
2013-04-17 18:47:07 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a951bb-8bc0-476b-8f8b-8223e04331fa}\MpKsl649da4d6.sys
2013-04-17 18:46:57 -------- d-----w- c:\documents and settings\caroline\application data\5245d20e-03f5-483f-8f84-d12abd430efead
2013-04-17 18:02:56 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a951bb-8bc0-476b-8f8b-8223e04331fa}\mpengine.dll
2013-04-16 18:04:50 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-12 14:17:04 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-04-12 14:15:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-04-12 14:14:57 107512 ----a-r- c:\program files\mozilla firefox\data\disk2\setup.exe
2013-04-12 14:14:52 107512 ----a-r- c:\program files\mozilla firefox\data\disk1\setup.exe
2013-04-12 14:14:38 45056 ----a-r- c:\program files\mozilla firefox\data\disk1\brolink\Brolink0.exe
2013-04-12 14:14:37 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-04-12 14:14:36 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-04-12 14:14:36 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-04-12 14:14:35 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-04-12 14:14:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-04-12 14:14:34 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-04-04 20:17:21 -------- dc-h--w- c:\windows\ie8
2013-04-03 18:26:59 -------- d-----w- c:\documents and settings\caroline\application data\pEventServ
2013-03-22 14:31:11 -------- d-----w- c:\documents and settings\caroline\local settings\application data\Lake
2013-03-20 20:17:11 -------- d-----w- c:\documents and settings\caroline\application data\WindowsDatabase
2013-03-20 20:10:00 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
==================== Find3M  ====================
.
2013-04-17 13:21:51 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 15:23:33 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 15:23:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-20 21:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 14:00:26.45 ===============
Attached File  attach.txt   22.38KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 17 April 2013 - 02:35 PM


Hello karolinap

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 17 April 2013 - 03:15 PM

Not good. I ran security check and then I downloaded adwcleaner and roguekiller. I did not run the program at the same time. I made sure to do it one at a time. Security check was fine, but when I ran adcleaner my computer froze so I turned off the computer. When I turned it back on I got the blue screen. I tried running it in safe mode a couple of times and that does not work. At the bottom of the blue screen it says "kdcom.dll address f7898160 base at f7897000. " What do you suggest?

#4 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 17 April 2013 - 03:52 PM

It also says stop 0x0000007e (0xc0000005, 0xb84b9160, 0xb850386c)

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 17 April 2013 - 06:28 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive

  • Copy and paste the report.txt for my review

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 17 April 2013 - 06:41 PM

My clean computer is a Mac. Do the directions above apply to a mac? 


Edited by karolinap, 17 April 2013 - 06:42 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 17 April 2013 - 09:41 PM

I have never used a MAC so I have no idea if it would work or not


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 18 April 2013 - 08:46 AM

I just tried turning on my computer and windows started on its own. Yess!! :)

Should I strart where i left off and run adcleaner or do you have another suggestion?

#9 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 18 April 2013 - 08:49 AM

Security check results

 

 

Results of screen317's Security Check version 0.99.62  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Trojan Remover 6.8.5   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 22  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (20.0.1) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#10 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 18 April 2013 - 09:28 AM

I had to restart and now I am getting the blue screen again (safe mode doesn't work). I tried repairing using the operating system reinstallation disc. I also have a windows 7 disc which I'll probably install if nothing else works. Is there anything else I can try before I update to windows 7?

Edited by karolinap, 18 April 2013 - 11:22 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 18 April 2013 - 12:41 PM

you will have to try and do post 5
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 18 April 2013 - 03:24 PM

Thu Apr 18 14:40:34 UTC 2013
Driver report for /mnt/sda3/WINDOWS/system32/drivers
9859c0f6936e723e4892d7141b1327d5  acpiec.sys
Microsoft Corporation
8fd99680a539792a30e97944fdaecf17  acpi.sys
Microsoft Corporation
54613c0cab4c452c852efafb97a8a0e9  ADIHdAud.sys
Analog Devices
8bed39e3c35d6a489438b8141717a557  aec.sys
Microsoft Corporation
322d0e36693d6e24a2398bee62a268cd  afd.sys
Microsoft Corporation
08fd04aa961bdc77fb983f328334e3d7  agp440.sys
Microsoft Corporation
03a7e0922acfe1b07d5db2eeb0773063  agpcpq.sys
Microsoft Corporation
cb08aed0de2dd889a8a820cd8082d83c  alim1541.sys
Microsoft Corporation
95b4fb835e28aa1336ceeb07fd5b9398  amdagp.sys
Advanced Micro Devices
d7701d7e72243286cc88c9973d891057  amdk6.sys
Microsoft Corporation
8fce268cdbdd83b23419d1f35f42c7b1  amdk7.sys
Microsoft Corporation
b5b8a80875c1dededa8b02765642c32f  arp1394.sys
Microsoft Corporation
b153affac761e7f5fcfa822b9c4e97bc  asyncmac.sys
Microsoft Corporation
9f3a2f5aa6875c72bf062c712cfa2674  atapi.sys
Microsoft Corporation
9916c1225104ba14794209cfa8012159  atmarpc.sys
Microsoft Corporation
39a0a59180f19946374275745b21aeba  atmepvc.sys
Microsoft Corporation
ae76348a2605fb197fa8ff1d6f547836  atmlane.sys
Microsoft Corporation
e7ef69b38d17ba01f914ae8f66216a38  atmuni.sys
Microsoft Corporation
d9f724aa26c010a217c97606b160ed68  audstub.sys
Microsoft Corporation
da1f27d85e0d1525f6621372e7b685e9  beep.sys
Microsoft Corporation
4ba311473e0d8557827e6f2fe33a8095  BrFilt.sys
Brother Industries
f934d1b230f84e1d19dd00ac5a7a83ed  bridge.sys
Microsoft Corporation
791ef93168dcf057715493d607e37983  BrSerWdm.sys
Brother Industries
37e2d0b12ddf536cd64af6eb3b580ef8  BrUsbMdm.sys
Brother Industries
1c5f014048e5b2748c1a8ad297c50b6f  BrUsbScn.sys
Brother Industries
10b85171b90c449f8da71c2640b797e9  bthport.sys
Microsoft Corporation
90a673fc8e12a79afbed2576f6a7aaf9  cbidf2k.sys
Microsoft Corporation
c1b486a7658353d33a10cc15211a873b  cdaudio.sys
Microsoft Corporation
c885b02847f5d2fd45a24e219ed93b32  cdfs.sys
Microsoft Corporation
1f4260cc5b42272d71f79e570a27a4fe  cdrom.sys
Microsoft Corporation
84853b3fd012251690570e9e7e43343f  cercsr6.sys
Adaptec
b562592b7f5759c99e179ca467ecfb4c  cinemst2.sys
Ravisent Technologies
fe47dd8fe6d7768ff94ebec6c74b2719  classpnp.sys
Microsoft Corporation
9624293e55ad405415862b504ca95b73  cpqdap01.sys
Compaq Computer Corp
f50d9bdbb25cce075e514dc07472a22f  crusoe.sys
Microsoft Corporation
cb6ff7012bb5d59d7c12350db795ce1f  ctxusbm.sys
tH`VS_VERSION_INFOvizviz?aStringFileInfojBJCompanyNameCitrixSystems,Inc.ZFileDescriptionCitrixUSBFilterDriver:rFileVersion...bInternalNamectxusbm.sys~-LegalCopyrightCopyright©-CitrixSystems,Inc.@bOriginalFilenamectxusbm.sysDProductNameCitrixICAClientaProductVersion..DVarFileInfo$Translationt
e65e2353a5d74ea89971cb918eeeb2f6  diskdump.sys
Microsoft Corporation
044452051f3e02e7963599fc8f4f3e25  disk.sys
Microsoft Corporation
d992fe1274bde0f84ad826acae022a41  dmboot.sys
Microsoft Corp
7c824cf7bbde77d95c08005717a95f6f  dmio.sys
Microsoft Corp
e9317282a63ca4d188c0df5e09c6ac5f  dmload.sys
Microsoft Corp
8a208dfcf89792a484e76c40e5f50b45  DMusic.sys
Microsoft Corporation
8f5fcff8e8848afac920905fbd9d33c8  drmkaud.sys
Microsoft Corporation
6cb08593487f5701d2d2254e693eafce  drmk.sys
Microsoft Corporation
fe97d0343acfdebdd578fc67cc91fa87  dxapi.sys
Microsoft Corporation
ac7280566a7bb85cb3291f04ddc1198e  dxg.sys
Microsoft Corporation
a73f5d6705b1d820c19b18782e176efd  dxgthk.sys
Microsoft Corporation
8bed3dbbb13d2c8e1c1c9decec309826  e1k5132.sys
Intel Corporation
38d332a6d56af32635675f132548343e  fastfat.sys
Microsoft Corporation
92cdd60b6730b9f50f6a1a0c1f8cdc81  fdc.sys
Microsoft Corporation
d45926117eb9fa946a6af572fbe1caa3  fips.sys
Microsoft Corporation
9d27e7b80bfcdf1cdd9b555862d5e7f0  flpydisk.sys
Microsoft Corporation
b2cf4b0786f8212cb92ed2b50c6db6b0  fltMgr.sys
Microsoft Corporation
3e1e2bd4f39b0e2b7dc4f4d2bcc2779a  fs_rec.sys
Microsoft Corporation
455f778ee14368468560bd7cb8c854d0  fsvga.sys
Microsoft Corporation
6ac26732762483366c3969c9e4d2259d  ftdisk.sys
Microsoft Corporation
3a74c423cf6bcca6982715878f450a3b  gagp30kx.sys
Microsoft Corporation
8182ff89c65e4d38b2de4bb0fb18564e  GEARAspiWDM.sys
GEAR Software
573c7d0a32852b48f3058cfd8026f511  hdaudbus.sys
Windows Server DDK provider
1af592532532a402ed7c060f6954004f  hidclass.sys
Microsoft Corporation
96eccf28fdbf1b2cc12725818a63628d  hidparse.sys
Microsoft Corporation
ccf82c5ec8a7326c3066de870c06daf1  hidusb.sys
Microsoft Corporation
f6aacf5bce2893e0c1754afeb672e5c9  http.sys
Microsoft Corporation
4a0b06aa8943c1e332520f7440c0aa30  i8042prt.sys
Microsoft Corporation
d483687eace0c065ee772481a96e05f5  iastor.sys
Intel Corporation
083a052659f5310dd8b6a6cb05edcf8e  imapi.sys
Microsoft Corporation
8c953733d8f36eb2133f5bb58808b66b  intelppm.sys
Microsoft Corporation
3bb22519a194418d5fec05d800a19ad0  ip6fw.sys
Microsoft Corporation
731f22ba402ee4b62748adaf6363c182  ipfltdrv.sys
Microsoft Corporation
b87ab476dcf76e72010632b5550955f5  ipinip.sys
Microsoft Corporation
cc748ea12c6effde940ee98098bf96bb  ipnat.sys
Microsoft Corporation
23c74d75e36e7158768dd63d92789a91  ipsec.sys
Microsoft Corporation
c93c9ff7b04d772627a3646d89f7bf89  irenum.sys
Microsoft Corporation
05a299ec56e52649b1cf2fc52d20f2d7  isapnp.sys
Microsoft Corporation
463c1ec80cd17420a542b7f36a36f128  kbdclass.sys
Microsoft Corporation
9ef487a186dea361aa06913a75b3fa99  kbdhid.sys
Microsoft Corporation
692bcf44383d056aed41b045a323d378  kmixer.sys
Microsoft Corporation
1705745d900dabf2d89f90ebaddc7517  ksecdd.sys
Microsoft Corporation
0753515f78df7f271a5e61c20bcd36a1  ks.sys
Microsoft Corporation
4470e3c1e0c3378e4cab137893c12c3a  mbam.sys
Malwarebytes Corporation
d1f8be91ed4ddb671d42e473e3fe71ab  mcd.sys
Microsoft Corporation
a7da20ab18a1bdae28b0f349e57da0d1  mf.sys
Microsoft Corporation
4ae068242760a1fb6e1a44bf4e16afa6  mnmdd.sys
Microsoft Corporation
dfcbad3cec1c5f964962ae10e0bcc8e1  modem.sys
Microsoft Corporation
35c9e97194c8cfb8430125f8dbc34d04  mouclass.sys
Microsoft Corporation
b1c303e17fb9d46e87a98e4ba6769685  mouhid.sys
Microsoft Corporation
a80b9a0bad1b73637dbcbba7df72d3fd  mountmgr.sys
Microsoft Corporation
cf105ee42e3f71e648cebb3f666e1cf0  MpFilter.sys
Microsoft Corporation
70c14f5cca5cf73f8a645c73a01d8726  mqac.sys
Microsoft Corporation
11d42bb6206f33fbb3ba0288d3ef81bd  mrxdav.sys
Microsoft Corporation
68755f0ff16070178b54674fe5b847b0  mrxsmb.sys
Microsoft Corporation
c941ea2454ba8350021d774daf0f1027  msfs.sys
Microsoft Corporation
0a02c63c8b144bd8c86b103dee7c86a2  msgpc.sys
Microsoft Corporation
d1575e71568f4d9e14ca56b7b0453bf1  mskssrv.sys
Microsoft Corporation
325bb26842fc7ccc1fcce2c457317f3e  mspclock.sys
Microsoft Corporation
bad59648ba099da4a17680b39730cb3d  mspqm.sys
Microsoft Corporation
af5f4f3f14a8ea2c26de30f7a1e17136  mssmbios.sys
Microsoft Corporation
2f625d11385b1a94360bfc70aaefdee1  mup.sys
Microsoft Corporation
1df7f42665c94b825322fae71721130d  ndis.sys
Microsoft Corporation
1ab3d00c991ab086e69db84b6c0ed78f  ndistapi.sys
Microsoft Corporation
f927a4434c5028758a842943ef1a3849  ndisuio.sys
Microsoft Corporation
edc1531a49c80614b2cfda43ca8659ab  ndiswan.sys
Microsoft Corporation
6215023940cfd3702b46abc304e1d45a  ndproxy.sys
Microsoft Corporation
5d81cf9a2f1a3a756b66cf684911cdf0  netbios.sys
Microsoft Corporation
74b2b2f5bea5e9a3dc021d685551bd3d  netbt.sys
Microsoft Corporation
e9e47cfb2d461fa0fc75b7a74c6383ea  nic1394.sys
Microsoft Corporation
be984d604d91c217355cdd3737aad25d  nikedrv.sys
Diamond Multimedia Systems
1e421a6bcf2203cc61b821ada9de878b  nmnt.sys
Microsoft Corporation
3182d64ae053d6fb034f44b6def8034a  npfs.sys
Microsoft Corporation
78a08dd6a8d65e697c18e1db01c5cdca  ntfs.sys
Microsoft Corporation
73c1e1f395918bc2c6dd67af7591a3ad  null.sys
Microsoft Corporation
551f664b90d83e6822ddca0509b29bc5  nv4_mini.sys
NVIDIA Corporation
b305f3fad35083837ef46a0bbce2fc57  nwlnkflt.sys
Microsoft Corporation
c99b3415198d1aab7227f2c88fd664b9  nwlnkfwd.sys
Microsoft Corporation
8b8b1be2dba4025da6786c645f77f123  nwlnkipx.sys
Microsoft Corporation
56d34a67c05e94e16377c60609741ff8  nwlnknb.sys
Microsoft Corporation
c0bb7d1615e1acbdc99757f6ceaf8cf0  nwlnkspx.sys
Microsoft Corporation
36b9b950e3d2e100970a48d8bad86740  nwrdr.sys
Microsoft Corporation
4bb30ddc53ebc76895e38694580cdfe9  oprghdlr.sys
Microsoft Corporation
c90018bafdc7098619a4a95b046b30f3  p3.sys
Microsoft Corporation
5575faf8f97ce5e713d108c2a58d7c7c  parport.sys
Microsoft Corporation
beb3ba25197665d82ec7065b724171c6  partmgr.sys
Microsoft Corporation
70e98b3fd8e963a6a46a2e6247e0bea1  parvdm.sys
Microsoft Corporation
52e60f29221d0d1ac16737e8dbf7c3e9  pciidex.sys
Microsoft Corporation
a219903ccf74233761d92bef471a07b1  pci.sys
Microsoft Corporation
9e89ef60e9ee05e3f2eef2da7397f1c1  pcmcia.sys
Microsoft Corporation
e82a496c3961efc6828b508c310ce98f  portcls.sys
Microsoft Corporation
a32bebaf723557681bfc6bd93e98bd26  processr.sys
Microsoft Corporation
09298ec810b07e5d582cb3a3f9255424  psched.sys
Microsoft Corporation
80d317bd1c3dbc5d4fe7b1678c60cadd  ptilink.sys
 Parallel Technologies
fe0d99d6f31e4fad8159f690d68ded9c  rasacd.sys
Microsoft Corporation
11b4a627bc9614b885c4969bfa5ff8a6  rasl2tp.sys
Microsoft Corporation
5bc962f2654137c9909c3d4603587dee  raspppoe.sys
Microsoft Corporation
efeec01b1d3cf84f16ddd24d9d9d8f99  raspptp.sys
Microsoft Corporation
fdbb1d60066fcfbb7452fd8f9829b242  raspti.sys
Microsoft Corporation
01524cd237223b18adbb48f70083f101  rawwan.sys
Microsoft Corporation
7ad224ad1a1437fe28d89cf22b17780a  rdbss.sys
Microsoft Corporation
4912d5b403614ce99c28420f75353332  rdpcdd.sys
Microsoft Corporation
15cabd0f7c00c47c70124907916af3f1  rdpdr.sys
Microsoft Corporation
43af5212bd8fb5ba6eed9754358bd8f7  rdpwd.sys
Microsoft Corporation
f828dd7e1419b6653894a8f97a0094c5  redbook.sys
Microsoft Corporation
a56fe08ec7473e8580a390bb1081cdd7  rio8drv.sys
Diamond Multimedia Systems
0a854df84c77a0be205bfeab2ae4f0ec  riodrv.sys
Diamond Multimedia Systems
ecff394d65671efde5a872eb9ef4f2d5  RMCast.sys
Microsoft Corporation
601844cbcf617ff8c868130ca5b2039d  rndismp.sys
Microsoft Corporation
d8b0b4ade32574b2d9c5cc34dc0dbbe7  rootmdm.sys
Microsoft Corporation
76c465f570e90c28942d52ccb2580a10  scsiport.sys
Microsoft Corporation
8d04819a3ce51b9eb47e5689b44d43c4  sdbus.sys
Microsoft Corporation
90a3935d05b494a5a39d37e71f09a677  secdrv.sys
Macrovision Corporation
0f29512ccd6bead730039fb4bd2c85ce  serenum.sys
Microsoft Corporation
cca207a8896d4c6a0c9ce29a4ae411a7  serial.sys
Microsoft Corporation
b6401608579b6431994425ba7653f774  sfaudio.sys
tH`VS_VERSION_INFOtt?tdStringFileInfo@bVCommentsSonicFocusDSPdriverforADIBCompanyNameSonicFocus,IncfFileDescriptionSonicFocusDSPdriverforADItFileVersion...bInternalNamesfaudio.sysv)LegalCopyrightCopyright©-SonicFocusInc.(LegalTrademarks@bOriginalFilenamesfaudio.sysPrivateBuild^ProductNameSonicFocusDSPdriverforADItProductVersion...SpecialBuildDVarFileInfo$Translationt*
0fa803c64df0914b41f807ea276bf2a6  sffdisk.sys
Microsoft Corporation
d66d22d76878bf3483a6be30183fb648  sffp_mmc.sys
Microsoft Corporation
c17c331e435ed8737525c86a7557b3ac  sffp_sd.sys
Microsoft Corporation
8e6b8c671615d126fdc553d1e2de5562  sfloppy.sys
Microsoft Corporation
6b33d0ebd30db32e27d1d78fe946a754  sisagp.sys
Silicon Integrated Systems
017daecf0ed3aa731313433601ec40fa  smclib.sys
Microsoft Corporation
489703624dac94ed943c2abda022a1cd  sonydcam.sys
Microsoft Corporation
ab8b92451ecb048a4d1de7c3ffcb4a9f  splitter.sys
Microsoft Corporation
76bb022c2fb6902fd5bdd4f78fc13a5d  sr.sys
Microsoft Corporation
5252605079810904e31c332e241cd59b  srv.sys
Microsoft Corporation
3e5d89099ded9e86e5639f411693218f  stream.sys
Microsoft Corporation
3941d127aef12e93addf6fe6ee027e0f  swenum.sys
Microsoft Corporation
8ce882bcc6cf8a62f2b2323d95cb3d01  swmidi.sys
Microsoft Corporation
8b83f3ed0f1688b4958f77cd6d2bf290  sysaudio.sys
Microsoft Corporation
fd6093e3decd925f1cffc8a0dd539d72  tape.sys
Microsoft Corporation
aa7a55536096d646dc7ab0ac5641e9e8  tcpip6.sys
Microsoft Corporation
93ea8d04ec73a85db02eb8805988f733  tcpip.sys
Microsoft Corporation
0539d5e53587f82d1b4fd74c5be205cf  tdi.sys
Microsoft Corporation
6471a66807f5e104e4885f5b67349397  tdpipe.sys
Microsoft Corporation
c56b6d0402371cf3700eb322ef3aaf61  tdtcp.sys
Microsoft Corporation
88155247177638048422893737429d9e  termdd.sys
Microsoft Corporation
699450901c5ccfd82357cbc531cedd23  tosdvd.sys
Microsoft Corporation
d74a8ec75305f1d3cfde7c7fc1bd62a9  tsbvcap.sys
Toshiba Corporation
8f861eda21c05857eb8197300a92501c  tunmp.sys
Microsoft Corporation
d85938f272d1bcf3db3a31fc0a048928  uagp35.sys
Microsoft Corporation
5787b80c2e3c5e2f56c2a233d91fa2c9  udfs.sys
Microsoft Corporation
402ddc88356b1bac0ee3dd1580c76a31  update.sys
Microsoft Corporation
bee793d4a059caea55d6ac20e19b3a8f  usb8023.sys
Microsoft Corporation
83cafcb53201bbac04d822f32438e244  usbaapl.sys
Apple
ce97845d2e3f0d274b8bac1ed07c6149  usbcamd2.sys
Microsoft Corporation
1c1a47b40c23358245aa8d0443b6935e  usbcamd.sys
Microsoft Corporation
173f317ce0db8e21322e71b7e60a27e8  usbccgp.sys
Microsoft Corporation
596eb39b50d6ebd9b734dc4ae0544693  usbd.sys
Microsoft Corporation
65dcf09d0e37d4c6b11b5b0b76d470a7  usbehci.sys
Microsoft Corporation
1ab3cdde553b6e064d2e754efe20285c  usbhub.sys
Microsoft Corporation
290913dc4f1125e5a82de52579a44c43  usbintel.sys
Microsoft Corporation
791912e524cc2cc6f50b5f2b52d1eb71  usbport.sys
Microsoft Corporation
a717c8721046828520c9edf31288fc00  usbprint.sys
Microsoft Corporation
a0b8cf9deb1184fbdd20784a58fa75d4  usbscan.sys
Microsoft Corporation
a32426d9b14a089eaa1d922e0c5801a9  usbstor.sys
Microsoft Corporation
26496f9dee2d787fc3e61ad54821ffe6  usbuhci.sys
Microsoft Corporation
55e01061c74a8cefff58dc36114a8d3f  vdmindvd.sys
Ravisent Technologies
0d3a8fafceacd8b7625cd549757a7df1  vga.sys
Microsoft Corporation
754292ce5848b3738281b4f3607eaef4  viaagp.sys
Microsoft Corporation
e28726b72c46821a28830e077d39a55b  videoprt.sys
Microsoft Corporation
4c8fcb5cc53aab716d810740fe59d025  volsnap.sys
Microsoft Corporation
e20b95baedb550f32dd489265c1da1f6  wanarp.sys
Microsoft Corporation
6768acf64b18196494413695f0c3a00f  wdmaud.sys
Microsoft Corporation
c42584fd66ce9e17403aebca199f7bdb  wmiacpi.sys
Microsoft Corporation
2f31b7f954bed437f2c75026c65caf7b  wmilib.sys
Microsoft Corporation
6abe6e225adb5a751622a9cc3bc19ce8  ws2ifsl.sys
Microsoft Corporation



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 18 April 2013 - 10:49 PM

reading your post I am unsure if you can boot into windows or not


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 21 April 2013 - 03:43 PM

at this time can you boot into windows?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 karolinap

karolinap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 22 April 2013 - 02:38 PM

Currently, it does not boot into windows, but when I turn the computer on it goes to a light blue screen that says "setup is being restarted." Then it automatically goes into safe mode (black screen) and I get a error message about reinstalling windows. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users