Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Random Blue Screens and Screen glitches

(In Progress)
(!)

parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
10-Sep-2012, 12:41 PM #1
Exclamation Random Blue Screens and Screen glitches
Often my computer will crash or I will get these weird lines and skips across my screen. HELP!
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
10-Sep-2012, 02:45 PM #2
Hi and welcome.

What makes you believe that this is malware related?

Please download DDS from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
----------

Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe.
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
14-Sep-2012, 11:17 AM #3
Here it is
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by User at 11:12:47 on 2012-09-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3033.1583 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9 ef676ad202\STacSV.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9 ef676ad202\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files\SafeConnect\scManager.sys
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [wmafrv] rundll32.exe "c:\users\user\appdata\roaming\wmafrv.dll",DrawPixels
uRun: [bdmls] "c:\windows\system32\rundll32.exe" "c:\users\user\appdata\roaming\bdmls.dll",get_user_chunk_ptr
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [apsfg] rundll32.exe "c:\users\user\appdata\roaming\apsfg.dll",Member_SetOne
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 172.16.1.50
TCP: Interfaces\{BFA601EA-78BF-4AE5-A609-88077187D5DE} : DhcpNameServer = 66.174.95.44 66.174.71.33
TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B} : DhcpNameServer = 172.16.1.50
TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\140707C65602E4564777F627B602835313237326 : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\742756164725F6F6D6 : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\84F6D656 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\86166716E656375666C65687 : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutra l_25c3c9ef676ad202\AEstSrv.exe [2010-1-23 81920]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\novatel wireless\verizon\drivers\NWHelper_001.exe [2010-6-3 216064]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\verizon\drivers\VZWMSConfig.exe [2010-12-10 143696]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2010-1-23 58528]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2010-1-23 41504]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-5 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-5 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NWRmNet;Novatel Wireless RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet.sys [2010-12-10 243712]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2010-12-10 243712]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-12-10 176384]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2010-12-10 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-12-10 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2010-12-10 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-12-10 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2010-12-10 176384]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-10 52224]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-09-14 14:56:20 376320 ----a-w- c:\users\user\appdata\roaming\apsfg.dll
2012-09-14 06:26:15 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
2012-09-14 06:15:05 -------- d-----w- c:\program files\uTorrent
2012-09-14 06:13:46 -------- d-----w- c:\users\user\appdata\roaming\uTorrent
2012-09-14 06:07:36 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 06:06:32 -------- d-----w- c:\program files\iPod
2012-09-14 06:06:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-14 06:06:31 -------- d-----w- c:\program files\iTunes
2012-09-14 03:19:25 -------- d-----w- c:\users\user\.shsh
2012-09-12 16:07:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-12 16:06:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-12 15:52:44 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-09-12 13:11:37 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:11:37 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:11:36 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:11:35 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:11:35 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:11:34 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 01:12:55 172032 ----a-w- c:\users\user\appdata\roaming\wmafrv.dll
2012-09-11 14:16:58 7022536 ------w- c:\programdata\microsoft\windows defender\definition updates\{5443a314-19fd-4799-a6f7-99c87206ab2f}\mpengine.dll
2012-09-11 13:55:04 -------- d-----w- c:\program files\WinSCP
2012-09-11 13:53:26 -------- d-----w- c:\program files\Audacity
2012-09-11 02:36:02 -------- d-----w- c:\users\user\appdata\local\libimobiledevice
2012-09-10 19:15:03 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-09-10 19:14:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-09-06 04:49:02 -------- d-----r- c:\program files\Skype
2012-09-06 02:41:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-06 02:40:32 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-09-06 02:40:16 -------- d-----w- c:\users\user\appdata\local\Microsoft Help
.
==================== Find3M ====================
.
2012-09-12 16:06:49 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-23 15:10:17 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 17:42:56 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42:56 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:15:55.32 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
14-Sep-2012, 11:25 AM #4
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 11:19:21
-----------------------------
11:19:21.967 OS Version: Windows 6.1.7601 Service Pack 1
11:19:21.967 Number of processors: 2 586 0x170A
11:19:21.967 ComputerName: USER-PC UserName: User
11:19:25.541 Initialize success
11:21:47.979 AVAST engine defs: 12091400
11:23:01.224 The log file has been saved successfully to "C:\Users\User\Desktop\VIRUS HELP\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 11:24:20
-----------------------------
11:24:20.782 OS Version: Windows 6.1.7601 Service Pack 1
11:24:20.782 Number of processors: 2 586 0x170A
11:24:20.782 ComputerName: USER-PC UserName: User
11:24:24.464 Initialze error C000010E - driver not loaded
11:24:24.526 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
11:24:30.532 AVAST engine defs: 12091400
11:24:31.562 Scan error: Incorrect function.
11:24:49.658 The log file has been saved successfully to "C:\Users\User\Desktop\VIRUS HELP\aswMBR.txt"
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
14-Sep-2012, 01:16 PM #5
Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
19-Sep-2012, 09:26 AM #6
TDS
Here it is!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
19-Sep-2012, 10:20 AM #7
Hi,

It seems a portion of that log was cut off. Could you check it out and then post the complete log please? If that was the complete log please run TDSSKiller again and post the log created.
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
19-Sep-2012, 11:52 AM #8
Okay
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
19-Sep-2012, 12:08 PM #9
Hi,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Last edited by jeffce; 19-Sep-2012 at 01:25 PM..
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
19-Sep-2012, 12:13 PM #10
Possible Pirate?
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
19-Sep-2012, 01:07 PM #11
Here is combofix.txt
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
19-Sep-2012, 01:26 PM #12
Don't worry about the selection I wanted you to press. I got two topics confused. Thanks for the ComboFix log. I will review it and return as quickly as possible.
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
19-Sep-2012, 01:28 PM #13
Thanks. I just noticed that after the combofix was run, 217 GB opened up on my hard drive... AMAZING

Thanks,
Parkbuddy
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
19-Sep-2012, 01:59 PM #14
Hi,

P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
----------
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Quote:

    ClearJavaCache::

    DDS::
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe


    Folder::
    c:\users\user\appdata\roaming\GetRightToGo
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
parkbuddy10's Avatar
parkbuddy10 parkbuddy10 is offline
Member with 57 posts.
THREAD STARTER
 
Join Date: Jun 2012
19-Sep-2012, 03:09 PM #15
While I did not click on the window, The program stalled. I was forced to restart the computer because the start menu and desktop were both disabled. The blue window will not open and no log file will generate now.

Parkbuddy
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑