1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random Blue Screens and Screen glitches

Discussion in 'Virus & Other Malware Removal' started by parkbuddy10, Sep 10, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    Often my computer will crash or I will get these weird lines and skips across my screen. HELP!
     
  2. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and welcome.

    What makes you believe that this is malware related?

    Please download DDS from one of the following links and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    ---------------------------------------------------
    • Post the contents of the DDS.txt report in your next reply
    • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
    ----------

    Please download aswMBR to your desktop.

    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------

    In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe. :)
     
  3. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by User at 11:12:47 on 2012-09-14
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3033.1583 [GMT -4:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Program Files\SafeConnect\scManager.sys
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\SafeConnect\scClient.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [wmafrv] rundll32.exe "c:\users\user\appdata\roaming\wmafrv.dll",DrawPixels
    uRun: [bdmls] "c:\windows\system32\rundll32.exe" "c:\users\user\appdata\roaming\bdmls.dll",get_user_chunk_ptr
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [apsfg] rundll32.exe "c:\users\user\appdata\roaming\apsfg.dll",Member_SetOne
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
    mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
    TCP: DhcpNameServer = 172.16.1.50
    TCP: Interfaces\{BFA601EA-78BF-4AE5-A609-88077187D5DE} : DhcpNameServer = 66.174.95.44 66.174.71.33
    TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B} : DhcpNameServer = 172.16.1.50
    TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\140707C65602E4564777F627B602835313237326 : DhcpNameServer = 192.168.1.1 71.250.0.12
    TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\46C696E6B6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\742756164725F6F6D6 : DhcpNameServer = 192.168.1.1 71.250.0.12
    TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\84F6D656 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{FA52D502-3710-425D-A274-4A543B46283B}\86166716E656375666C65687 : DhcpNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe [2010-1-23 81920]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
    R2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\novatel wireless\verizon\drivers\NWHelper_001.exe [2010-6-3 216064]
    R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
    R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\verizon\drivers\VZWMSConfig.exe [2010-12-10 143696]
    R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2010-1-23 58528]
    R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2010-1-23 41504]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-5 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-5 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NWRmNet;Novatel Wireless RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet.sys [2010-12-10 243712]
    S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2010-12-10 243712]
    S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-12-10 176384]
    S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2010-12-10 176384]
    S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-12-10 176384]
    S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2010-12-10 176384]
    S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-12-10 176384]
    S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2010-12-10 176384]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-10 52224]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
    .
    =============== Created Last 30 ================
    .
    2012-09-14 14:56:20 376320 ----a-w- c:\users\user\appdata\roaming\apsfg.dll
    2012-09-14 06:26:15 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
    2012-09-14 06:15:05 -------- d-----w- c:\program files\uTorrent
    2012-09-14 06:13:46 -------- d-----w- c:\users\user\appdata\roaming\uTorrent
    2012-09-14 06:07:36 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-14 06:06:32 -------- d-----w- c:\program files\iPod
    2012-09-14 06:06:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-14 06:06:31 -------- d-----w- c:\program files\iTunes
    2012-09-14 03:19:25 -------- d-----w- c:\users\user\.shsh
    2012-09-12 16:07:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-12 16:06:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-12 15:52:44 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
    2012-09-12 13:11:37 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 13:11:37 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 13:11:36 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 13:11:35 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 13:11:35 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-12 13:11:34 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 01:12:55 172032 ----a-w- c:\users\user\appdata\roaming\wmafrv.dll
    2012-09-11 14:16:58 7022536 ------w- c:\programdata\microsoft\windows defender\definition updates\{5443a314-19fd-4799-a6f7-99c87206ab2f}\mpengine.dll
    2012-09-11 13:55:04 -------- d-----w- c:\program files\WinSCP
    2012-09-11 13:53:26 -------- d-----w- c:\program files\Audacity
    2012-09-11 02:36:02 -------- d-----w- c:\users\user\appdata\local\libimobiledevice
    2012-09-10 19:15:03 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-09-10 19:14:53 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-09-06 04:49:02 -------- d-----r- c:\program files\Skype
    2012-09-06 02:41:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2012-09-06 02:40:32 -------- d-----w- c:\program files\Microsoft Analysis Services
    2012-09-06 02:40:16 -------- d-----w- c:\users\user\appdata\local\Microsoft Help
    .
    ==================== Find3M ====================
    .
    2012-09-12 16:06:49 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-23 15:10:17 152576 ----a-w- c:\windows\system32\msclmd.dll
    2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-09 17:42:56 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-09 17:42:56 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
    2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 11:15:55.32 ===============
     

    Attached Files:

  4. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-14 11:19:21
    -----------------------------
    11:19:21.967 OS Version: Windows 6.1.7601 Service Pack 1
    11:19:21.967 Number of processors: 2 586 0x170A
    11:19:21.967 ComputerName: USER-PC UserName: User
    11:19:25.541 Initialize success
    11:21:47.979 AVAST engine defs: 12091400
    11:23:01.224 The log file has been saved successfully to "C:\Users\User\Desktop\VIRUS HELP\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-14 11:24:20
    -----------------------------
    11:24:20.782 OS Version: Windows 6.1.7601 Service Pack 1
    11:24:20.782 Number of processors: 2 586 0x170A
    11:24:20.782 ComputerName: USER-PC UserName: User
    11:24:24.464 Initialze error C000010E - driver not loaded
    11:24:24.526 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
    11:24:30.532 AVAST engine defs: 12091400
    11:24:31.562 Scan error: Incorrect function.
    11:24:49.658 The log file has been saved successfully to "C:\Users\User\Desktop\VIRUS HELP\aswMBR.txt"
     
  5. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     
  6. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    Here it is!
     

    Attached Files:

  7. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    It seems a portion of that log was cut off. Could you check it out and then post the complete log please? If that was the complete log please run TDSSKiller again and post the log created.
     
  8. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    Okay
     

    Attached Files:

  9. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
     
  10. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    Possible Pirate?
     
  11. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    Here is combofix.txt
     

    Attached Files:

  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Don't worry about the selection I wanted you to press. I got two topics confused. Thanks for the ComboFix log. I will review it and return as quickly as possible.
     
  13. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    Thanks. I just noticed that after the combofix was run, 217 GB opened up on my hard drive... AMAZING

    Thanks,
    Parkbuddy
     
  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
    ----------

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  15. parkbuddy10

    parkbuddy10 Thread Starter

    Joined:
    Jun 27, 2012
    Messages:
    64
    While I did not click on the window, The program stalled. I was forced to restart the computer because the start menu and desktop were both disabled. The blue window will not open and no log file will generate now.

    Parkbuddy
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068440