Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Re: Mixing colors and PC shuting down in normal mode but not in safe mode

This is a discussion on Re: Mixing colors and PC shuting down in normal mode but not in safe mode within the Resolved HJT Threads forums, part of the Tech Support Forum category. Originally Posted by Deejay100six Hi, There is a link at the top of every page named Spyware 1st steps. Go


 
 
Thread Tools Search this Thread
Old 12-24-2016, 04:41 AM   #1
Registered Member
 
Join Date: Dec 2016
Posts: 8
OS: Win 7


Exclamation

Quote:
Originally Posted by Deejay100six View Post
Hi,

There is a link at the top of every page named Spyware 1st steps. Go there and follow the instructions for posting your logs.

Good luck!
Here are the logs:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Okami at 13:21:31 on 2016-12-24
Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.2046.1516 [GMT 1:00]
.
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Suo10_SmartRAM.exe
C:\Users\Okami\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HTC Home 3\Clock.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uURLSearchHooks: DeviceVM Url Search Hook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart
uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Suo10_SmartRAM.exe" /m
uRun: [Screenpresso] "C:\Users\Okami\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe" -startup
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Clock Widget (HTC Home)] "C:\Program Files (x86)\HTC Home 3\Clock.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.20
TCP: Interfaces\{3EB58408-CD00-4021-B79C-A0D03CC35264} : DHCPNameServer = 192.168.1.20
TCP: Interfaces\{E0E0063B-941F-4050-91F8-92C697702E6E} : DHCPNameServer = 192.168.1.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Skytel] Skytel.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Okami\AppData\Roaming\Mozilla\Firefox\Profiles\o4k636ds.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2016-12-22 17:29; [email protected]; C:\Users\Okami\AppData\Roaming\Mozilla\Firefox\Profiles\o4k636ds.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2016-12-22 254528]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2016-12-22 1051088]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2016-12-22 621008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-1-1 80392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2015-7-15 96256]
.
=============== Created Last 30 ================
.
2016-12-24 02:36:54 -------- d-----w- C:\Program Files (x86)\Geeks3D
2016-12-23 19:13:04 -------- d-----r- C:\Program Files (x86)\Skype
2016-12-23 17:41:44 -------- d-----w- C:\Users\Okami\AppData\Roaming\JAM Software
2016-12-23 16:43:04 -------- d-----w- C:\ProgramData\AMD
2016-12-23 16:37:14 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2016-12-23 16:37:06 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2016-12-23 16:34:04 -------- d-----w- C:\Program Files\ATI
2016-12-23 16:33:25 -------- d-----w- C:\Program Files\AMD
2016-12-23 15:09:17 -------- d-----w- C:\Users\Okami\AppData\Local\Microsoft Games
2016-12-23 11:09:39 -------- d-----w- C:\Users\Okami\AppData\Local\ElevatedDiagnostics
2016-12-22 19:23:18 -------- d-----w- C:\Users\Okami\AppData\Roaming\AMD
2016-12-22 19:23:16 -------- d-----w- C:\Users\Okami\AppData\Roaming\RenPy
2016-12-22 19:15:20 -------- d-----w- C:\Windows\System32\log
2016-12-22 18:57:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2016-12-22 18:57:29 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2016-12-22 18:53:47 -------- d-----w- C:\Windows\pss
2016-12-22 18:47:58 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-12-22 18:47:42 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-12-22 18:47:42 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-12-22 18:47:42 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-12-22 18:47:42 -------- d-----w- C:\ProgramData\Malwarebytes
2016-12-22 18:47:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-22 18:41:51 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2016-12-22 18:41:46 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Toolbar
2016-12-22 18:41:45 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2016-12-22 18:41:35 -------- d-----w- C:\Users\Okami\AppData\Roaming\DAEMON Tools Lite
2016-12-22 18:41:35 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2016-12-22 18:41:02 -------- d-----w- C:\Program Files (x86)\Delayed Shutdown
2016-12-22 18:14:29 -------- d-----w- C:\Program Files (x86)\Icecream Ebook Reader
2016-12-22 17:59:16 -------- d-----w- C:\Program Files (x86)\HTC Home 3
2016-12-22 17:47:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2016-12-22 17:45:13 -------- d-----w- C:\Users\Okami\AppData\Roaming\MPC-HC
2016-12-22 17:43:59 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2016-12-22 17:39:49 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2016-12-22 17:38:30 -------- d-----w- C:\Program Files (x86)\PhotoFiltre
2016-12-22 17:36:00 -------- d-----w- C:\Program Files (x86)\RocketDock
2016-12-22 17:32:08 -------- d-----w- C:\Users\Okami\AppData\Local\Learnpulse
2016-12-22 17:32:06 -------- d-----w- C:\Users\Okami\AppData\Roaming\Learnpulse
2016-12-22 17:30:21 -------- d-----w- C:\Program Files (x86)\uTorrent
2016-12-22 17:29:12 -------- d-----w- C:\Users\Okami\AppData\Roaming\uTorrent
2016-12-22 17:26:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2016-12-22 17:13:33 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2016-12-22 16:29:03 -------- d-----w- C:\Users\Okami\AppData\Local\ATI
2016-12-22 15:52:05 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2016-12-22 15:52:05 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2016-12-22 15:52:05 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2016-12-22 15:52:05 444752 ----a-w- C:\Windows\System32\mscoree.dll
2016-12-22 15:52:05 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2016-12-22 15:52:05 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2016-12-22 15:52:05 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2016-12-22 15:52:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2016-12-22 15:52:05 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2016-12-22 15:52:05 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2016-12-22 15:45:43 -------- d-----w- C:\Program Files (x86)\CPU Thermometer
2016-12-22 15:45:39 -------- d-----w- C:\Users\Okami\AppData\Local\Programs
2016-12-22 15:43:19 -------- d-----w- C:\Program Files (x86)\B1 Free Archiver
2016-12-22 15:41:55 -------- d-----w- C:\Users\Okami\AppData\Local\Adobe
2016-12-22 15:29:04 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2016-12-22 15:29:01 -------- d-----w- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2016-12-22 15:29:00 -------- d-----w- C:\Users\Okami\AppData\Roaming\IObit
2016-12-22 15:29:00 -------- d-----w- C:\ProgramData\IObit
2016-12-22 15:28:54 -------- d-----w- C:\Program Files (x86)\IObit
2016-12-22 14:37:27 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2016-12-24 10:24:35 20544 ----a-w- C:\Windows\gdrv.sys
2016-12-22 18:57:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2016-12-22 18:57:29 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
.
============= FINISH: 13:21:46,78 ===============
Attached Files
File Type: zip attach.zip (3.2 KB, 26 views)
YamiNoOkami is offline  
Sponsored Links
Advertisement
 
Old 12-24-2016, 11:27 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Your problems are beyond malware. We'll make sure your machine is clean, and then you can go back to your previous thread for continued help with your hardware issues.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-25-2016, 02:23 PM   #3
Registered Member
 
Join Date: Dec 2016
Posts: 8
OS: Win 7



I managed to solve a problem on my own, it was my GPU that died. Thank you for offering help all the same.
YamiNoOkami is offline  
Sponsored Links
Advertisement
 
Old 12-25-2016, 07:51 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome. Glad you got it all sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:30 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts