Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
:mad: Hey guys first time posting just came across the site looking for help Was surfing the internet screen flashed blue and computer shut off then it restarted and I had lost access to most of my programs, trying to figure out how to fix this with out wipeing the disk and starting over. I'm unable to get GMER to extract so I will be unable to post that. Thanks for your help!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Cody at 19:30:36.29 on Wed 03/30/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1361 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\aniServ.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\found.004\dir0015.chk\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cody\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mirostart.com/?cfg=2-73-0-tPWM
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\cody\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ares] "e:\blues download\ares\ares.exe" -h
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {13D7DB9C-0659-4AAD-9C88-650D8E623657} = 68.28.154.91 68.28.146.91
Notify: igfxcui - igfxdev.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R2 ANISERVICE;Airgo Networks NIC Service;c:\windows\system32\aniServ.exe [2004-9-30 143360]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2011-1-20 20328]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-8-13 2599936]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2009-7-13 242176]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-21 38224]
S1 MpKslfed57d5b;MpKslfed57d5b;c:\programdata\microsoft\microsoft antimalware\definition updates\{38cae5b1-a85f-40cb-93e1-f7e65e67693c}\MpKslfed57d5b.sys [2011-3-30 28752]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 NvtlService;NovaCore SDK Service;"c:\program files\novatel wireless\novacore\server\nvtlsrvr.exe" --> c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;NisSrv;"c:\program files\microsoft security client\antimalware\nissrv.exe" --> c:\program files\microsoft security client\antimalware\NisSrv.exe [?]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
.
=============== Created Last 30 ================
.
2011-03-30 23:17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 22:27:17 -------- d-sh--w- C:\found.004
2011-03-30 19:49:49 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-03-30 18:33:34 -------- d-----r- C:\Program Files
2011-03-30 18:31:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-30 18:21:01 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{38cae5b1-a85f-40cb-93e1-f7e65e67693c}\MpKslfed57d5b.sys
2011-03-30 18:20:41 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{38cae5b1-a85f-40cb-93e1-f7e65e67693c}\mpengine.dll
2011-03-30 17:50:22 -------- d-sh--w- C:\found.003
2011-03-25 20:21:52 -------- d-sh--w- C:\found.002
2011-03-25 06:11:43 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-24 03:09:35 -------- d-----w- c:\progra~2\Novatel Wireless
2011-03-24 03:06:59 -------- d-----w- c:\users\cody\appdata\local\Downloaded Installations
2011-03-16 02:46:13 0 ----a-w- c:\users\cody\appdata\local\Olikilugoqoralo.bin
2011-03-16 02:46:11 -------- d-----w- c:\users\cody\appdata\local\{463478C9-8C28-4A77-8CB4-2E1500D2C1C4}
2011-03-13 05:31:53 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-13 05:31:51 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-13 05:31:49 850432 ----a-w- c:\windows\system32\sbe.dll
.
==================== Find3M ====================
.
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:32:12.40 ===============
 

·
Registered
Joined
·
2,656 Posts
Delete these folders in bold.

C:\found.003
C:\found.002

Delete this file in bold.
c:\users\Cody\AppData\Local\Olikilugoqoralo.bin

You have installed your Firefox program in a temporary folder.
C:\found.004\dir0015.chk\Mozilla Firefox\firefox.exe

Folder lin Found00x are created when your computer crashes.
I'm asking you above to delete some of these folders.

In your daily life if you used a cleanup tool the C:\found.004\ folder may be deleted and you will loose your FireFox.

===

Please update Chrome.
Google Chrome v10.0.648.204 released
Google Chrome Releases: Stable Channel Update
March 25, 2011
<<<>>>


Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top