Joined
·
3 Posts
Hey guys first time posting just came across the site looking for help Was surfing the internet screen flashed blue and computer shut off then it restarted and I had lost access to most of my programs, trying to figure out how to fix this with out wipeing the disk and starting over. I'm unable to get GMER to extract so I will be unable to post that. Thanks for your help!.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Cody at 19:30:36.29 on Wed 03/30/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1361 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\aniServ.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\found.004\dir0015.chk\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cody\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mirostart.com/?cfg=2-73-0-tPWM
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\cody\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ares] "e:\blues download\ares\ares.exe" -h
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {13D7DB9C-0659-4AAD-9C88-650D8E623657} = 68.28.154.91 68.28.146.91
Notify: igfxcui - igfxdev.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R2 ANISERVICE;Airgo Networks NIC Service;c:\windows\system32\aniServ.exe [2004-9-30 143360]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2011-1-20 20328]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-8-13 2599936]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2009-7-13 242176]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-21 38224]
S1 MpKslfed57d5b;MpKslfed57d5b;c:\programdata\microsoft\microsoft antimalware\definition updates\{38cae5b1-a85f-40cb-93e1-f7e65e67693c}\MpKslfed57d5b.sys [2011-3-30 28752]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 NvtlService;NovaCore SDK Service;"c:\program files\novatel wireless\novacore\server\nvtlsrvr.exe" --> c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;NisSrv;"c:\program files\microsoft security client\antimalware\nissrv.exe" --> c:\program files\microsoft security client\antimalware\NisSrv.exe [?]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
.
=============== Created Last 30 ================
.
2011-03-30 23:17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 22:27:17 -------- d-sh--w- C:\found.004
2011-03-30 19:49:49 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-03-30 18:33:34 -------- d-----r- C:\Program Files
2011-03-30 18:31:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-30 18:21:01 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{38cae5b1-a85f-40cb-93e1-f7e65e67693c}\MpKslfed57d5b.sys
2011-03-30 18:20:41 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{38cae5b1-a85f-40cb-93e1-f7e65e67693c}\mpengine.dll
2011-03-30 17:50:22 -------- d-sh--w- C:\found.003
2011-03-25 20:21:52 -------- d-sh--w- C:\found.002
2011-03-25 06:11:43 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-24 03:09:35 -------- d-----w- c:\progra~2\Novatel Wireless
2011-03-24 03:06:59 -------- d-----w- c:\users\cody\appdata\local\Downloaded Installations
2011-03-16 02:46:13 0 ----a-w- c:\users\cody\appdata\local\Olikilugoqoralo.bin
2011-03-16 02:46:11 -------- d-----w- c:\users\cody\appdata\local\{463478C9-8C28-4A77-8CB4-2E1500D2C1C4}
2011-03-13 05:31:53 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-13 05:31:51 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-13 05:31:49 850432 ----a-w- c:\windows\system32\sbe.dll
.
==================== Find3M ====================
.
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:32:12.40 ===============
