Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue screen w/ short greyish vertical lines, then restarts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue screen w/ short greyish vertical lines, then restarts

Unread postby Rayrad » March 9th, 2012, 12:11 am

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Ray at 22:42:00 on 2012-03-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.1666 [GMT

-5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-

337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-

08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Common Files\AOL\1326271217\ee\aolsoftware.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://aol.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:

\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer:

{3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer

\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:

\program files\aol toolbar\aoltb.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program

files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9}

- c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program

files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program

files\coupons.com couponbar\tbcore3.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files

\aol toolbar\aoltb.dll
TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:

\program files\coupons.com couponbar\tbcore3.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\ray\appdata\local\google\update

\GoogleUpdate.exe" /c
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7\AOL.EXE" -b
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus

2012\avp.exe"
mRun: [HostManager] c:\program files\common files\aol\1326271217\ee

\AOLSoftware.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe

/logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm

\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"

-osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update

\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-

339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus

2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-

D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus

2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{07D9729C-778C-46F1-8E6C-E6FDC07A4F15} : DhcpNameServer =

192.168.1.1 71.250.0.12
TCP: Interfaces\{D56CC746-ABD0-440D-84C3-7FABBD8A24CE} : DhcpNameServer =

192.168.1.1 71.250.0.12
Notify: klogon - c:\windows\system32\klogon.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys

[2009-7-13 4608]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-1-13

20392]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers

\klim6.sys [2011-3-10 23856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers

\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common

files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab

\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib

\ioloServiceManager.exe [2012-1-13 722616]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-1-

11 28256]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys

[2009-11-2 19984]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13

980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13

266752]
R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\drivers

\ViaHub3.sys [2011-2-25 117760]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows

\system32\drivers\xhcdrv.sys [2012-1-12 164864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers

\appliand.sys [2012-1-11 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows

\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app

\GamesAppService.exe [2010-10-12 206072]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15

10112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20

52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers

\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows

\system32\wat\WatAdminSvc.exe [2012-1-13 1343400]
.
=============== Created Last 30 ================
.
2012-03-09 03:08:15 -------- d-----w- c:\program files

\Trend Micro
2012-03-06 18:00:47 56200 ----a-w- c:\programdata\microsoft

\windows defender\definition updates\{d03ca25c-5d18-4e27-9518-

5da2cf0f5895}\offreg.dll
2012-03-06 11:28:39 6552120 ----a-w- c:\programdata\microsoft

\windows defender\definition updates\{d03ca25c-5d18-4e27-9518-

5da2cf0f5895}\mpengine.dll
2012-03-05 15:22:01 -------- d-----w- c:\users\ray

\appdata\roaming\QuickScan
2012-03-05 15:20:47 -------- d-----w- C:\temp
2012-03-05 15:20:23 -------- d-----w- c:\users\ray

\appdata\roaming\OpswatLogs
2012-03-05 15:20:15 -------- d-----w- c:\program files

\common files\supportsoft
2012-03-05 15:18:40 -------- d-----w- c:\users\ray

\appdata\roaming\supportdotcom
2012-03-05 15:18:35 -------- d-----w- c:\program files

\common files\supportdotcom
2012-03-05 15:14:44 -------- d-----w- c:\users\ray

\appdata\local\Google
2012-03-05 15:13:33 -------- d-----w- c:\users\ray

\appdata\local\Deployment
2012-03-05 15:13:33 -------- d-----w- c:\users\ray

\appdata\local\Apps
2012-02-29 18:17:40 -------- d-----w- c:\program files

\Coupons.com CouponBar
2012-02-29 18:17:23 -------- d-----w- c:\program files

\Coupons
2012-02-25 23:29:29 -------- d-----w- C:\AWOL Marines
2012-02-25 23:27:31 -------- d-----w- C:\CATCHER
2012-02-25 15:04:22 -------- d-----w- c:\programdata

\Funny Bear Studio
2012-02-25 14:27:42 -------- d-----w- c:\programdata

\Alawar Stargaze
2012-02-25 14:11:27 -------- d-----w- c:\program files

\WildGames
2012-02-25 14:04:40 -------- d-----w- c:\program files

\WildTangent Games
2012-02-24 21:57:33 -------- d-----w- c:\users\ray

\appdata\roaming\FamilyVacationCalifornia
2012-02-17 01:55:33 -------- d-----w- c:\programdata

\21149
2012-02-16 07:34:14 478720 ----a-w- c:\windows

\system32\timedate.cpl
2012-02-16 07:34:02 442880 ----a-w- c:\windows

\system32\ntshrui.dll
2012-02-16 07:33:58 690688 ----a-w- c:\windows

\system32\msvcrt.dll
2012-02-16 07:33:43 2343424 ----a-w- c:\windows

\system32\win32k.sys
2012-02-13 10:27:06 -------- d-----w- c:\users\ray

\appdata\local\CrimsonThief
2012-02-11 06:11:06 -------- d-----w- c:\users\ray

\appdata\roaming\SpinTop Games
2012-02-11 06:02:23 -------- d-----w- c:\programdata

\WildTangent
.
==================== Find3M ====================
.
2012-02-26 16:28:26 414368 ----a-w- c:\windows

\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 237072 ------w- c:\windows

\system32\MpSigStub.exe
2012-02-22 23:58:20 71072 ----a-w- c:\windows

\CouponPrinter.ocx
2012-02-17 19:34:42 472808 ----a-w- c:\windows

\system32\deployJava1.dll
2012-01-18 09:48:56 499712 ----a-w- c:\windows

\system32\msvcp71.dll
2012-01-18 09:48:56 348160 ----a-w- c:\windows

\system32\msvcr71.dll
2012-01-13 06:11:08 74703 ----a-w- c:\windows

\system32\mfc45.dll
2012-01-12 10:03:47 108144 ----a-w- c:\windows

\system32\CmdLineExt.dll
2012-01-11 08:37:51 58696 ----a-w- c:\windows

\system32\AOLParconLink.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows

\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows

\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows

\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows

\system32\mshtml.tlb
.
============= FINISH: 22:43:00.76 ===============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:55 PM, on 3/8/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Common Files\AOL\1326271217\ee\aolsoftware.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Ray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1326271217\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

--
End of file - 6902 bytes
Rayrad
Active Member
 
Posts: 2
Joined: March 9th, 2012, 12:03 am
Advertisement
Register to Remove

Re: Blue screen w/ short greyish vertical lines, then restar

Unread postby troy3636 » March 9th, 2012, 9:38 pm

Hello Rayrad ,

Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started
  1. If you have not already done so Please read these forum rules.
  2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  3. Any fixes I may post will be specific to your computer and should not be used on other computers.
  4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
  5. If at any time my instructions are not clear please ask before proceeding.
  6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

In your next reply, please post the Attach.txt log that was created when you ran DDS.

I will respond with further instructions when I am finished going through the logs. Please be patient the logs take some time to go through.
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Blue screen w/ short greyish vertical lines, then restar

Unread postby Rayrad » March 11th, 2012, 1:47 am

thanx Troy


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2012 7:37:30 PM
System Uptime: 3/8/2012 9:24:18 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 990/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 438.421 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 39.166 GiB free.
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Null
Device ID: ROOT\LEGACY_NULL\0000
Manufacturer:
Name: Null
PNP Device ID: ROOT\LEGACY_NULL\0000
Service: Null
.
==== System Restore Points ===================
.
RP48: 3/1/2012 5:35:09 AM - Scheduled Checkpoint
RP49: 3/2/2012 6:36:37 AM - Windows Update
RP50: 3/6/2012 6:28:02 AM - Windows Update
RP51: 3/6/2012 8:05:47 AM - Windows Update
RP53: 3/8/2012 11:48:50 AM - Configured EPSON TWAIN 5
RP55: 3/8/2012 11:51:03 AM - Configured EPSON TWAIN 5
RP57: 3/8/2012 11:52:29 AM - Configured EPSON TWAIN 5
RP59: 3/8/2012 1:39:14 PM - Configured EPSON TWAIN 5
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
ALShow 2.01
ALTools Update
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
BearShare
Bing Maps 3D
Canon iP2600 series
Canon iP2600 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Coupon Printer for Windows
CouponBar
Download Updater (AOL LLC)
EPSON TWAIN 5
Family Vacation: California
FrostWire 4.21.5
FrostWire 5.2.11
Google Chrome
HijackThis 2.0.2
iolo technologies' Search and Recover
Java Auto Updater
Java(TM) 6 Update 31
Kaspersky Anti-Virus 2012
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Windows Debugging Symbols
MSXML 4.0 SP3 Parser (KB973685)
PIXMA Extended Survey Program
Platform
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
Redist
Replay Media Catcher 4 (4.3.2)
SCRABBLE
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
The Jolly Gang's Misadventures in Africa
Time to Hurry: Nicole's Story
Time Traveler - The Date You Were Born
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Verizon Media Manager
VIA Platform Device Manager
Viewpoint Media Player
WildTangent Games
WildTangent Games App
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 9:24:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk Null
3/8/2012 9:22:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
3/8/2012 9:22:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
3/8/2012 9:22:40 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
3/8/2012 9:22:40 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
3/8/2012 9:22:40 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
3/8/2012 8:58:15 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/8/2012 8:56:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc000001d, 0x91ed3cb4, 0x9ae13958, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-17812-01.
3/8/2012 8:46:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x81d92aef, 0x00000002, 0x00000000, 0x82ac497d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-17875-01.
3/8/2012 8:36:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x81de6a9c, 0x00000001, 0x8b433a93, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-22437-01.
3/8/2012 8:33:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x81ba27fc, 0x00000000, 0x00000000, 0x82af308a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-20953-01.
3/8/2012 7:41:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x8329581c, 0x00000000, 0x8b423d51, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-22546-02.
3/8/2012 7:39:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x840afbcc, 0x00000000, 0x8b85ed97, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-19015-01.
3/8/2012 7:35:32 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/8/2012 7:34:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x85fe7d68, 0x85fe8838, 0x095a4d87). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-22515-01.
3/8/2012 6:24:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041287, 0x061c3e64, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-27687-01.
3/8/2012 6:22:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/8/2012 2:50:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0060f205, 0x00000002, 0x00000000, 0x82b6e7ff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-32640-01.
3/8/2012 10:05:33 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/7/2012 9:23:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfcc0459f, 0x00000000, 0x94f7cabf, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-21609-01.
3/7/2012 12:46:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xb67e263e, 0x00000002, 0x00000001, 0x89807174). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-20656-01.
3/7/2012 12:44:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000034 (0x00000ed7, 0xc0000420, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-19250-01.
3/7/2012 12:26:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000, 0x00000002, 0x00000000, 0x82b30985). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-21828-01.
3/7/2012 1:59:00 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2012 1:57:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x875de6e8, 0x875de6e8, 0x835de6e8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-19140-01.
3/6/2012 3:37:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x819fedbc, 0x00000002, 0x00000001, 0x82a86bbf). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030612-16734-01.
3/5/2012 9:16:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x0000109b, 0x00340009, 0x8824fb30). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-22953-01.
3/5/2012 8:20:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
3/5/2012 10:18:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/4/2012 11:19:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
3/2/2012 8:17:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/2/2012 12:57:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Anti-Virus Service service, but this action failed with the following error: An instance of the service is already running.
3/2/2012 12:39:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9497cabf, 0xa5ad8c2c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030212-20421-01.
3/1/2012 1:12:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
Rayrad
Active Member
 
Posts: 2
Joined: March 9th, 2012, 12:03 am

Re: Blue screen w/ short greyish vertical lines, then restar

Unread postby troy3636 » March 14th, 2012, 2:46 pm

Hi Rayrad,

First thing I would like you to do is to turn Word Wrap off in Notepad:
  • Open Notepad then on the Toolbar click Format.
  • Make sure Word Wrap is unticked then close Notepad.

P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
BearShare
FrostWire 4.21.5
FrostWire 5.2.11

Per Forum Policy I am not allowed to offer further assistance untill all P2P File Sharing Software has been removed.

If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following program:

    BearShare
    FrostWire 4.21.5
    FrostWire 5.2.11

    Coupon Printer for Windows <----optional but highly reccomended
    CouponBar <----optional but highly reccomended
    Viewpoint Media Player <----optional but highly reccomended

  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Add/Remove Programs. Close Control Panel.

It's very important to stay away from P2P file sharing programs. Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Almost all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".


Step 2
GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
  1. Right-click on the random named.exe and choose "Run As Administrator" to execute. If asked, allow the gmer.sys driver load.
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge

  4. Then click the Scan button & wait for it to finish
    Note: Do not run any programs while Gmer is running.
  5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt"
  6. Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step 3
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. right-click on OTL.exe, select "Run as administrator", and allow it to run.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Do you know what these folders are?
C:\AWOL Marines
C:\CATCHER



Please include in your next reply
  • Gmer.txt
  • OTL.txt
  • Extras.txt
  • Answer to my question
  • How is your computer behaving now?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Blue screen w/ short greyish vertical lines, then restar

Unread postby Cypher » March 18th, 2012, 7:41 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware