Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Red screen


  • Please log in to reply

#1
Andro

Andro

    Member

  • Member
  • PipPipPip
  • 132 posts
Hello!

Here is my problem...

When I turned on my computer this afternoon there appeared red colour on my screen.I scaned it with Avira antivirus and Malwarebytes Anti-malware but they didn't find anything that could be infected.There are also no warnings of any infections on my screen.

I'm posting these two reports about scan so please take a look and reply what could this be!

Thank you for your help!
  • 0

Advertisements


#2
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
I'm not sure what you mean by red color. Is the screen completely red?
Have you checked the connection for the monitor?
Have you tried a different monitor?
Have you tried the monitor on another system?
Please explain in more detail as it sounds more like a monitor or a video problem then a infection.
  • 0

#3
calvert

calvert

    Member

  • Member
  • PipPip
  • 58 posts
maybe it should be checked by the malware section as there is a hidden object (rootkit) detected by avira
  • 0

#4
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Yes...screen is completely red all the time...it's darker red.
I've checked the connection for the monitor several times.First time the screen was black (like it's disconnected,without power) then I checked cables and appeared this red screen.
I've also tried a different monitor but it's the same.
Monitor on another system I didn't try yet....should I do that?
  • 0

#5
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Go HERE and follow the instructions.
If after you have completed all instructions your issue still remains then post the requested logs in a new topic in the Malware forum HERE
  • 0

#6
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Here is OTL report if u can check...

OTL logfile created on: 10.12.2010 17:41:45 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 5,44 Gb Free Space | 2,34% Space Free | Partition Type: NTFS

Computer Name: JUD-03F4AE0B207 | User Name: andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.12.10 17:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
PRC - [2010.12.10 13:17:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.10 13:16:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.10 13:07:43 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.24 12:50:12 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.11.24 12:50:11 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.11.02 13:09:10 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.02 13:09:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.05 12:53:18 | 000,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe
PRC - [2009.05.15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.03.09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008.06.20 08:09:12 | 000,329,984 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
PRC - [2008.06.20 08:09:06 | 000,493,312 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.30 12:05:32 | 001,024,512 | ---- | M] () -- C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (SafeList) ==========

MOD - [2010.12.10 17:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
MOD - [2010.08.23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.12.10 13:07:43 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.24 12:50:11 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.11.02 13:09:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.05 12:53:18 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Running] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.05.15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.03.09 07:37:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009.02.15 22:01:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.01.05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\epfwtdi.sys -- (epfwtdi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\epfw.sys -- (epfw)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\andro\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010.12.10 13:07:44 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 11:17:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.06 12:42:30 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.08.12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.04.19 23:05:00 | 006,739,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.11.21 17:35:06 | 004,399,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.13 16:41:32 | 000,156,800 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.sys -- (SPC610NC)
DRV - [2005.07.12 18:53:20 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..keyword.URL: "http://www.fastbrows...70D9EA6EFE}&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.12 12:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: I:\FirefoxPortable\App\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: I:\FirefoxPortable\App\firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 13:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 13:17:04 | 000,000,000 | ---D | M]

[2009.05.28 14:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009.05.28 14:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010.12.09 22:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2010.04.27 23:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.11 10:40:15 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010.12.09 22:54:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.06.18 19:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007.08.29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010.02.26 20:55:59 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2010.02.26 20:55:59 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2009.08.03 11:37:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\andro\Start Menu\Programs\Startup\GIGABYTE VGA Utility.lnk = C:\Documents and Settings\andro\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\andro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.12.10 17:40:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2010.12.01 19:18:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.12.10 17:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2010.12.10 17:41:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2010.12.10 17:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2010.12.10 17:15:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.12.10 16:55:00 | 000,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2010.12.10 13:40:06 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\andro\Start Menu\Programs\Startup\GIGABYTE VGA Utility.lnk
[2010.12.10 13:40:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.10 13:40:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2010.12.10 13:40:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2010.12.10 13:36:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.12.10 13:33:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.10 13:07:44 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.12.10 01:17:38 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2010.12.09 19:55:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2010.12.08 15:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2010.12.08 01:17:05 | 000,012,233 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\T-2.TV (VLC) 26.10.2010.m3u
[2010.12.06 14:39:44 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.06 14:39:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.12.06 12:36:19 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\vlc-1.1.5-win32.exe
[2010.12.01 22:07:06 | 001,546,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.22 22:10:07 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\CV.doc
[2010.11.22 11:17:29 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.20 11:22:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.12.08 01:17:04 | 000,012,233 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\T-2.TV (VLC) 26.10.2010.m3u
[2010.12.06 12:36:01 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\andro\My Documents\vlc-1.1.5-win32.exe
[2009.10.29 12:32:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.09.09 11:09:19 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.08.13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009.08.03 04:58:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009.08.03 03:50:16 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJat.gif
[2009.08.03 03:50:16 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJzn.gif
[2009.08.03 03:50:16 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJby.gif
[2009.03.13 12:38:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.09 07:35:49 | 000,001,039 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VodafoneConnectorService.log
[2008.12.17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.16 12:18:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008.07.01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008.07.01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008.07.01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008.07.01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008.07.01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008.07.01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008.07.01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008.07.01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008.07.01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008.06.11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.06.11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.06.11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.06.11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.06.11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.06.08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.06.07 15:24:36 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.07 00:23:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.04.19 23:05:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.04.19 23:05:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.04.19 23:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.04.19 23:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.04.19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008.07.17 16:48:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.09.24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010.02.11 14:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009.06.21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.11.28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009.03.12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009.09.24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010.04.21 02:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2008.06.17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010.12.01 12:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.06.11 14:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.03.10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.02.12 03:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009.12.23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010.09.04 13:35:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2009.09.03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2010.02.12 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Auslogics
[2010.08.26 02:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2009.09.24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2010.04.21 02:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\GetRightToGo
[2010.06.03 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008.06.09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009.03.12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008.10.03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008.06.18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2008.06.11 14:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2010.02.11 14:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Uniblue
[2010.12.10 17:15:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.12.10 13:36:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010.12.10 17:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2010.12.10 17:41:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Any suggestions??
  • 0

#7
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
We don't use those logs in the Tech forums. They can only be utilized by the Malware staff and as I said if the issue does not resolve using the steps in the self help area then you need to start a new topic in the malware forum and let them go through the logs. You can add a link to this topic so they can see the steps we have taken already.
I can tell you that this:

Drive C: | 232,88 Gb Total Space | 5,44 Gb Free Space | 2,34% Space Free | Partition Type: NTFS

This is going to be a big problem.
2% free space is a recipe for trouble.
  • 0

#8
BIG DCS

BIG DCS

    New Member

  • Member
  • Pip
  • 4 posts
Hi,

Just seen this thread.

Don't know if it helps, but check the pins on your monitor connection.

Quite often one of them gets bent and is flattened in the connector and this can cause a red / purple screen effect.

You can try and straighten the pin, but be careful as they snap easily.

A new lead otherwise!!!

Hope that helps.
  • 0

#9
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Thank you everybody for all your help and suggestions but here was the reason for my red screen which we have discovered together with friends and that is Adapter DVI male to VGA female! I replaced it with new one so everything is back to normal:)
  • 0

#10
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Thanks for letting us know how you resolved the issue.
What about the lack of free space on your drive that I mentioned in my last post?
If not resolved your system will start having low disk space warning which is the least of the potential problems.
The MFY could become corrupt causing your system to become non bootable.
  • 0

#11
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Yeah I remember what you said about the lack of free space...I started to delete everything I don't need...btw how much disk space do u recommend to be free?
  • 0

#12
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Minimum of 10% or 23 gb free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP