Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some problems affecting my video card


  • Please log in to reply
12 replies to this topic

#1 tigersmoondiva

tigersmoondiva

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 18 June 2012 - 03:07 PM

I am running F-secure as we speak and have yet to find any viruses - but I could use a bit of help. Three days ago my computer began doing odd things with the video. DVDs won't play at all anymore. Occasionally all my icons get HUGE and I have to re-size them. My sons games are all locking up. When I say locking up I don't mean blue screens or any of that - I mean an honest to goodness HARD lock-up. The kind I have to do a hard reboot out of. Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 18 June 2012 - 03:49 PM

This is the printout of my virus scan - it did find some things.

Scanning Report

Monday, June 18, 2012 13:42:56 - 15:45:42

Computer name: FRED-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

15 malware found

TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Specificclick (spyware)
System (Disinfected)
TrackingCookie.Adrevolver (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Liveperson (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Gen:Variant.Application.InstallCore.5 (virus)
C:\USERS\FRED\DOWNLOADS\PDFREADERSETUP.EXE (Renamed & Submitted)
Gen:Variant.Application.InstallCore.5 (virus)
C:\USERS\FRED\DOWNLOADS\PDFREADERSETUP_V3.EXE (Renamed & Submitted)
Statistics

Scanned:
Files: 92141
System: 6181
Not scanned: 29
Actions:
Disinfected: 13
Renamed: 2
Deleted: 0
Not cleaned: 0
Submitted: 2
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\USERS\FRED\APPDATA\LOCAL\TEMP\HSPERFDATA_FRED\3128
C:\USERS\FRED\APPDATA\LOCAL\TEMP\HSPERFDATA_FRED\3144
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
C:\SYSTEM VOLUME INFORMATION\{D29DF1A6-B759-11E1-9CE3-0021971F4072}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV02.TMP
C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-0.BIN
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06A22CE6D3C5C0925D6CAD1F7615312A_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F6AA2FDA5E16F54F8189384CEF3118A_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45E823691AD8FED693CFB38F2C5CBFF4_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E874B89A8DCF824EBDB7F9DEF16F5E8_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\867DC5682EB9C0B8B4905F06576790B2_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A1435A0101DD94FFD01E5BCAD92673A_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5C7719A6A3CFEA20B81C3C6BD3D268C_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEE72F9F59E493DF6A07120C4A5FD6FF_90B2438B-0A0E-4614-8458-7EC9FDCA8AE1

#3 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 June 2012 - 03:11 AM

also I can't seem to install microsoft secuity essentials at all (after uninstalling housecall)

it can't seem to find it's own install file....

"The feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter and alternate path to a folder containing the installation package epp.mis in the box below.


Then it says


Cannot complete Security Essentials installation

Error code

08x007064C

Boo;(

#4 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 June 2012 - 03:13 AM

Also - if anyone replies - I won't be able to respond again till Monday at the earliest - hello camping - bye bye computer issue for the weekend!

#5 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:15 PM

Posted 28 June 2012 - 03:18 AM

Run a scan with MBAM:

Download the free version of Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic


#6 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 June 2012 - 03:35 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
fred :: FRED-PC [administrator]

6/28/2012 2:02:09 PM
mbam-log-2012-06-28 (14-02-09).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380780
Time elapsed: 1 hour(s), 32 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\fred\AppData\Local\Temp\vfd-cb-signed\vfd-cb-signed.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

(end)

#7 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 June 2012 - 05:33 PM

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\FreeRIP Toolbar\IE\5.9\freeripToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\IObit\Game Booster\GameBoosterSetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers Client\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch118.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch121.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch214.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\fred\AppData\Local\Temp\NOD3766.tmp a variant of Win32/Toolbar.Widgi application cleaned by deleting (after the next restart) - quarantined
C:\Users\fred\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\fred\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\fred\AppData\Local\Temp\ICReinstall\cnet_MonopolyHNSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\fred\AppData\Local\Temp\ICReinstall\cnet_MonopolyTycoon_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\fred\Desktop\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#8 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:15 PM

Posted 29 June 2012 - 05:51 AM

Please uninstall: (Start > Control panel > Software / Add|Remove programs):

Yontoo Layers Client
FreeRIP Toolbar

Note: All IObit products. « IOBit isn't malware, but it's doing some illegal reproductions of other AV companies their software.


Spybot S&D is no longer recommended (< 50% detection ratio). I would advise you to uninstall it.



Are you still have any signs of infection?

Edited by ElFasso, 29 June 2012 - 05:52 AM.


#9 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 29 June 2012 - 09:28 AM

Please uninstall: (Start > Control panel > Software / Add|Remove programs):

Yontoo Layers Client
FreeRIP Toolbar

Note: All IObit products. IOBit isn't malware, but it's doing some illegal reproductions of other AV companies their software.


Spybot S&D is no longer recommended (< 50% detection ratio). I would advise you to uninstall it.



Are you still have any signs of infection?



Yontoo won't install - it gives me an error and I can't seem to find Spybot. Also I still can't upgrade my Windows. (It has been needing to apply an upgrade but always fails. So - yes I think I am.;(

Anyway - this is my last post until Monday - taking my son to camp. See ya Monday!

#10 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 01 July 2012 - 03:50 PM

Ok back from camp :D yay!

#11 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:15 PM

Posted 02 July 2012 - 02:26 AM

Do you still have any problems or sign(s) of infection(s)?

#12 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 02 July 2012 - 09:18 AM

Yontoo won't uninstall - it gives me an initialization error and I can't seem to find Spybot. Also I still can't upgrade my Windows. (It has been needing to apply an upgrade but always fails. So - yes I think I am.;(

#13 tigersmoondiva

tigersmoondiva
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 02 July 2012 - 09:19 AM

The complete video card lockups have stopped - but my son still can't play his games anymore. Since this started - his frame rates have dropped badly. He didn't have this issue before.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users