Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iframe, clickjacker?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Fajen

Fajen

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 23 February 2014 - 01:57 AM

In the last week, my computer has started having issues and restarting randomly.  When I try to maximize some videos on youtube, occasionally the video will only cover 1/3 of the screen and immediately freeze.  Avast said everything was good, but I tried a boot scan anyway; it would pop up and identify some infected files, but when I told it to fix them, it would say those files are no longer there.  I can't find the text file that avast apparently made, but I do remember clickjacker and a frame flashing across the screen.  I'd appreciate any help you could give in clearing this up.   :)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Josh at 0:33:52 on 2014-02-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16382.14153 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
E:\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
E:\Steam\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Josh\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Windows\system32\SearchIndexer.exe
E:\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - E:\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AvastUI.exe] "E:\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Josh\AppData\Local\Autobahn\nexdef.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{D554FE72-A17A-477F-88BE-38512ACEE6CA} : DHCPNameServer = 192.168.15.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
AppInit_DLLs=         
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - E:\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\04lsn6bt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - plugin: e:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge-8-0.dll
FF - plugin: e:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge.dll
FF - plugin: e:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge64-8-0.dll
FF - plugin: e:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge64.dll
FF - plugin: E:\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-15 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-10 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-10 421704]
R2 Amazon Download Agent;Amazon Download Agent;E:\Steam\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2013-3-22 401920]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-10 78648]
R2 avast! Antivirus;avast! Antivirus;E:\AVAST Software\Avast\AvastSvc.exe [2014-2-5 50344]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-30 80184]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-4 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2012-1-1 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-3-20 137488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-20 111616]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2014-1-24 20232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-16 19456]
S3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S3 SaiK0CC3;SaiK0CC3;C:\Windows\System32\drivers\SaiK0CC3.sys [2011-9-20 183104]
S3 SaiU0CC3;SaiU0CC3;C:\Windows\System32\drivers\SaiU0CC3.sys [2011-9-20 47168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-1 1255736]
.
=============== Created Last 30 ================
.
2014-02-21 18:35:14 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21A945AA-D840-4F91-AAEC-4B21A129B0C5}\mpengine.dll
2014-02-20 10:07:49 -------- d-----w- C:\Users\Josh\cr3
2014-02-20 09:01:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-20 09:01:45 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-19 03:18:26 -------- d-----w- C:\Windows\Panther
2014-02-18 20:27:24 -------- d-----w- C:\Windows\CheckSur
2014-02-15 00:03:27 -------- d-----w- C:\Windows\SysWow64\Default
2014-02-14 22:36:20 -------- d-----w- C:\Windows\rescache
2014-02-13 09:12:48 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 09:12:48 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 09:12:48 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 09:12:47 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-01-31 22:09:07 -------- d-----w- C:\Users\Josh\AppData\Local\Harebrained Schemes
2014-01-25 02:16:26 -------- d---a-w- C:\Users\Josh\.android
2014-01-25 02:16:18 62728 ----a-w- C:\Windows\System32\drivers\viahsser.sys
2014-01-25 02:16:18 32136 ----a-w- C:\Windows\System32\drivers\viahsets.sys
2014-01-25 02:16:18 20232 ----a-w- C:\Windows\System32\drivers\massfilter_hs.sys
2014-01-25 02:16:18 171272 ----a-w- C:\Windows\System32\drivers\zghsnet.sys
2014-01-25 02:16:18 162816 ----a-w- C:\Windows\System32\drivers\ghsnet.sys
2014-01-25 02:16:18 131976 ----a-w- C:\Windows\System32\drivers\zghsser.sys
2014-01-25 02:16:18 123520 ----a-w- C:\Windows\System32\drivers\ghsser.sys
2014-01-25 02:16:17 67608 ----a-w- C:\Windows\AdbWinUsbApi.dll
2014-01-25 02:16:17 102936 ----a-w- C:\Windows\AdbWinApi.dll
2014-01-25 02:16:16 821544 ----a-w- C:\Windows\adb.exe
.
==================== Find3M  ====================
.
2014-02-21 07:32:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 07:32:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-06 03:23:56 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-06 03:23:56 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-06 03:23:56 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 03:23:56 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-31 02:57:56 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-19 03:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 12:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-10 02:15:06 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:14:54 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH:  0:34:04.68 ===============

Attached Files


Edited by Fajen, 23 February 2014 - 02:02 AM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 24 February 2014 - 12:10 PM

Hi Fajen :)

My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.

I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your DDS reports. In the meantime, can you please tell me if your computer is more likely to reset itself if it's been on for a longer period of time? When your youtube video freezes, does it lock up the entire system? Do you ever have trouble booting to your desktop?

 

polskamachina



#3 Fajen

Fajen
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 24 February 2014 - 03:27 PM

Thank you!

 

As for your questions:

 

1:  Not really.  I had it happen once in the hour between me turning the PC on and me getting out of the bathroom.

2:  No, I can Esc out of the maximize.  I only listed it because of the time frame.

3.  Nope, no problem with that.



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 26 February 2014 - 11:46 AM

Hi Fajen :)

 

Please navigate to this link and download the 64-bit version of BlueScreenView to your desktop or just click here.
 
Double-click the icon on your desktop when the download has completed. You will be prompted to unzip the program and please do so. Then double-click the BlueScreenView.exe file. After running BlueScreenView, it will automatically scan your MiniDump folder and display all the crash details in the upper pane.
 
Please copy and paste the report of the listed items in your next reply to me. Let me know if you have any questions.
 
polskamachina


#5 Fajen

Fajen
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 26 February 2014 - 04:56 PM

Like this?

 

021814-9937-01.dmp 2/18/2014 2:26:08 AM 0x00000124 00000000`00000000 fffffa80`0d1ad8f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\021814-9937-01.dmp 4 15 7601 262,144 2/18/2014 2:26:12 AM
021714-9921-01.dmp 2/17/2014 2:59:55 AM 0x00000124 00000000`00000000 fffffa80`0d1db8f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\021714-9921-01.dmp 4 15 7601 262,144 2/17/2014 2:59:59 AM
021514-9718-01.dmp 2/15/2014 9:52:49 PM 0x00000124 00000000`00000000 fffffa80`0d1b18f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\021514-9718-01.dmp 4 15 7601 262,144 2/15/2014 9:52:53 PM
020514-10140-01.dmp 2/5/2014 8:36:29 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`015c3d80 00000000`0000ffff 00000000`00000000 rasl2tp.sys rasl2tp.sys+bdf12000 RAS L2TP mini-port/call-manager driver Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17514 (win7sp1_rtm.101119-1850) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\020514-10140-01.dmp 4 15 7601 302,306 2/5/2014 8:37:31 PM
010714-15085-01.dmp 1/7/2014 3:32:22 PM BAD_POOL_HEADER 0x00000019 00000000`00000003 fffff8a0`135dc930 ffbff8a0`135dc930 fffff8a0`135dc930 wanarp.sys wanarp.sys+f455930 MS Remote Access and Routing ARP Driver Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17514 (win7sp1_rtm.101119-1850) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\010714-15085-01.dmp 4 15 7601 302,306 1/7/2014 3:33:09 PM
120413-13228-01.dmp 12/4/2013 6:45:36 PM 0x00000124 00000000`00000000 fffffa80`0d19a8f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\120413-13228-01.dmp 4 15 7601 262,144 12/4/2013 6:45:41 PM
120413-14055-01.dmp 12/4/2013 5:03:11 PM 0x00000124 00000000`00000000 fffffa80`0d1a58f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\120413-14055-01.dmp 4 15 7601 262,144 12/4/2013 5:03:16 PM
112213-14008-01.dmp 11/22/2013 2:55:38 AM 0x00000124 00000000`00000000 fffffa80`0da14038 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\112213-14008-01.dmp 4 15 7601 262,144 11/22/2013 2:55:43 AM
112013-14835-01.dmp 11/20/2013 3:33:31 PM 0x00000124 00000000`00000000 fffffa80`0d1b28f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\112013-14835-01.dmp 4 15 7601 262,144 11/20/2013 3:33:37 PM
111613-13915-01.dmp 11/16/2013 2:06:16 PM 0x00000124 00000000`00000000 fffffa80`0d1cc8f8 00000000`00000000 00000000`00000000 dump_ataport.sys dump_ataport.sys+fe744910 x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\111613-13915-01.dmp 4 15 7601 262,144 11/16/2013 2:06:21 PM
110213-14726-01.dmp 11/2/2013 3:01:07 PM 0x00000124 00000000`00000000 fffffa80`0d1d88f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\110213-14726-01.dmp 4 15 7601 262,144 11/2/2013 3:01:13 PM
102613-14991-01.dmp 10/25/2013 11:39:55 PM 0x00000124 00000000`00000000 fffffa80`0daca038 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\102613-14991-01.dmp 4 15 7601 262,144 10/25/2013 11:40:01 PM
101413-14383-01.dmp 10/14/2013 12:24:07 PM 0x00000124 00000000`00000000 fffffa80`0daaa038 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4adb3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4adb3c C:\Windows\Minidump\101413-14383-01.dmp 4 15 7601 262,144 10/14/2013 12:24:13 PM
100913-13774-01.dmp 10/9/2013 1:31:17 AM 0x00000124 00000000`00000000 fffffa80`0da01038 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4ade7c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+4ade7c C:\Windows\Minidump\100913-13774-01.dmp 4 15 7601 262,144 10/9/2013 1:31:21 AM
080913-17706-01.dmp 8/9/2013 12:26:41 PM BAD_POOL_HEADER 0x00000019 00000000`00000003 fffff8a0`1206cc40 ffbff8a0`1206cc40 fffff8a0`1206cc40 pacer.sys pacer.sys+10e94c40 QoS Packet Scheduler Microsoft® Windows® Operating System Microsoft Corporation 6.1.7600.16385 (win7_rtm.090713-1255) x64 ntoskrnl.exe+75c00 C:\Windows\Minidump\080913-17706-01.dmp 4 15 7601 302,362 8/9/2013 12:27:22 PM
072013-17097-01.dmp 7/20/2013 12:06:15 AM NTFS_FILE_SYSTEM 0x00000024 00000000`000c08a5 00000000`00000000 00000000`00000000 00000000`00000000 Ntfs.sys Ntfs.sys+1f15 NT File System Driver Microsoft® Windows® Operating System Microsoft Corporation 6.1.7600.16385 (win7_rtm.090713-1255) x64 ntoskrnl.exe+75c00 C:\Windows\Minidump\072013-17097-01.dmp 4 15 7601 302,362 7/20/2013 12:07:20 AM


#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 26 February 2014 - 05:43 PM

Hi Fajen :)

 

Essentially everything is contained in that log. I do believe there may be an alternate view that will display in plain English just a summary of the errors. If you can figure out how to do that within the viewing options, then copy and paste it in your next reply to me, that would be most helpful. In the meantime, I'll try and figure out what's in the report you did send.

 

polskamachina



#7 Fajen

Fajen
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 26 February 2014 - 06:51 PM

There's a way to export the data into a clean-looking html page, which I could upload, but none of the options have plain English, except maybe the Google search option.

 

The weird thing is that it isn't showing the restarts.  I had one just last night at 5 am, which convinced me I really didn't need to finish that TV episode and needed to finally go to sleep.  A blue screen does flash when it happens, but too fast for me to read much of it - maybe three quarters of a second?



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 27 February 2014 - 07:59 PM

Hi Fajen :)

 

Can you please zip the the dump file and attach it in your next reply to me?

 

I would also like you to reconfigure your advanced startup settings as described in the link below. This will allow your computer to show the blue screen when it occurs. Directions are here:
http://pcsupport.about.com/od/windows7/ht/automatic-restart-windows-7.htm Please write down the message(s) in the blue screen(s) when they occur and include them in your next reply to me.

 

Let me know if you have any questions.

polskamachina



#9 Fajen

Fajen
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 02 March 2014 - 03:09 PM

changes made, but it hasn't restarted yet - this is the longest it's gone without restarting since  it started.

Attached Files



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 02 March 2014 - 04:23 PM

Hi Fajen :)

 

Your attached file contained an htm file which only showed a less than sign. "<"

 

Is it possible that your Crash List.zip file was zipped with the wrong file?

 

polskamachina



#11 Fajen

Fajen
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 02 March 2014 - 05:43 PM

Kind of.  I tried saving the report file, which gave me the <, when there was actually already a proper html file in the folder. >_<  That one is now attached.

Attached Files



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 04 March 2014 - 12:01 PM

Hi Fajen :)

 

Sorry for the confusion about the crash report. I need the raw file that sits in your minidump folder. The path is usually, C:\Windows\Minidump. You should be able to right click it, zip it, then attach it to your next reply to me.

 

polskamachina



#13 Fajen

Fajen
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 04 March 2014 - 02:43 PM

ah, my apologies.

Attached Files



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 04 March 2014 - 04:07 PM

Hi Fajen

 

That should work. :thumbup2:  I'll let you know what I find out.

 

polskamachina



#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 07 March 2014 - 11:06 AM

Hi Fajen :)
 
Let's check the RAM (memory) in your machine.
 
Please follow the link here and download the Auto-Installer for USB Key *NEW!* to your desktop. You will need a USB drive to run the program. It will delete the data on your USB drive so either copy the data from it to another location or make sure you don't care if the data on your USB drive gets deleted.
 
After the file has downloaded, double click the installer program and follow the prompts. Once the installation of the program to your USB drive has completed, you will need to restart your computer. Then adjust the boot options in the bios (try hitting the delete key or the F2 key once your screen reinitializes) or hit the F12 key right after the screen initializes, so that you are able to select your USB drive as the boot drive. Once your computer boots from your USB drive, you will see a screen similar to this. The test will take a very long time to run if you let it complete the scan because you have 16GB of RAM installed. If there is a problem, hopefully it will present itself quickly. If the screen color changes from blue to red, that's how you will know that the RAM is faulty. Please let me know what you find out.
 
Let me know if you have any questions.
 
polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users