Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Malware issue- white screen  (Read 4711 times)

0 Members and 1 Guest are viewing this topic.

newatthis

    Topic Starter


    Greenhorn

    • Experience: Beginner
    • OS: Windows XP
    Malware issue- white screen
    « on: August 06, 2015, 07:45:26 PM »
    Super Dave, I need your help to get rid of this white screen virus. I followed your instructions yesterday and sent the OTl.txt file. Can you help me ?

    OTL logfile created on: 8/5/2015 11:53:31 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 80.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 93.15 Gb Total Space | 75.34 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet004
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - File not found [On_Demand] --  -- (AppMgmt)
    SRV - [2015/07/10 23:07:49 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2015/04/27 21:21:07 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/08/24 23:16:35 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2014/04/09 09:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
    DRV - File not found [Kernel | System] --  -- (PCIDump)
    DRV - File not found [Kernel | System] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System] --  -- (i2omgmt)
    DRV - File not found [Kernel | System] --  -- (Changer)
    DRV - [2015/06/28 18:34:36 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2015/04/27 21:21:19 | 000,209,048 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2015/04/27 21:21:19 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2015/04/27 21:21:19 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2015/04/27 21:21:19 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2015/04/27 21:21:19 | 000,049,904 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2015/04/27 21:21:19 | 000,024,144 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2015/04/27 21:20:57 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/07/31 10:45:12 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
    DRV - [2010/10/26 05:12:36 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2010/10/26 04:39:24 | 000,325,120 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
    DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008/04/13 18:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2005/02/24 15:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/11/05 17:43:58 | 000,032,768 | R--- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
    DRV - [2004/10/08 11:51:08 | 001,270,540 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/08/11 17:30:00 | 000,039,424 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/03/18 21:00:00 | 000,091,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\P1171Vid.sys -- (P1171VID)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 A0 19 ED DE 7A CE 01  [binary data]
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=8d7e658c-e403-4692-95a7-08ca8c9df95b&searchtype=ds&q={searchTerms}
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=8d7e658c-e403-4692-95a7-08ca8c9df95b&searchtype=ds&q={searchTerms}
    IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/27 21:21:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
     
    [2015/07/10 23:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2015/07/10 23:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2015/07/10 23:07:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2015/07/10 23:07:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2015/07/10 23:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2015/07/10 23:07:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
    O2 - BHO: (no name) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
    O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir]  File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PastaQuotes.lnk = C:\Program Files\pastaleads\PastaLeadsWinApp.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1329501485234 (WUWebControl Class)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll (Client Connect LTD)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/02/17 13:38:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/08/04 21:07:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
    [2015/08/02 19:14:03 | 000,000,000 | -H-D | C] -- C:\Report
    [2015/08/01 17:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Report
    [2015/07/10 23:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
    [1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/08/05 22:19:22 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2015/08/05 22:19:22 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2015/08/05 22:19:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2015/08/04 21:05:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2015/07/16 21:09:09 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
    [1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2015/06/10 20:18:23 | 000,005,302 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\recently-used.xbel
    [2015/03/07 20:17:04 | 000,169,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2014/05/09 20:41:21 | 000,024,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/04/16 21:48:53 | 000,209,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/04/16 21:48:52 | 000,049,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/03/05 23:44:18 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\user\Application Data\WB.CFG
    [2013/07/07 00:11:13 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\user\Application Data\skype.ini
    [2012/11/30 00:18:50 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\store-pp.jbs
    [2012/11/29 23:49:25 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dt.dat
    [2012/05/19 22:24:19 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/04/15 22:57:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/02 23:07:36 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/30 20:07:38 | 000,002,088 | ---- | C] () -- C:\Documents and Settings\user\Application Data\evpro32.prf
    [2012/02/23 16:40:22 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2012/02/20 16:56:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2012/02/20 16:39:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2012/02/20 16:39:28 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2012/02/20 16:39:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2012/02/20 16:39:26 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2012/02/20 16:38:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2012/02/20 16:38:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2012/02/17 14:13:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
    [2012/02/17 14:09:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/17 13:40:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/02/17 13:35:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/02/17 08:27:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,485,126 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,080,974 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
     
    ========== LOP Check ==========
     
    [2013/01/14 23:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
    [2014/02/19 01:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
    [2013/10/20 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SearchProtect
    [2012/02/24 12:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Auslogics
    [2014/04/16 21:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVAST Software
    [2014/02/19 01:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG
    [2013/04/05 22:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\encyclopediabritannicagamesbar
    [2013/07/12 23:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Media Finder
    [2012/02/24 12:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
    [2013/08/31 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PriceGong
    [2013/04/05 22:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Qwiklinx
    [2014/03/15 18:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Screaming Bee
    [2013/07/13 00:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SwvUpdater
    [2012/12/12 23:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
    [2013/01/22 02:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
    [2013/04/05 22:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VisicomToolBar
    [2013/04/05 22:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
    [2014/04/16 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2014/02/19 01:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/01/28 23:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2014/03/15 18:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avnex
    [2015/01/18 19:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
    [2012/02/23 16:51:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2014/04/16 21:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2015/04/07 21:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
    [2014/09/08 21:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pastaleads
    [2013/07/13 00:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2014/03/05 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2014/06/15 20:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
    [2014/02/19 01:44:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    [2015/06/17 23:26:01 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\APSnotifierCA.job
    [2015/08/05 22:19:22 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
    [2013/01/28 23:20:54 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job
     
    ========== Purity Check ==========
     
     
    < End of report >
    « Last Edit: August 07, 2015, 04:49:00 PM by SuperDave »
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Malware issue- white screen
    « Reply #1 on: August 07, 2015, 04:55:50 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please give me more details about this problem. What happened prior to  this event? Did you download something or did you install some new programs or hardware?
    Do you have your XP disk?
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    newatthis

      Topic Starter


      Greenhorn

      • Experience: Beginner
      • OS: Windows XP
      Re: Malware issue- white screen
      « Reply #2 on: August 07, 2015, 06:57:45 PM »
      I did not install any new programs or hardware. I must have downloaded something. But the issue did not happen until i re booted my computer the following day
      I don not have the XP disk.
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Malware issue- white screen
      « Reply #3 on: August 07, 2015, 07:43:59 PM »
      You did try re-booting your computer? You will have to check all the cables to make sure they are secure.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      newatthis

        Topic Starter


        Greenhorn

        • Experience: Beginner
        • OS: Windows XP
        Re: Malware issue- white screen
        « Reply #4 on: August 07, 2015, 08:01:17 PM »
        its a virus. there is a little box to enter a payment and it lets me hit the esc key to see the desktop for 30 seconds (to connect to internet).
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Malware issue- white screen
        « Reply #5 on: August 08, 2015, 01:07:10 PM »
        That changes things. Can you boot in Safe Mode?
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        newatthis

          Topic Starter


          Greenhorn

          • Experience: Beginner
          • OS: Windows XP
          Re: Malware issue- white screen
          « Reply #6 on: August 08, 2015, 01:50:34 PM »
          I tried to that, the screen still goes white is safe mode. That is when i made the disk and ran the program and sent you the OTL.txt file from the other thread (Police Report virus/ransomware). I just don't know what to do now other than re load XP. But i bought the laptop used and did not get any disks with it a few years ago.
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Malware issue- white screen
          « Reply #7 on: August 08, 2015, 04:02:46 PM »
          You can re-install or repair if you can borrow an XP disk but it must be the same version that's on your computer now.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's
          Pages: [1]   Go Up
          « previous next »