Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Screen Flashes Red and White After a not Responding Program  (Read 47326 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Screen Flashes Red and White After a not Responding Program
« Reply #15 on: April 16, 2013, 12:02:29 PM »
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
  • Leave the check mark next to Remove found threats.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Windows 8 and Windows 10 dual boot with two SSD's

Whitebeard1

    Topic Starter


    Intermediate

    Thanked: 2
    • Computer: Specs
    • Experience: Familiar
    • OS: Mac OS
    Re: Screen Flashes Red and White After a not Responding Program
    « Reply #16 on: April 17, 2013, 06:16:39 AM »
    Here's the log:
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=ce424a03787b5a449a8f843cacaa48cb
    # engine=13635
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2013-04-17 12:06:41
    # local_time=2013-04-17 10:06:41 (+1000, AUS Eastern Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=1799 16775165 100 96 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 0 117833851 0 0
    # compatibility_mode=6657 16777214 0 14 23114310 23114310 0 0
    # scanned=265839
    # found=5
    # cleaned=3
    # scan_time=8117
    sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
    sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
    sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
    sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
    sh=800E4F9CAD354DBEF9E64F23375C61DB3107C290 ft=1 fh=cd4294964f0acafb vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\TDDownload\SpeedyComputer.exe"
    Computers follow your orders, not your intentions.

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Screen Flashes Red and White After a not Responding Program
    « Reply #17 on: April 17, 2013, 12:28:39 PM »
    Please run ESET and see if anything shows up.
    Windows 8 and Windows 10 dual boot with two SSD's

    Whitebeard1

      Topic Starter


      Intermediate

      Thanked: 2
      • Computer: Specs
      • Experience: Familiar
      • OS: Mac OS
      Re: Screen Flashes Red and White After a not Responding Program
      « Reply #18 on: April 20, 2013, 01:15:32 AM »
      Hi Dave, I ran ESET but nothing came up. No threats was found. I found that my computer is not bad now, and programs are running okay. Except AVG kept saying that C:/program files/autoguarder/autoguarder.exe is still there. I cannot find it in the location provided.
      Computers follow your orders, not your intentions.

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Screen Flashes Red and White After a not Responding Program
      « Reply #19 on: April 20, 2013, 11:31:05 AM »
      Ok, download and install MSE and run a scan and see if it finds the same thing as AVG.

      Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
      Windows 8 and Windows 10 dual boot with two SSD's

      Whitebeard1

        Topic Starter


        Intermediate

        Thanked: 2
        • Computer: Specs
        • Experience: Familiar
        • OS: Mac OS
        Re: Screen Flashes Red and White After a not Responding Program
        « Reply #20 on: April 20, 2013, 10:23:40 PM »
        Ni Dave, MSE says that Autoguarder.exe is still there, but in a different location. It looks like it copied itself to another location at c:/system32/autoguarder.exe.
        Now I know that system32 is a very important file so I tried to remove it with MSE. It did, but somehow the virus file come up again after reboot or shutting down. Also I realised that a file(C:/program files/Autoguarder/Folder.bat) was created by something, and my AVG keep detecting them but failed to remove them completely. I opened the batch file in notepad and found that it tries to delete all "dll" files in system32. So everytime My pc boots up a cmd window shows up. But most of the action were denied. However I think 5 dll files were still deleted by the virus.somehow it's not affecting my system mch, but I am very worried.
        thanks!
        Computers follow your orders, not your intentions.

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Screen Flashes Red and White After a not Responding Program
        « Reply #21 on: April 21, 2013, 04:39:16 PM »
        Ok Please uninstall this program: C:/program files/Autoguarder

        Please download aswMBR.exe ( 511KB ) to your desktop.

        Double click the aswMBR.exe to run it



        Click the "Scan" button to start scan

        Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



        On completion of the scan click save log, save it to your desktop and post in your next reply
        Windows 8 and Windows 10 dual boot with two SSD's

        Whitebeard1

          Topic Starter


          Intermediate

          Thanked: 2
          • Computer: Specs
          • Experience: Familiar
          • OS: Mac OS
          Re: Screen Flashes Red and White After a not Responding Program
          « Reply #22 on: April 21, 2013, 07:08:24 PM »
          Hi Dave, I tried to uninstall Autoguarder.exe, but it say's access denied. I tried changing the security settings on access, but it didn't work.
          Anyways heres the log:
          aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
          Run date: 2013-04-22 11:34:16
          -----------------------------
          11:34:16.420    OS Version: Windows x64 6.1.7600
          11:34:16.420    Number of processors: 4 586 0x2A07
          11:34:16.421    ComputerName: JIANSFAMLIY-PC  UserName: jian's famliy
          11:34:18.848    Initialize success
          11:35:16.930    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
          11:35:16.936    Disk 0 Vendor:   Size: 0MB BusType: 0
          11:35:17.053    Disk 0 MBR read successfully
          11:35:17.058    Disk 0 MBR scan
          11:35:17.063    Disk 0 Windows 7 default MBR code
          11:35:17.070    Disk 0 MBR hidden
          11:35:17.077    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    22003 MB offset 63
          11:35:17.096    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152618 MB offset 45062325
          11:35:17.104    Disk 0 Partition - 00     0F Extended LBA            435857 MB offset 357625856
          11:35:17.149    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       435856 MB offset 357627904
          11:35:17.187    Disk 0 scanning C:\Windows\system32\drivers
          11:35:29.094    Service scanning
          11:35:45.144    Modules scanning
          11:35:45.169    Disk 0 trace - called modules:
          11:35:45.518    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
          11:35:45.530    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006992060]
          11:35:45.541    3 CLASSPNP.SYS[fffff880010bf43f] -> nt!IofCallDriver -> [0xfffffa8004a62200]
          11:35:45.552    5 ACPI.sys[fffff88000f9a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac0050]
          11:35:45.561    Scan finished successfully
          11:36:21.976    Disk 0 MBR has been saved successfully to "C:\Users\jian's famliy\Documents\MBR.dat"
          11:36:21.979    The log file has been saved successfully to "C:\Users\jian's famliy\Documents\aswMBR.txt"
          Computers follow your orders, not your intentions.

          Whitebeard1

            Topic Starter


            Intermediate

            Thanked: 2
            • Computer: Specs
            • Experience: Familiar
            • OS: Mac OS
            Re: Screen Flashes Red and White After a not Responding Program
            « Reply #23 on: April 21, 2013, 07:11:08 PM »
            By the way I cannot find Autoguarder.exe in the Programfiles folder, but 2 other locations, and each of them has a batch file contained called Folder.bat. That's the batch file which tried to delete important files. It says Access Denied when I try to delete it. :(
            Computers follow your orders, not your intentions.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Screen Flashes Red and White After a not Responding Program
            « Reply #24 on: April 22, 2013, 04:11:25 PM »
            You could try UnLocker.

            You can download and install Unlocker .
            Windows 8 and Windows 10 dual boot with two SSD's

            Whitebeard1

              Topic Starter


              Intermediate

              Thanked: 2
              • Computer: Specs
              • Experience: Familiar
              • OS: Mac OS
              Re: Screen Flashes Red and White After a not Responding Program
              « Reply #25 on: April 23, 2013, 12:10:12 AM »
              Hello Dave, I got Unlocker and deleted the batch file. :)Thank you very much for helping me through this problem! My computer is running fine now.
              Computers follow your orders, not your intentions.

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Screen Flashes Red and White After a not Responding Program
              « Reply #26 on: April 23, 2013, 11:51:23 AM »
              Good, let's do some cleanup and we'll be finished.

              Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

              ******************************************
              To set a new Restore Point.

              Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
              Click the Start button , click Control Panel, click System and Maintenance, and then click System.
              In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
              To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
              This will give you a new, clean Restore Point.
              ***************************************
              Click Start> Computer> right click the C Drive and choose Properties> enter
              Click Disk Cleanup from there.



              Click OK on the Disk Cleanup Screen.
              Click Yes on the Confirmation screen.



              This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
              ***************************************
              Go to Microsoft Windows Update and get all critical updates.

              ----------

              I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

              SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
              * Using SpywareBlaster to protect your computer from Spyware and Malware
              * If you don't know what ActiveX controls are, see here

              Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

              Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

              Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
              Safe Surfing!
              Windows 8 and Windows 10 dual boot with two SSD's

              Whitebeard1

                Topic Starter


                Intermediate

                Thanked: 2
                • Computer: Specs
                • Experience: Familiar
                • OS: Mac OS
                Re: Screen Flashes Red and White After a not Responding Program
                « Reply #27 on: April 23, 2013, 07:03:35 PM »
                Hey Dave, after doing the instructions you gave me in the last post, my computer got a lot faster:). Thankyou very much for helping me with malware this time, and I learnt a lot. I am thinking of installing WOT instead of AVG too.

                Whitebeard1
                Computers follow your orders, not your intentions.

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Screen Flashes Red and White After a not Responding Program
                « Reply #28 on: April 24, 2013, 12:01:38 PM »
                Hey Dave, after doing the instructions you gave me in the last post, my computer got a lot faster:). Thankyou very much for helping me with malware this time, and I learnt a lot. I am thinking of installing WOT instead of AVG too.

                Whitebeard1
                You're welcome. Just one note. WOT is not an Anti-Virus program. It's just an aid to keep you from clicking on some dangerous sites. If you want to dump AVG, I would suggest MSE.
                I will lock this thread. If you need it re-opened, please send me a pm.
                Windows 8 and Windows 10 dual boot with two SSD's