Black Screen Issue, Logs included

weewun · Feb 7, 2010

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:43]

2010-02-08 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-08 01:02]

2010-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-21 00:42]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:54]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:54]

2010-02-07 c:\windows\Tasks\User_Feed_Synchronization-{665FBCF0-840B-470D-A683-9D271B519EC8}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamasutra.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
FF - ProfilePath - c:\users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\duxjswoi.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-08 01:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,8c,eb,31,f3,b1,7b,4e,87,fb,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,8c,eb,31,f3,b1,7b,4e,87,fb,5f,\

[HKEY_USERS\S-1-5-21-335779782-1840776851-755022586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-335779782-1840776851-755022586-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e8,b9,a7,81,37,1a,6d,80,c9,dc,bf,2b,1a,9c,94,e5,f0,5d,84,ec,33,b2,44,
d4,5d,fb,2f,1f,9f,aa,71,08,0f,dc,b4,52,b4,a2,47,db,19,f8,9c,9b,05,24,b0,ee,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-335779782-1840776851-755022586-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a8,89,af,45,00,24,7c,05,79,dd,bb,75,ab,3a,7b,1c,ac,d8,63,1d,25,
97,fe,e1,a8,86,b3,91,d2,e7,4f,17,03,a2,49,4f,f4,84,ff,bf,34,08,ee,fc,50,78,\
"rkeysecu"=hex:3d,ab,f5,4c,d7,f0,24,fc,48,5d,e3,f1,15,2c,0e,e0
.
Completion time: 2010-02-08 01:05:51
ComboFix-quarantined-files.txt 2010-02-08 01:05
ComboFix2.txt 2010-02-07 23:26
ComboFix3.txt 2010-02-07 21:57
ComboFix4.txt 2010-02-07 16:25

Pre-Run: 3,050,242,048 bytes free
Post-Run: 2,917,580,800 bytes free

- - End Of File - - B22580F9E48F41DDD24D0D425B8EA8CB

weewun · Feb 7, 2010

Hijack-this logfile:

--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:59, on 08/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gamasutra - The Art & Business of Making Games
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\power iso\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\program files\windows live\messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4652 bytes

Osiris · Feb 7, 2010

Remove ASAP

O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

post a new log

Black Screen Issue, Logs included

weewun

In Runtime

weewun

In Runtime

Osiris

Golden Master

Similar threads