Flashing, Freezing, Pixelating Monitor

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by NGazzara, Jan 10, 2015.

  1. NGazzara

    NGazzara Private E-2

    Good Morning,

    I am not sure if I have a virus or not but this is my situation.

    OS: Windows XP - 32 Bit

    At boot up my Dell monitor displays "F2 - Setup & F12 - Boot Menu in the upper right hand corner with many colored tiny dots on the black screen. After entering my password, the C:\Documents folder appears without any content. I can work for about 5 to 10 min before my monitor starts to ,pixelate, freeze & flash black.
    I ran all of the Windows XP Malware Removal/Cleaning Procedure. The results are attached.

    CCleaner produced no threats
    RougeKiller brought up a window "ADLICE.COM/Kernelmode-rootkits-part-3-Kernel-filters/

    Please know that due to the limited time that I had to run the programs, some had to be re-run as I was unable to get a report.

    MajorGeeks have helped me in the past. I am hoping that you can do this again.

    Thank you in advance,
    Nancy
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is probably a hardware issues, but in the meantime, we will check your logs once you attach the log from running MGTools.exe -> C:\MGLogs.zip.
     
  3. NGazzara

    NGazzara Private E-2

    Thank you Tim. The log you requested is attached.
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are not suffering from malware. However, there are things to clean up.

    Please use add/remove programs to uninstall:
    Microsoft Security Client
    Microsoft Security Essentials
    ShopAtHome.com BrowserAppCore Service Chrome

    Now rerun RogueKiller and have it fix these items:
    Code:
    ¤¤¤ Registry : 4 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E} -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BrowserAppCoreService : C:\Documents and Settings\Nancy\Application Data\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe "C:\Documents and Settings\Nancy\Application Data\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart"  -> Found
    Rerun Hitman and have it fix these items:
    Code:
    Potential Unwanted Programs _________________________________________________
        C:\WINDOWS\reimage.ini (ReimageRepair)
       HKLM\SOFTWARE\Conduit\ (Conduit)
       HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)
       HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ (ReimageRepair)
       HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ (ReimageRepair)
       HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Reimage\ (ReimageRepair)
       HKU\S-1-5-21-796845957-73586283-725345543-1003_Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)
    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Processes
    explorer.exe
    
    :files
    C:\Documents and Settings\Nancy\Application Data\ShopAtHome.com BrowserAppCore Service
    C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    C:\WINDOWS\Temp\*.*
    C:\Documents and Settings\Nancy\Local Settings\Temp\*.*
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
    "MSC"=-
    "BrowserAppCoreService"=-
    
    :Commands
    [purity]
    [ResetHosts]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.

    Reboot and rescan with both RogueKiller and Hitman and attach the new logs.

    We will probably have to send you to the hardware forum.
     
  5. NGazzara

    NGazzara Private E-2

    Hi Tim,
    I deleted MS Security Essentials & Shop at Home Browser. I was unable to find MS Security Client. However, I did find MS.net framework 4 client profile. Is that the same as MS Security Client?
    Nancy
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No. Finish the fix and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Attach the new C:\MGLogs.zip.
     
  7. NGazzara

    NGazzara Private E-2

    Tim,

    I was unable to "fix" anything in HITMAN PRO as I already had a copy and the license expired. If there are no other alternatives to this I will happily pay for the license in order to repair my system.

    Please adivse.

    Thank You,

    Nancy
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Processes
    explorer.exe
    
    :files
    C:\WINDOWS\reimage.ini
    
    :reg
    [-HKLM\SOFTWARE\Conduit]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Reimage]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003_Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
    
    :Commands
    [purity]
    [ResetHosts]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.
    Reboot and rescan with

    Hitman and attach the new log as well.
     
  9. NGazzara

    NGazzara Private E-2

    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    ========== FILES ==========
    File/Folder C:\Documents and Settings\Nancy\Application Data\ShopAtHome.com BrowserAppCore Service not found.
    File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk not found.
    File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_d0c.dat scheduled to be moved on reboot.
    C:\WINDOWS\Temp\WGAErrLog.txt moved successfully.
    C:\Documents and Settings\Nancy\Local Settings\Temp\AdobeARM.log moved successfully.
    File move failed. C:\Documents and Settings\Nancy\Local Settings\Temp\etilqs_4gMzLqM8blLqMza scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\Nancy\Local Settings\Temp\etilqs_oaGujsIX4x1FJjc scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\Nancy\Local Settings\Temp\etilqs_SlquitgLT7qNmoE scheduled to be moved on reboot.
    C:\Documents and Settings\Nancy\Local Settings\Temp\jusched.log moved successfully.
    File move failed. C:\Documents and Settings\Nancy\Local Settings\Temp\tmp8.tmp scheduled to be moved on reboot.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\\MSC not found.
    Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\\BrowserAppCoreService not found.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Hi Tim,

    Below are the results of the OTM scan. The logs from OTM, Roguekiller & Hitman are attached.

    OTM by OldTimer - Version 3.1.21.0 log created on 01112015_151858

    Files moved on Reboot...
    File C:\WINDOWS\Temp\Perflib_Perfdata_d0c.dat not found!
    File C:\Documents and Settings\Nancy\Local Settings\Temp\etilqs_4gMzLqM8blLqMza not found!
    File C:\Documents and Settings\Nancy\Local Settings\Temp\etilqs_oaGujsIX4x1FJjc not found!
    File C:\Documents and Settings\Nancy\Local Settings\Temp\etilqs_SlquitgLT7qNmoE not found!
    File C:\Documents and Settings\Nancy\Local Settings\Temp\tmp8.tmp not found!

    Registry entries deleted on Reboot...

    Thanks,
    Nancy
     

    Attached Files:

  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please do not post logs inline.

    Did you run the OTM fix in post #8?
     
  11. NGazzara

    NGazzara Private E-2

    Tim,

    First, I apologize for posting the log...I misunderstood your instructions.
    Second, I did run the OTM and I thought the attachment "01112015_151802.log" is what you needed. This file was in the "Moved" folder.

    Is there something else that you are looking for?

    Nancy
     
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The log you posted had none of the items in the fix in post #8. Please do that fix again and attach the new OTM log.​
     
  13. NGazzara

    NGazzara Private E-2

    Tim,

    I think the problem here is that everytime I try to download OTM, I get stopped by AVG detecting an IDP.Trojan 5BD43515. Even though I temporarily disabled AVG in order to allow me to get OTM, the result do not record as you instructed.

    The results that I was not supposed to paste in these responses are the ones that popped up after a reboot. These results are not recorded in Notepad.

    Please advise.

    Thanks

    Nancy
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I suggest you uninstall AVG until we are finished. ;)

    Please go here and download and run the AVG Removal Tool
     
  15. NGazzara

    NGazzara Private E-2

    Ok Tim,

    The file attached is what I received from OTM.

    Nancy
     

    Attached Files:

  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and attach the new log, please.
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's the log from the fix Tim gave you in message # 4. It is not the log from the fix posted in message # 8.
     
  18. NGazzara

    NGazzara Private E-2

    Chaslang,

    Yes, I did not understand the instructions for running OTM. However, I finally got it..hooray! With that said, after figuring it out I got error messages several times: 1. An instance of this service is already running 2. Login Failure: Unknown user name or bad password. I tried uninstalling and reinstalling the app several times and also changing my password and rebooting each time. No Luck

    Tim,

    Attached is the latest log from HitmanPro.

    I cannot thank you enough for your patience as I would be buying a new computer now.

    Nancy
     

    Attached Files:

  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But you still have not run the fix from message # 8.

    You don't need a login or password to run OTM. You justy need to double click it to run it. Tim's instructions for using Run As Administrator do not apply to Windows XP which you are running.
     
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Processes
    explorer.exe
    
    :files
    C:\WINDOWS\reimage.ini
    
    :reg
    [-HKLM\SOFTWARE\Conduit]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003\Software\Reimage]
    [-HKU\S-1-5-21-796845957-73586283-725345543-1003_Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
    
    :Commands
    [purity]
    [ResetHosts]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.
    Reboot and rescan with

    Hitman and attach the new log as well.
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    • I repeat!!!! These instructions are not correct for Windows XP. ;)

      Fix your boilerplates to say the below which then applies to all versions of Windows

     
  22. NGazzara

    NGazzara Private E-2

    Tim,

    Hopefully this time you have what you need.

    Nancy
     

    Attached Files:

  23. NGazzara

    NGazzara Private E-2

    Thanks Chaslang,

    Got it!!!

    Nancy
     
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The logs are clean now. If you continue to have issues, please post in the hardware forum as your monitor or video card could be at fault.

    Since you are not having any malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
  25. NGazzara

    NGazzara Private E-2

    Tim,

    You have been a great help to me. Thanks doesn't seem to say enough.

    I will try to get this done tonight as I will be working long shift hours for the next 3 days.

    Nancy
     
    Last edited: Jan 13, 2015
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Good luck and think about upgrading away from XP. ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds