PDA

View Full Version : Formatted again and now I have a white square on desktop?


Virus Hater
2012-08-04, 23:45
There is a small square with little dots inside of it on my computer that pop up every now and then. It doesn't happen much and it has never done this before, I even formatted the computer and it still has the thing happening whenever the display first turns on, or it has to load for a bit.

http://i49.tinypic.com/1zwmfkh.jpg

Please help me out, as my computer is now going slower than ever.

Here are the logs needed:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Katie at 16:32:47 on 2012-08-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.295 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{743A01F3-36CF-4073-A10C-C768C546F8B6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F14B190B-1169-4589-9376-0E2F9B5001C2} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-4 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-4 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-4 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-4 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-4 44808]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2012-08-04 07:39:07 -------- d-----w- c:\windows\Panther
2012-08-04 07:08:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-04 06:57:28 98816 ----a-w- c:\windows\sed.exe
2012-08-04 06:57:28 518144 ----a-w- c:\windows\SWREG.exe
2012-08-04 06:57:28 256000 ----a-w- c:\windows\PEV.exe
2012-08-04 06:57:28 208896 ----a-w- c:\windows\MBR.exe
2012-08-04 06:56:40 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-04 06:56:33 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-04 06:56:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-04 06:56:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-04 06:55:56 -------- d-----w- C:\Recovery
2012-08-04 06:54:54 -------- d-----w- c:\program files\VideoLAN
2012-08-04 06:23:35 -------- d-----w- c:\program files\Motorola
2012-08-04 06:13:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-04 06:13:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-04 06:13:02 -------- d-----w- c:\program files\CCleaner
2012-08-04 06:07:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-04 06:07:56 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-04 06:07:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-04 06:06:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-04 05:53:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d22b4f8a-0cf2-459d-a8c2-9dd09286f058}\offreg.dll
2012-08-04 05:44:50 -------- d-----w- c:\users\katie\appdata\roaming\Malwarebytes
2012-08-04 05:44:35 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 05:44:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 05:44:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 05:19:58 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-08-04 05:10:40 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-08-04 05:10:40 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-08-04 05:10:40 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-08-04 05:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-08-04 05:10:40 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-08-04 05:00:43 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-08-04 05:00:43 -------- d-----w- c:\windows\system32\x64
2012-08-04 04:59:50 -------- d-sh--w- c:\windows\Installer
2012-08-04 04:59:17 -------- d-----w- c:\programdata\AVAST Software
2012-08-04 04:59:17 -------- d-----w- c:\program files\AVAST Software
2012-08-04 04:32:27 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-04 04:31:10 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-04 04:31:10 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-04 04:31:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-04 04:31:10 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-04 04:24:47 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-08-04 04:23:46 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-08-04 04:22:47 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-04 04:22:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-04 04:22:36 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-08-04 04:22:35 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-08-04 04:22:35 225280 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 04:22:35 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 04:22:35 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-08-04 04:22:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 04:22:14 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-08-04 04:22:14 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-08-04 04:22:03 417792 ----a-w- c:\windows\system32\msdri.dll
2012-08-04 04:19:57 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-08-04 04:18:59 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-08-04 04:18:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-08-04 04:18:57 67072 ----a-w- c:\windows\system32\packager.dll
2012-08-04 04:18:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-08-04 04:18:35 80384 ----a-w- c:\windows\system32\davclnt.dll
2012-08-04 04:18:35 51200 ----a-w- c:\windows\system32\wscapi.dll
2012-08-04 04:18:35 350720 ----a-w- c:\windows\system32\winhttp.dll
2012-08-04 04:18:35 204800 ----a-w- c:\windows\system32\WebClnt.dll
2012-08-04 04:18:35 204288 ----a-w- c:\windows\system32\upnp.dll
2012-08-04 04:18:34 73728 ----a-w- c:\windows\system32\wscsvc.dll
2012-08-04 04:18:34 14336 ----a-w- c:\windows\system32\slwga.dll
2012-08-04 04:15:59 2614784 ----a-w- c:\windows\explorer.exe
2012-08-04 04:15:31 2342400 ----a-w- c:\windows\system32\msi.dll
2012-08-04 04:15:01 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-08-04 04:15:01 3181568 ----a-w- c:\windows\system32\mf.dll
2012-08-04 04:15:00 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-08-04 04:15:00 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-08-04 04:15:00 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-08-04 04:15:00 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-08-04 04:12:56 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-08-04 04:10:39 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-08-04 04:06:48 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-08-04 04:06:47 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-08-04 04:06:47 107520 ----a-w- c:\windows\system32\cdd.dll
2012-08-04 04:06:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-04 04:06:45 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-08-04 04:06:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-04 04:06:22 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-04 04:06:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-04 04:05:47 132608 ----a-w- c:\windows\system32\cabview.dll
2012-08-04 03:58:39 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:33:49.50 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 17:45:54
-----------------------------
17:45:54.322 OS Version: Windows 6.1.7600
17:45:54.322 Number of processors: 2 586 0xE0C
17:45:54.322 ComputerName: KATIE-PC UserName: Katie
17:45:56.912 Initialze error C000010E - driver not loaded
17:45:57.037 AVAST engine defs: 12080400
17:45:58.722 Scan error: Incorrect function.
17:50:22.645 The log file has been saved successfully to "E:\aswMBR.txt"


Edit. Previous topic: http://forums.spybot.info/showthread.php?t=65980
torreattack
2012-08-14, 15:23
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi Virus Hater and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

=================================================================================================================================

1. Before we start
Have you back up your registry with Erunt ?
Spybot-S&D TeaTimer needs to be disabled so that its protection does not interfere with fixes. Have you manage to disable Spybot-S&D?
note:You can find the instruction to perform these two tasks here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).
.


2. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


3. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.



4. Update about your problem
Please provide me more info about your computer problem:
Does the white box happen before reformat?
When is the white box start to appear? When computer start to load, when windows start to load or when windows finish loading?
Does the white box happen in safe mode?
Do you mean the white box is actually a small "pop up" windows?


5. Checklist
Please post:
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
OTL.txt and Extra.txt
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.


Thank you for your patience.
torreattack
tashi
2012-08-22, 18:23
Previous topic: http://forums.spybot.info/showthread.php?t=65980

This topic archived, thank you torreattack. :)