lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Not Sure if This is a Virus or BOSD

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old 15th May 2009, 21:29
Member Group
  
Was on line writting an email an had this happen . I got what looked like small note card going from corner to corner with a little blue square in the upper left hand corner and a blue line running through them. All the icons disappeared , keyboard and mouse would not work. The only way I could remove it was to turn off the power .
When I got home from work and turned the computer back on all I get is a black screen.
So I have tried all of the following.
First removed the cable to the monitor and get the test light on the monitor. checked it with the old pc and it is working fine. Then had to remove the cpu fan ( the one on this pc is like a blower more then a fan.) I wonted to see if i could hear the processor fan working .It is working fine. Then I was going to try a memtest but could not get anything on the moniter so I don't know if it was running or not.
Removed all power to the pc and the battery for this would make it beep . got no beep when power was hooked back up. And I also noticed that when all cables are hooked up and power is turned on the keyboard and mouse don't work..
Once I get the virus software downloaded in the old pc I will check to see if the hard drive still works.
As for hijacks file I had ran one just before this happened but it was with WinPatrol and it was saved to file . If I can get the hard drive to work in this old computer I will post it.
  #2  
Old 16th May 2009, 14:38
Moderator Group
  
Without the logs we can't make a determination if it is malware or not.
__________________
  #3  
Old 17th May 2009, 14:29
Member Group
  
Will work on getting the log file . Hard drive dose work in old computer.
  #4  
Old 17th May 2009, 15:05
Member Group
  
Here is the log that was ran just before the crash.

Log created by WinPatrol PLUS version 16.0.2009.2:16.0.2009.2
Scan saved at 11:57:58 PM, on 5/13/2009
Platform: Windows XP SP3 Service Pack 3 (Build 2600)
MSIE: Internet Explorer (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cmdagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLacsd.exe
C:\PROGRAM FILES\COMMON FILES\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\ARSERVICE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRAM FILES\SPOTMAU WINCARES 2007\FOLDERPROTECTSERVICE.EXE
C:\PROGRAM FILES\Java\jre6\bin\jqs.exe
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAM FILES\COMMON FILES\NEW BOUNDARY\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRAM FILES\DIGITAL MEDIA READER\READERICON45G.EXE
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\arpwrmsg.exe
C:\PROGRAM FILES\LEXMARK 5200 SERIES\lxbtbmgr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\QUICKTIME\qttask.exe
C:\PROGRAM FILES\LEXMARK 5200 SERIES\lxbtbmon.exe
C:\PROGRAM FILES\COMMON FILES\AOL\1229613011\EE\AOLSOFTWARE.EXE
C:\PROGRAM FILES\COMODO\SafeSurf\cssurf.exe
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfp.exe
C:\PROGRAM FILES\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WTMKM.exe
C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\AUTODETECTOR\Monitor.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\MESSENGER\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SEARCHINDEXER.EXE
C:\PROGRAM FILES\FILEHIPPO.COM\UPDATECHECKER.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF2.EXE
C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\WINDOWSSEARCH.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0\waol.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0\shellmon.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: EntDownloadHelper Class - {2956DD50-4F3E-4C20-81D1-FF36435FF288} - C:\Program Files\Enterra\Download Manager\edm.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: URLHooker2 Class - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\Program Files\Flash Video Downloader\URLHooker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\Google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\googletoolbar2.dll
O3 - Toolbar: Enterra Download Manager - {B5147546-9359-4D9B-8B36-F54C54555799} - C:\Program Files\Enterra\Download Manager\edm.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray]C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon]C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon]C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz]nwiz.exe /install
O4 - HKLM\..\Run: [AlwaysReady Power Message APP]ARPWRMSG.EXE
O4 - HKLM\..\Run: [Lexmark 5200 series]C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
O4 - HKLM\..\Run: [LXBTCATS]rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [NvMediaCenter]C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager]C:\Program Files\Common Files\AOL\1229613011\EE\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer]C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic]C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run
O4 - HKLM\..\Run: [REGSHAVE]C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [KernelFaultCheck]%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender]C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware]C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /starttray
O4 - HKLM\..\Run: [COMODO SafeSurf]C:\Program Files\COMODO\SafeSurf\cssurf.exe -s
O4 - HKLM\..\Run: [COMODO Internet Security]C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [MacrokeyManager]WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2]C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [WinPatrol PLUS]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnce: [NSSInstallation]C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [MSMSGS]C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [filehippo.com]C:\Program Files\filehippo.com\UpdateChecker.exe /background
O4 - Global Startup: ExifLauncher2.lnk=C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Windows Search.lnk=C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Download by Enterra Download Manager - res://C:\Program Files\Enterra\Download Manager\edm.dll/3000
O9 - Extra button: Enterra Download Manager - {1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://C:\Program Files\Enterra\Download Manager\edm.dll/3002
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: FWI Fraud Shield - {44E50755-EAC0-49ea-B52D-37372157D100} - C:\Program Files\FWI\FraudShield\FWIFraudShield.exe (HKCU)
O9 - Extra button: Flash Video Downloader - {df7831dd-a048-4336-8cc8-266a03f00d63} - C:\Program Files\Flash Video Downloader\FlashRunner.exe (HKCU)
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre6\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O15 - Trusted Zone: aol.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: B's Recorder GOLD Library General Service - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: COMODO Internet Security Helper Service - - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FolderProtectService - - C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter - - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: lxbt_device - - C:\WINDOWS\system32\lxbtcoms.exe -service
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WTService - - C:\WINDOWS\system32\atwtusb.exe -s
--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18372
MSIE: Internet Explorer (8.00.6001.18372)
25 IE Cookies in Folder: C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe
WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \Prefixes: www = http://
WP31 - Scheduled Tasks: [Uniblue SpeedUpMyPC.job]C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe Never
WP31 - Scheduled Tasks: [Uniblue SpeedUpMyPC Nag.job]C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe Never
WP31 - Scheduled Tasks: [NSSstub.job]C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe 05/13/2009 11:30 PM
WP31 - Scheduled Tasks: [Driver Robot.job]C:\Program Files\Driver Robot\DriverRobot.exe Never
WP31 - Scheduled Tasks: [Basic clean-up.job]C:\Program Files\Panda Security\Panda Global Protection 2009\PlaTasks.exe Never
WP31 - Scheduled Tasks: [User_Feed_Synchronization-{FD03A801-5427-4516-93CD-BC74874B5889}.job]C:\WINDOWS\system32\msfeedssync.exe 05/13/2009 11:42 PM
WP16 - ActiveX: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [Google Script Object] C:\PROGRAM FILES\Google\GOOGLETOOLBAR2.DLL 4, 0, 1601, 4978
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.7.0069.2
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\system32\icardie.dll 8.00.6001.18372
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 8.00.6001.18372
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9234
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {4E430174-1673-4FF3-BF28-A3B37F6573E7} [Windows Desktop Search Combo Control] C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\wdsShell.dll 7.0.6001.16503
WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {63610B21-6B0D-46C5-909D-3BD000B9A5A9} [ToolbarParams Class] C:\PROGRAM FILES\AOL TOOLBAR\aoltb.dll 5.13.4.1
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.2.6001.788
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.2.6001.788
WP16 - ActiveX: {72267F6A-A6F9-11D0-BC94-00C04FB67863} [Active Desktop Mover] C:\WINDOWS\system32\shell32.dll 6.00.2900.5622
WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {75565ED2-1560-4F15-B841-20358DE6A0D1} [ImageControl Class] C:\WINDOWS\system32\mfimgvwr.ocx 2.0.0.1
WP16 - ActiveX: {7584c670-2274-4efb-b00b-d6aaba6d3850} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18372
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9870.0
WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9870.0
WP16 - ActiveX: {88D969EA-F192-11D4-A65F-0040963251E5} [XML HTTP 5.0] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1087.0
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_13] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [SABScanProcesses Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\sabspx.dll 1.0.0.1
WP16 - ActiveX: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [a-squared Scanner] C:\WINDOWS\Downloaded Program Files\asquared.ocx 4.0.0.0
WP16 - ActiveX: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [Java Plug-in 1.6.0_05] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [Java Plug-in 1.6.0_07] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18372
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx 10,0,22,87
WP16 - ActiveX: {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\2.0.40115.0\npctrl.dll 2.0.40115.0
WP16 - ActiveX: {E8F628B5-259A-4734-97EE-BA914D7BE941} [Driver Agent ActiveX Control] C:\WINDOWS\DOWNLOADED PROGRAM FILES\DRIVERAGENT.OCX 1.0.0.0
WP16 - ActiveX: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} [IAOLTBSearch Class] C:\PROGRAM FILES\AOL TOOLBAR\aoltb.dll 5.13.4.1
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\2.0.40115.0\npctrl.dll 2.0.40115.0
WP16 - ActiveX: DFEAF541-F3E1-4c24-ACAC-99C30715084A [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\2.0.40115.0\npctrl.dll 2.0.40115.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\system32\COMCTL32.OCX 5.01.4319
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\COMCTL32.OCX 5.01.4319
WP16 - ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} [Shockwave ActiveX Control] C:\WINDOWS\system32\Adobe\Director\SwDir.dll 11.5
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.7.0069.2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\2.0.40115.0\npctrl.dll 2.0.40115.0
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\system32\COMCTL32.OCX 5.01.4319
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\system32\COMCTL32.OCX 5.01.4319
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\COMCTL32.OCX 5.01.4319
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18372
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 11.0.6550
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 8.00.6001.18372
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\WINDOWS\system32\rmoc3260.dll 6.0.8.1266
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx 10,0,22,87
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\USER
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\drivers\hosts
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Program Files\Common Files\Services\Thumbs.db
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\USER
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealPlayer File]C:\Program Files\Real\RealPlayer\RealPlay.exe /m audio/x-pn-realaudio %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
Memory currently in use: 18%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 2,048,264 KB

--
End of file
  #5  
Old 17th May 2009, 15:21
Moderator Group
  
I don't see anything that would be causing the problems you are having. Are you sure that the drive isn't going bad?
__________________
  #6  
Old 17th May 2009, 16:26
Member Group
  
At this point anything is possable.
When you say drive do you mean the HD for that is running fine on the old computer?
  #7  
Old 17th May 2009, 16:39
Moderator Group
  
Yea the HD. Can you do a full virus scan on it? That would be more reliable then a HJT scan.
__________________
  #8  
Old 27th May 2009, 08:53
Member Group
  
Sorry it took so long to get back EF. Had problem with the old computer . What would you like me to run at this point I will try anything but comboFix.
  #9  
Old 27th May 2009, 09:18
Moderator Group
  
Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

  • Double-click on drweb-cureit.exe and then click Start
  • An information notice will appear, click OK.
  • This starts a short scan that will scan the files currently running in memory.
  • If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
  • If or when something is found, click the Yes button when it asks you if you want to cure it.


  • Once the short scan has finished, Click Settings > Change Settings
  • Under the Scanning tab UNcheck Heuristic analysis and click OK
  • Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
  • When the scan is done.
  • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.


* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply
__________________
  #10  
Old 27th May 2009, 20:00
Member Group
  
Will do . not sure how long it will take for me to get back to you with report. Old computer is not allowing me to see the froum . something wrong with IE7 but will work around that for the time being.
Reply
Page 1 of 3 1 23

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.