Advertisement
Advertisement
 Search | |
| |
25-Aug-2012, 12:40 PM
#1 | |||||||
| Screen goes black on DELL Inspiron 8600 Win XP Pro Within the last day my screen will go completely black... not like when it is turned off, but a completely deep black. No cursor, nothing. Is this a virus I have??? It's a DELL Inspiron 8600 with Win XP Pro. It did it the first time while on Facebook. So I shut it off and tried again. Second time it did it on Facebook again, third time, on desktop screen, fourth was at start-up. I booted in f 2 and went to diagnostics and it went black as soon as page popped up withCPU or whatever and then proceeded to do a series of 3 beeps at different intervals. After listening to that horrid sound for about 3 minutes, I shut if off !!! lol Turned on and again did f 2 and started in first option (can't recall exact name) of internal HD ??? and this is how I ended up here  . Still on and going, but for how long? No clue. Am wondering if this is a virus I have or is my laptop really about to bite the dust? Currently running a full scan on Malwarebytes. Thanks for any help offered !!!!
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 |
25-Aug-2012, 01:23 PM
#2 | |||||||
| UPDATE *** Ok I BARELY can see the screen underneath the "blackness" so I am guessing I have a virus... weird thing is if I unplug the power cord from my laptop, I am able to keep the screen up longer before going "balck" How do I fix this !!!!!!! PLEASE HELP !!!! TYTYTYTYTY Still running a full scan in Malwarebytes as i type.... going to try to go to hijack this and add what i get from there too crossing fingers
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 |
25-Aug-2012, 01:30 PM
#3 | |||||||
| Here's my Hijack this Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:29:11 PM, on 8/25/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\system32\lxdncoms.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555 R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://rewards.mydrivefm.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EWE...pType=PrintCab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1326218597187 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1267219565705 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1343793071963 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/...Uploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6539 bytes
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 |
25-Aug-2012, 07:49 PM
#4 | |||||||
| One more update... 8.25.12 If I boot with just battery power, it does not go black as quickly. I tried taking the battery out and then replacing it. Tried using it just with battery, but since the battery is old, it only holds power for about 45 minutes... not even long enough to run a full scan with Malwarebytes. So I'm still not sure if anything is showing up (virus, spyware, etc) If any other info is needed please let me know TYTYTY again and again ~susan sjajdld@yahoo.com
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 |
26-Aug-2012, 01:10 PM
#5 | |||||||
| Ok so I apologize for not posting all I should have as I originally posted this in a different forum and just noticed that it had been moved to this forum... so here goes with update and the required scans.... Forgive me if this goes in spurts but since this is my only computer and it is acting up (why I'm here... ) I may have to post in intervals, so forgive me in advance for all of this nonsense  *** okay I restored to an earlier point on my computer on 8.25.12 after the above posts and same thing is happeneing. Black screen like very dark sunglasses were put over it. I can barely make out the icons etc on my desktop. I can access internet and everything else that I have tried so far while the screen is black like this. I found if I shine a flashlight at an angle i can see the screen a little better and have accessed it this way at times. VERY frustrating to say the least. ***Also, I seem to be able to have everything be normal as long as the ac power adapter is NOT connected... as soon as I plug it into the laptop, POOF* black screen. If I allow the battery to completely charge and then unplug ac adapter before turning on computer, I am able to get on with no black screen, no known issues, everything seems completely fine until my battery depletes itself, which is not long. Approximately an hour or so. So with all that being said, I redid all scans you asked for in the forum top post and am including them with this TYTYTYTY again for ANY help whatsoever... I miss my computer  lolhijack this 8.26.12 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:07:07 AM, on 8/26/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe C:\Program Files\Frontier\Security\Common\FSMA32.EXE C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\system32\lxdncoms.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Frontier\Security\Common\FSM32.EXE C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555 R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Frontier\Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://rewards.mydrivefm.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EWE...pType=PrintCab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1326218597187 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1267219565705 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1343793071963 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/...Uploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Frontier\Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8370 bytes *************************************************************************** ****************************************************** dds file 8.26.12 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by Administrator at 10:19:55 on 2012-08-26 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.434 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Max Security 9.17 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Max Security 9.17 *Enabled* FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe C:\Program Files\Frontier\Security\Common\FSMA32.EXE C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\system32\lxdncoms.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Frontier\Security\Common\FSM32.EXE C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\cidaemon.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.com/ mStart Page = hxxp://search.searchonme.com/ uInternet Settings,ProxyServer = 127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [F-Secure Manager] "c:\program files\frontier\security\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\frontier\security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll LSP: c:\program files\frontier\security\fsps\program\FSLSP.DLL Trusted Zone: mydrivefm.com\rewards DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&Co ntrolID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportSta ck=1&OpType=PrintCab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1326218597187 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343793071963 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{1CF38442-E0F6-4221-89B5-D3EC4BEF932B} : DhcpNameServer = 192.168.10.24 192.168.10.25 TCP: Interfaces\{76313147-6AC4-43F5-BE56-F3429732AA9D} : DhcpNameServer = 192.168.254.254 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File . ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-8-25 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-8-25 82160] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\frontier\security\hips\drivers\fshs.sys [2012-8-25 70192] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\frontier\security\anti-virus\fsgk32st.exe [2012-8-25 221872] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\frontier\security\anti-virus\minifilter\fsgk.sys [2012-8-25 149672] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\frontier\security\orsp client\fsorsp.exe [2012-8-25 61088] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdnserv.exe [2012-1-14 94208] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504] S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.1.121\mcchsvc.exe" --> c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-26 02:48:42 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-08-26 02:47:54 82160 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2012-08-26 01:44:59 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-08-26 01:44:59 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-25 18:27:22 -------- d-----w- c:\program files\Frontier 2012-08-25 18:24:35 -------- d-----w- c:\documents and settings\all users\application data\fssg 2012-08-25 17:26:01 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-08-25 16:45:57 -------- d-----w- c:\documents and settings\all users\application data\f-secure 2012-08-15 19:36:34 -------- d-----w- c:\documents and settings\administrator\application data\Virtual Prophecy . ==================== Find3M ==================== . 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-06 02:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 10:23:38.22 =============== *************************************************************************** *************************************************************** *** the gmer ark.txt scan is taking a longggg time so I will post that as soon as I can but am posting these now before I lose it all to a black screen again ty for patience sjajdld@yahoo.com ~Susan
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 Last edited by sjajdld; 26-Aug-2012 at 01:15 PM.. |
27-Aug-2012, 10:53 AM
#8 | |||||||
| I've tried to add pictures of what the screen looks like when black, but it won't let me add the photos. I tried a zip file as well.... no luck So I'm trying a link to my facebook page so you can see them. You can see the desktop underneath the blackness and I still have full function of the laptop... just can't see anything to use it unless I shine a flashlight on it and that is making me go blind !!! As I stated above, I can use it if it's not on AC power, but the battery only lasts for an hour, give or take a few minutes. As soon as I plug the AC cord in, boom, the screen goes black within 10-15 seconds.https://www.facebook.com/media/set/?...3150561&type=1 Hope this works http://www.facebook.com/media/set/?s...3150561&type=1
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 |
31-Aug-2012, 10:25 PM
#12 | |||||||
| Seriously... no one??? It's getting worse now... goes black while on battery now too... I'm running out of time. PLEASE HELPPPPPPPPPPPPPPPPPPPPPPPPPPP PLEASE !!! |
02-Sep-2012, 11:40 PM
#14 | |||||||
| puppy.exe ComboFix 12-09-01.01 - Administrator 09/02/2012 22:52:37.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -4:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe AV: F-Secure Anti-Virus 9.20.17320 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\100 c:\documents and settings\All Users\Application Data\Codecv c:\documents and settings\All Users\Application Data\Codecv\background.html c:\documents and settings\All Users\Application Data\Codecv\content.js c:\documents and settings\All Users\Application Data\Codecv\data\content.js c:\documents and settings\All Users\Application Data\Codecv\data\jsondb.js c:\documents and settings\All Users\Application Data\Codecv\mpkhppmnhgaocboaancgaipdlcifneik.crx c:\documents and settings\All Users\Application Data\Codecv\settings.ini c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe c:\program files\Shared c:\windows\Downloaded Program Files\ODCTOOLS c:\windows\EventSystem.log c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\Tasks\wxiwwczw.job . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVOKO6 . . ((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 ))))))))))))))))))))))))))))))) . . 2012-09-03 02:32 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9157C03B-6555-454F-8E61-F751D4BEE779}\mpengine.dll 2012-09-01 17:35 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-01 17:30 . 2012-09-01 17:30 -------- d-----w- c:\program files\Microsoft Security Client 2012-09-01 15:40 . 2012-09-01 17:07 -------- d-----w- C:\d80e6c2efb9c4c9564 2012-08-29 17:07 . 2012-08-29 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2012-08-26 02:48 . 2012-08-26 02:57 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-08-26 02:47 . 2011-09-26 15:52 82160 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2012-08-26 01:44 . 2012-08-26 01:44 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-25 18:29 . 2012-08-25 18:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure 2012-08-25 18:27 . 2012-08-25 18:27 -------- d-----w- c:\program files\Frontier 2012-08-25 18:24 . 2012-08-25 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg 2012-08-25 17:26 . 2012-08-25 17:26 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-25 16:45 . 2012-08-26 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure 2012-08-15 19:36 . 2012-08-15 19:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Virtual Prophecy . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-06 02:07 . 2011-09-25 01:21 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-06 02:06 . 2012-07-14 16:35 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06 . 2010-12-01 13:40 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:05 . 2007-04-12 14:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-08-06 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2005-12-19 22:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2010-02-04 04:05 107176 ----a-w- c:\program files\Lexmark 2600 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] 2011-09-26 15:53 201392 ----a-w- c:\program files\Frontier\Security\Common\FSM32.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] 2011-09-26 15:52 1655472 ----a-w- c:\program files\Frontier\Security\FSGUI\tnbutil.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-09-09 20:33 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe] 2010-02-04 04:05 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager] 2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "seclogon"=2 (0x2) "mnmsrvc"=3 (0x3) "Messenger"=2 (0x2) "McComponentHostService"=3 (0x3) "FSORSPClient"=3 (0x3) "FSMA"=2 (0x2) "FSDFWD"=3 (0x3) "F-Secure Gatekeeper Handler Starter"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdncoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"= "c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"= "c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"= "c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List] "8085:TCP"= 8085:TCP:GateOKO "3389:TCP"= 3389:TCP:*  isabled:@xpsp2res.dll,-22009. R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/25/2012 10:48 PM 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/25/2012 10:47 PM 82160] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdnserv.exe [1/14/2012 8:44 PM 94208] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [8/25/2012 10:46 PM 149672] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664] S4 FSORSPClient;F-Secure ORSP Client;c:\program files\Frontier\Security\ORSP Client\fsorsp.exe [8/25/2012 10:47 PM 61088] S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53] . 2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53] . 2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-10 20:33] . 2012-09-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ mStart Page = hxxp://search.searchonme.com/ uInternet Settings,ProxyServer = 127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL Trusted Zone: mydrivefm.com\rewards TCP: DhcpNameServer = 192.168.254.254 DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&Co ntrolID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportSta ck=1&OpType=PrintCab . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) Toolbar-Locked - (no file) ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) Notify-NavLogon - (no file) SafeBoot-klmdb.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe MSConfigStartUp-Spotify - c:\documents and settings\Administrator\Application Data\Spotify\Spotify.exe AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EX E . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-02 23:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06, \ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2, \ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06, \ . [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2, \ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2, \ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(916) c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL . - - - - - - - > 'explorer.exe'(2456) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\frontier\security\scanner-interface\fsgkiapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\windows\system32\lxdncoms.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-09-02 23:27:17 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-03 03:27 . Pre-Run: 1,621,151,744 bytes free Post-Run: 3,374,657,536 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 634D80E040BBBAABE211330C83A1D205 thank you very much !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
__________________ The Future Is No Place To Place Your Better Days... IID IIVII IIB <3 |
03-Sep-2012, 04:46 PM
#15 | ||||||
| You have both F-Secure Anti-virus and Microsoft Security Essentials. You need to uninstall one of them as it's not good to have two on the machine at the same time because they will conflict and cause problems. Open Notepad and copy and paste the text in the code box below into it: Code: Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"=- DDS:: uInternet Settings,ProxyServer = 127.0.0.1:5555 Referring to the picture below, drag CFScript.txt into ComboFix.exe  This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply. Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
__________________ Microsoft MVP - Consumer Security |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
