InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Incredimail problem? |
|
Answer» Quote Opened up in safe mode and problem with icons and dots on screen not there. Re-appeared when I opened in normal mode. Is this a clue?Yes. Something that's causing this is only running in Normal Mode. Quote Re-ran ComboFix and saved log. (You do not want it so why did I run the scan?)I didn't want you to re run ComboFix. I wanted you to run the script to fix some problems in the ComboFix log. Please follow the instructions in Reply # 13. Also, can you do a screen print of your desktop and include it in your next reply? How to post screenshots or images Quote Is the problem really a virus or is some software corrupted as a consequence of having and removing the virus?I sounds more like an infection because it doesn't run in Safe Mode. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Had run ComboFix with script fix just confused why you did not want log. Ran ESET and no threats found, Here is log [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=8cf6e57be4777547bce09df9449d7ee5 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-12-23 07:00:11 # local_time=2010-12-23 01:00:11 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 43919 43919 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777189 100 75 0 22232430 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=99715 # found=0 # cleaned=0 # scan_time=5704 Also noted that when I ran video on Microsoft Media it had rectangular block blocks (0.25 inches tall 0.05 inches wide) on a regular pattern over screen. Different interference than the desk top. Also on Skype Hope I have done screen print correctly. Thank you. Quote Had run ComboFix with script fix just confused why you did not want log.It was just some minor housecleaning. Could you please run the ComboFix scan again the post the log. I think I may have MISSED something. From the looks of the screenshots, I think there's something wrong with your monitor or the Video card drivers. Is there any chance of hooking up a different monitor to that computer?Unfortunately Dave I can't get another monitor. Which dirvers should I uninstall and install - and how do I know what the drivers are?Last minute Christmas shopping to do, will run ComboFix when I come back. Annie OK here it is Dave, latest scan... ComboFix 10-12-23.02 - 12/23/2010 17:10:26.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -6:00] Running from: c:\documents and settings\Desktop\Commy.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 ))))))))))))))))))))))))))))))) . 2010-12-23 22:36 . 2010-12-23 22:52 -------- dc----w- C:\commy 2010-12-22 04:38 . 2010-12-22 04:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Driver Whiz 2010-12-22 04:31 . 2010-12-22 04:31 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp 2010-12-22 04:28 . 2010-12-22 04:30 -------- dc----w- c:\documents and settings\Local Settings\Application Data\Conduit 2010-12-22 04:28 . 2010-12-22 04:28 -------- dc----w- c:\program files\Conduit 2010-12-22 04:28 . 2010-12-22 04:31 -------- dc----w- c:\documents and settings\Local Settings\Application Data\IncrediMail_MediaBar_2 2010-12-22 04:28 . 2010-12-22 04:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Photo Notifier and Animation Creator 2010-12-22 04:28 . 2010-12-22 04:28 -------- dc----w- c:\program files\Photo Notifier and Animation Creator 2010-12-22 04:25 . 2010-12-22 04:25 -------- dc----w- c:\program files\IncrediMail 2010-12-21 03:12 . 2010-12-21 03:12 -------- dc----w- c:\program files\CCleaner 2010-12-21 02:54 . 2010-12-21 02:54 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2010-12-21 02:54 . 2010-12-21 02:54 -------- dc----w- c:\program files\Java 2010-12-12 02:13 . 2010-12-12 02:13 -------- dc----w- c:\program files\Trend Micro 2010-12-10 04:17 . 2010-12-10 20:04 -------- dc----w- c:\program files\Common Files\PC Tools 2010-12-10 02:39 . 2010-12-10 02:39 -------- dc----w- c:\documents and settings\Application Data\SUPERAntiSpyware.com 2010-12-10 02:39 . 2010-12-10 02:39 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-08 03:41 . 2010-12-08 03:41 -------- dc----w- c:\documents and settings\Application Data\Malwarebytes 2010-12-08 03:41 . 2010-12-08 03:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-08 02:46 . 2010-12-21 02:54 472808 -c--a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:12 . 2003-08-14 03:06 81920 -c--a-w- c:\windows\system32\isign32.dll 2010-11-06 00:34 . 2004-02-06 23:05 832512 -c--a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34 . 2004-08-04 07:56 78336 -c--a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34 . 2003-08-14 02:58 1830912 -c--a-w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34 . 2003-08-14 02:57 17408 -c--a-w- c:\windows\system32\corpol.dll 2010-11-03 12:25 . 2004-08-04 05:59 389120 -c--a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2003-08-14 02:58 40960 -c--a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2003-08-14 02:57 290048 -c--a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2003-08-14 02:58 1853312 -c--a-w- c:\windows\system32\win32k.sys 2010-10-19 20:51 . 2009-10-03 18:59 222080 -c----w- c:\windows\system32\MpSigStub.exe 2010-10-14 03:28 . 2010-03-13 21:24 9344 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-10-14 03:28 . 2010-03-13 21:24 88544 -c--a-w- c:\windows\system32\drivers\mfendisk.sys 2010-10-14 03:28 . 2010-03-13 21:24 84264 -c--a-w- c:\windows\system32\drivers\mferkdet.sys 2010-10-14 03:28 . 2010-03-13 21:24 84072 -c--a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-10-14 03:28 . 2010-03-13 21:24 55840 -c--a-w- c:\windows\system32\drivers\cfwids.sys 2010-10-14 03:28 . 2010-03-13 21:24 52104 -c--a-w- c:\windows\system32\drivers\mfebopk.sys 2010-10-14 03:28 . 2010-03-13 21:24 313288 -c--a-w- c:\windows\system32\drivers\mfefirek.sys 2010-10-14 03:28 . 2010-03-13 21:24 152960 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-10-14 03:28 . 2010-01-06 00:04 95600 -c--a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-10-14 03:28 . 2010-01-06 00:04 386840 -c--a-w- c:\windows\system32\drivers\mfehidk.sys 2007-08-02 18:41 . 2007-08-02 18:41 774144 -c--a-w- c:\program files\RngInterstitial.dll 2001-11-30 16:09 . 2004-05-26 00:45 49152 -c--a-r- c:\program files\Common Files\HDvAvi.dll . ((((((((((((((((((((((((((((( SnapShot_2010-12-23_22.49.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-23 23:02 . 2010-12-23 23:02 16384 c:\windows\temp\Perflib_Perfdata_858.dat + 2010-12-23 23:02 . 2010-12-23 23:02 16384 c:\windows\temp\Perflib_Perfdata_230.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbInc0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 -c--a-w- c:\program files\ConduitEngine\ConduitEngin0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2010-10-18 10:26 3908192 -c--a-w- c:\program files\IncrediMail_MediaBar_2\tbInc0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbInc0.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\tbInc0.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 36864] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "CTHelper"="CTHELPER.EXE" [2003-07-03 28672] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-22 282624] "VAIO RECOVERY"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMidi"="MIDIDEF.EXE" [2003-07-03 49152] c:\documents and settings\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-16 111376] wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-9-20 36864] CARD Monitor.lnk - c:\program files\Panasonic\Palmcorder\CARD LINK (for USB)\regcnt09.exe [2004-5-24 49152] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-15 809488] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248] Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-9-20 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 22:41 72208 -c--a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] ="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"= "c:\\Program Files\\Abacast\\Abaclient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/13/2010 3:24 PM 84072] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/15/2009 9:27 PM 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2010 3:24 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2010 3:24 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2010 3:24 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/13/2010 3:24 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [3/13/2010 3:24 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/13/2010 3:24 PM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/13/2010 3:24 PM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/13/2010 3:24 PM 88544] S2 gupdate1ca8311c753ab74;Google Update Service (gupdate1ca8311c753ab74);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 8:19 AM 133104] S2 mrtRate;mrtRate; S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/13/2010 3:24 PM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/13/2010 3:24 PM 84264] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12/20/2009 3:58 PM 91830] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-11-05 c:\windows\Tasks\disketchShakeIcon.job - c:\program files\NCH Software\Disketch\disketch.exe [2010-11-01 15:04] 2010-12-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 20:45] 2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 14:18] 2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 14:18] 2010-12-23 c:\windows\Tasks\vtscheduletask.job - c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-11-18 20:25] . . ------- Supplementary Scan ------- . uStart PAGE = hxxp://www.google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = http=localhost:8080 uInternet Settings,ProxyOverride = uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &ieSpell Options - d:\iespell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - d:\iespell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://d:\iespell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://d:\iespell\wikipedia.HTM Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-23 17:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] ="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] Denied: (A 2) (Everyone) ="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1112) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(172) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-12-23 17:22:16 ComboFix-quarantined-files.txt 2010-12-23 23:22 ComboFix2.txt 2010-12-23 22:52 ComboFix3.txt 2010-12-22 03:39 ComboFix4.txt 2010-12-21 03:48 Pre-Run: 1,650,237,440 bytes free Post-Run: 1,666,478,080 bytes free - - End Of File - - 24148E580DDE69CDADC0B41F011F8396 You should visit the site of the maker of your computer and look for Video card drivers. Uninstall the old driver and install the new one. Re-running ComboFix to remove infections:
Removed ATI Display Driver file containing Radeon 9800. Did not remove ATI Control Panel. Restarted computer as part of uninstall process. Dots still on startup images (e.g. MicroSoft Windows) but when booted up lines on screen ------ and icons llllll no longer there. Whooppee! Down loaded video driver from Sony Website, Radeon 9800. Restarted computer as required. Dots still on startup images (e.g. MicroSoft Windows) and lines on screen and icons, had returned. Did not run ComboFix in case this latest experience prompts new ideas. Should I have also removed ATI Control Panel? If I do, do I need to re-install it and if so how?When you removed the video card driver I suspect that the video card was running on the generic driver just as it did in Safe Mode. It looks like the problem is with the drivers and I really can't help you much with that. I think you should run the ComboFix script, we'll do some CLEANUP and you can get help for the driver problem in another one of forums dealing with such problems. You should start a new thread right now even while we're cleaning up here. I'm sorry we couldn't get this fixed before Christmas. |
|
