Jump to content

Erratic video- this is the toughest case I have come across yet!


Recommended Posts

Not only do I need help identifying the malicious code that got into my computer, but I need help knowing how so I can plug up the leaks.

 

 

Here is a report of what I have been dealing with up until now (taken from a previous post, but reiterated just so you can see why I am posting a HJT log.

 

----------------------

 

 

My system has started acting up over the last week or so. I have NEVER had any problems with it whatsoever until now. It is about a year and a half old.

 

Here is the only thing that changed in the last few months:

 

1. I uninstalled Norton Antivirus

 

2. I immediately installed the CA Security package which our internet provider has given us for free for the year- EZ armour, Pest PAtrol, Antivirus and the Antispam. (The suite had been in there since the very end of March.)

 

 

The last few weeks I have noticed bogging down of the Outlook Express. It seemed like the Anti Spam program was bogging it down.

 

 

 

Then I began to have problems with some websites so I began to suspect the EZArmour, since these particular sites were business sites which have NEVER given me problems in all of the years that I have accessed them.

 

 

 

The last straw was an error that was jamming up my computer. Every time I would open Outlook Express, it would hang while the Anti Spam program would scan the mail and then suddenly it would hang and the error would come up something about

 

ADMINISTRATOR WOULD NOT ALLOW ME TO ACCESS THE PAGE or soemthing like that- I lost the paper I wrote it down on.

 

 

Now, I am the only one on the computer and it is passworded so NO ONE ever comes on here- that began to alert me that something had broken into my system.

 

Now, I have run Spybot, CWShredder, and Adaware every single week since I have owned the system WITHOUT FAIL.

 

 

So, after receiving this warning, I ran an antivirus scan with CA Antivirus and it claimed that nothing was wrong. I ran every single anti spyware program I have and even tested it here at the PC PITSTOP.

 

 

 

At last I began to see my screen dissolve. It goes to about half visual integrity and then I am not able to see very well. Then it would come back. This messed up video would continue through a reboot and it even scrambled up through the loading process of windows.

 

 

I tried de-installing the video drivers which seemed to help for a moment, and then once re-installed, over the course of a few hours, it was corrupted again. I was sure that some malicious code had gotten into my system due to the instability of the problem.

 

 

I de-installed the CA suite(reinstalling the antivirus standing alone), which helped a lot- the system was no longer bogged down. However, eventually the video problem came back.

 

 

 

I did a system restore to where it was before I had the CA suite installed and it all seemed fine for almost a whole day. Suddenly the video problem was back again.

 

 

 

I scanned once again deeply with the re-installed CA Antivirus (I did not install the rest of the suite) and I did 4 different anti spyware scans with

Spybot

Adaware

CWshredder

and your online scanner

 

Nothing is showing up at all.

 

 

 

I did one more restore for the last time I restored and it all was fine, but then went again.

 

 

 

Now, I have noticed one pattern here. When I open the Outlook Express, it seems to launch the video problem off more often than anything else. However, it is an intermitent problem. It is not exclusive to the Outlook Express.

 

 

 

As I have been trying to get help here typing this now- my screen dissolved to half integrity again but then snapped back on working fine. Lots of bright green dots and colors are off when this happens. Colors get all scrambled. Now it is back to normal working completely fine.

 

 

I was able to remove norton using the removal tool and have since run several more online scans and cleaned up more files.

 

Most recently I have done a HOUSECALL scan which told me that it found a bunch of problems but that there was not information on the infections. When I cleaned it up with HOUSECALL, many viruses, trojans and worms showed up in the bottom gray bar at the left side- I am not sure if that is what it was removing or not, but it seemed to be.

 

I got stuck into another scan of HOUSECALL, so when that is done I will erase this log and repost another one ASAP.

 

Note: This is the most current log since my most recent cleaning.

 

 

 

Well, I want to know why nothing else could detect these problems up until now and if HJT log will tell us what that is too???? I also want to know what to do to protect my system from getting this kind of thing again.

 

Here is my log

 

NOTE: I have noticed that a few entries that I have deactivated through MSconfig in startup have reappeared. Not sure why this is happening. I have not done any changes since I removed them a few hours ago.

 

 

I apologize, but I am not sure what it is that you want to see, so I have posted all of it- please delete whatever you do not need. I ran a whole host of tests and cleaning programs before running this.

-------------------------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:37:36 PM, on 5/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\zHotkey.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

C:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\CA\eTrust Antivirus\caissdt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe

C:\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\ntvdm.exe

C:\My Corkboard\CORK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Spybot - Search & Destroyv14\TeaTimer.exe

C:\HijackThis May 06\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00000000-0000-4F7D-A9F7-FD9B5D4006A8} - C:\DOCUME~1\Owner\LOCALS~1\Temp\Temp.dll (file missing)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~2\SDHelper.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Antivirus\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Spybot - Search & Destroyv14\TeaTimer.exe

O4 - Startup: AMI-Up2Date.lnk = C:\Program Files\Alchemy Mindworks\Up2Date\AMI-up2date.exe

O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE

O4 - Startup: MyCorkboard.lnk = C:\My Corkboard\CORK.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Event Reminder.lnk = C:\PrintMaster 16\pmremind.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Notify Check.lnk = C:\Program Files\Lewe\NotifyPlus\Notify.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab

O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148246050625

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15009/CTPID.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by caprig
Link to post
Share on other sites

Open notepad, then click "Format" --->uncheck Word Wrap

 

Please rescan with HJT and post a new log. The one you've posted is difficult to read in it's present format. Thanks

Jacee

Link to post
Share on other sites

Open notepad, then click "Format" --->uncheck Word Wrap

 

Please rescan with HJT and post a new log. The one you've posted is difficult to read in it's present format. Thanks

Jacee

 

 

There, is that better? :)

 

I knew that something was wrong- my mind is shot with this stress for the last week of this nightmare...... :crash: :crash: :crash: :pullhair::pullhair:

Edited by caprig
Link to post
Share on other sites

At one time CorkBoard was bundled with IGetNet. Have you seen any signs of searches being redirected? Is your homepage the one you set and want?

 

Okay, let's see what we can fix for you.

 

First disable Spybot's TeaTimer and Ewido's realtime monitor (they will try to interfere):

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

 

Edwido also has a real time monitor. Here's how to disable:

 

From the system tray:

Right-click the system tray icon and uncheck real time protection.

 

or

 

From within Edwido -

Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.

 

 

Next,

 

Click Start > Run type services.msc > OK

In the list of services find:

LiveUpdate - Symantec Corporation

PrismXL - New Boundary Technologies

 

Rightclick those lines and choose Properties.

On the General tab Stop and set the service to disabled

 

Now, rescan with HJT, place a check next to these items:

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {00000000-0000-4F7D-A9F7-FD9B5D4006A8} - C:\DOCUME~1\Owner\LOCALS~1\Temp\Temp.dll (file missing)

 

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

 

O4 - Startup: PowerReg Scheduler.exe

 

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

 

O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

 

Close all windows and open programs except for HJT, then click "fix checked".

 

Go to Add/Remove Programs and see if anything relating to "symantec" is there, remove if found.

Also remove New Boundary\PrismXL if found.

 

Reboot into safe mode:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Navigate to C:\Programs and delete the FOLDERS

 

C:\PROGRA~1\Symantec\LIVEUP~1 <---delete all Symantec folders found

C:\Program Files\Common Files\New Boundary

 

Reboot/restart your computer.

 

Download ATF Cleaner

http://www.atribune.org/content/view/19/2/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

Click on the Programs tab then click the "Reset Web Settings" button.

Click Apply then OK.

 

Defrag

 

Post a new HJT log and let me know how you're doing.

Link to post
Share on other sites
At one time CorkBoard was bundled with IGetNet. Have you seen any signs of searches being redirected? Is your homepage the one you set and want? [\quote]

 

No, I got corkboard on its own. My homepage is just what I set it to be- I have never had redirection problems either.

 

 

The only thing that I did not do above is I did not reset my web settings. I did a lot of beefing up security settings and I did not want to have to redo that all over again.

 

 

The video problem seems to have settled itself into a pattern of behavior.

 

Instead of being erratic and happening a lot, it seems to be settled into the pattern of acting up ONLY after a COLD BOOT.

 

Everything looks fine until I open Outlook Express and then it sends the video into that garbled phase. It might last for a few minutes or up to 6 minutes and then it goes back to normal.

 

It looks like SOMETHING in Outlook Express is causing the problem- because the orignal problem I had was in Outlook Express - the incoming mail was getting slower and finally it was hanging up and not letting me use it at all- a box popped up saying that the Administrator was not allowing me to use this application.

 

As I said before, I am the only person on here ever.

 

The video problem seems to be set off by Outlook Express.

 

I can not figure out what it could be- all windows updates are installed, and all security patches too.

 

I tried to find the updated video drivers, but nothing else has changed on my system, I am not sure that they really need to be changed- they almost seem corrupted. I tried to reinstall the existing ones, but they just come back, and after about a day the problem is back.

 

Any more insights?

 

Like I said in the title- this is one of the toughest I have come across in a while. No one can seem to figure out what it could be.

Edited by caprig
Link to post
Share on other sites

:blushing: SOrry, I did not see that button-

 

I am very fried from working on this for days on end.

 

 

:crash:

:hammer:

:thud:

 

I thought I posted the log. :huh: I will go get it- be right back.

 

Okay, here it is. :rolleyes:

(I also ran a new pit test in the tech express area if that helps any)

 

---------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 8:27:15 PM, on 5/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\zHotkey.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

C:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\CA\eTrust Antivirus\caissdt.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVRID.exe

C:\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\My Corkboard\CORK.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\HijackThis May 06\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~2\SDHelper.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Antivirus\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: AMI-Up2Date.lnk = C:\Program Files\Alchemy Mindworks\Up2Date\AMI-up2date.exe

O4 - Startup: MyCorkboard.lnk = C:\My Corkboard\CORK.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Notify Check.lnk = C:\Program Files\Lewe\NotifyPlus\Notify.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148246050625

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15009/CTPID.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by caprig
Link to post
Share on other sites

I am very frustrated=

I put in the updated video drivers for my card and the problem is worse than ever.

 

I can not take this anymore.

 

It blinks on and off- and has a lot of small vertical lines- like looking through a screen door.

 

There has to be something eating at this system.

 

*sob*

:help: :help: :help: :help:

Link to post
Share on other sites

caprig, I can understand your frustration :(

 

Take a look at these two links and see if there might be some information that would apply to your situation:

 

http://www.computerhope.com/help/monitor.htm

 

http://www.daniweb.com/techtalkforums/thread4457.html

 

I would also like to see a Panda Active Scan report

 

Please go

HERE

to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button

 

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

 

Click the big Scan Now button

 

*If it wants to install an ActiveX component allow it

*It will start downloading the files it requires for the scan (Note: It may

take a couple of minutes)

 

When download is complete, click on My Computer to start the scan

 

*Leave the autoclean checked

 

When the scan completes, if anything malicious is detected, click the See

Report button, then Save Report and save it to a convenient

location (activescan.txt to desktop). Post the contents of the

ActiveScan report

Link to post
Share on other sites

Sorry it took so long to come back, my video went AWOL pretty badly yesterday so I kept testing it to see what patterns were happening.

 

Today, I did not open Outlook Express at all and my computer video has been perfect.

 

I plan on trying to open it after I am all done and see what happens.

 

I will try to follow your instructions either tonight or tomorrow, assuming that I can see all right to do it!

 

 

 

What I want to know is if anyone is aware of the last update Microsoft has done to Outlook Express.

 

I have a suspicion that a windows XP update to outlook express might be what set this problem off.

 

Anyway, I will be back hopefully with more information for you.

 

BTW, I thank you for your clear and patient explanations. You are delightful to work with and I appreciate you taking the time to help me. :clap::clap::clap:

 

I will be using this information to clean up another person's computer that has similar problems too, so I have taken copious notes.

 

:clap:

 

 

I will be back soon!

 

Thanks again for all of your help. :adios:

Link to post
Share on other sites

I am scanning with Panda now. Sorry it took a while, but the few times that I tried to get on the computer, the video was so bad that I could not see to type.

 

I have de-installed the video driver completely using ATI uninstaller program (I have a radeon 9550 card) and then installed the newest driver, which happens to be a lot worse.

 

I do know that MS updates to XP have been raising havoc with some people's video drivers.

 

Unfortunately, I seem to be one of them and no one will help me from either place- MS or ATI.

 

Anyway, I will post the Panda scan when it is done. This is so upsetting.

Link to post
Share on other sites

Panda results

 

Incident Status Location

 

Spyware:Cookie/2o7 Not disinfected

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Spyware:Cookie/BurstNet Not disinfected

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Spyware:Cookie/Com.com Not disinfected

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Spyware:Cookie/BurstBeacon Not disinfected

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Spyware:Cookie/Zedo Not disinfected

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

Spyware:Application/PRScheduler Not disinfected

C:\HijackThis May 06\backups\backup-20060523-194003-792-PowerReg Scheduler.exe

Spyware:spyware/web3000 Not disinfected C:\WINDOWS\hh.ico

Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat

Link to post
Share on other sites

Please download the Killbox © Option^Explicit.

Unzip it to the desktop but do NOT run it yet.

 

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.

Please double-click Killbox.exe to run it.

Select:

Delete on Reboot

then Click on the All Files button.

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

 

C:\WINDOWS\hh.ico

C:\WINDOWS\pcconfig.dat

 

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

 

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

 

If your computer does not restart automatically, please restart it manually.

 

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

 

Updating Java:

  • Go to Start > Control Panel double-click on the

    Software icon > add/remove programs.

  • Search in the list for all previous installed versions of Java. (J2SE or JRE

    Runtime Environment.... )

     

    Select it and click Remove.

  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp

Reboot and run another Panda Active Scan. Post the results.

Link to post
Share on other sites

Video is too bad to do anything today. Will try again later. This time it was not clearing up at all.

 

Due to the heat and emergencies with our water, I have not had a chance to reseat my graphics card, which I also plan to do really soon. I just need some time to do it where I am not bothered.

 

I will let you know what I get through with your instructions.

 

Thanks!

Link to post
Share on other sites
  • 2 weeks later...

Hi,

I am writing from someone else's computer today- I had some really bad video problems so I never got to do what you asked me to do before.

 

Then my DH boss got in a very serious car accident, so I was not able to disassemble my computer to reseat the video card yet.

 

I plan to do it quickly, and apologize for the long silence. I just could not see well enough to type online!!!!

 

:(

Link to post
Share on other sites
×
×
  • Create New...