TechSpot

Laptop keyboard hardware problem or Virus?

Resolved
By wakwak1214
Jul 10, 2011
  1. Of course, without fail, it's summer time and problems creep in with my laptop. Last summer it was a rootkit and techspot helped me with that! Thanks, problem solved.

    PROBLEM: This time it's with the laptop keyboard. Just this afternoon my laptop keyboard just refused to work (not type properly). I've reseted several times already, unplugged everything, disconnected power. The laptop keyboard still refuses to work. For example, my F would become 5.....J would become 6.... the number row above the letter rows wouldn't work. There were even mouse problems with highlight and clicking objects on my desktop. For example, when I'd try to click on a folder, it would highlight all the folders above it as well (it's like the ctrl button is being pressed so everything is highlighted). Even trying to run the scanning process and copy and paste the logs have been a challenge.
    My mom said she dripped some water this morning on my pad but she said it was very very little.
    Currently I am using a keyboard attached to the USB port. Even that sometimes craps up.

    Nonetheless, here are several things I updated/downloaded recently aside from my virus scanner updates: Skype, a few movies/shows from places like megaupload (these weren't zip /rar files just avi files) . I have since deleted all those.

    Here are some of my scans:
    I did mbam a few times (1st time I aborted because I realize I had did the full scan. I cleared out the infected files anyhow)
     
  2. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7030

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/10/2011 3:17:55 PM
    mbam-log-2011-07-10 (15-17-55).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 52458
    Time elapsed: 11 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7030

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/10/2011 3:25:19 PM
    mbam-log-2011-07-10 (15-25-19).txt

    Scan type: Quick scan
    Objects scanned: 185224
    Time elapsed: 6 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\googletalk (Trojan.Agent) -> Value: googletalk -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790772B1765D5734A893 (Malware.Trace) -> Value: SRS_IT_E8790772B1765D5734A893 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\wakwak\application data\google talk\googletalk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
     
  4. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7065

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/10/2011 4:30:58 PM
    mbam-log-2011-07-10 (16-30-58).txt

    Scan type: Quick scan
    Objects scanned: 185825
    Time elapsed: 6 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by wakwak at 15:33:04 on 2011-07-10
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1105 [GMT -4:00]
    .
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\PM Agent\WisFnCtrlSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpfnf5.exe
    C:\WINDOWS\system32\utilman.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://tssi.ycdsb.ca/logOnInitAction.do
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FFTI] c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\wakwak\application data\mozilla\firefox\profiles/apgqgw1y.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
    mRun: [cssauthe] "c:\program files\ibm thinkvantage\client security solution\cssauthe.exe" silent
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\\vptray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    Notify: tphotkey - tphklock.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-7-25 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-7-25 5248]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-7-28 7040]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
    R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
    R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
    R2 WisFnCtrlSvc;WisFnCtrlSvc;c:\program files\pm agent\WisFnCtrlSvc.exe [2006-6-11 28672]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\naveng.sys [2011-3-17 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\navex15.sys [2011-3-17 1360760]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ancsq.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
    S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-7-28 17792]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
    S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
    .
    =============== Created Last 30 ================
    .
    2011-07-10 19:25:32 54016 ----a-w- c:\windows\system32\drivers\phumfeiu.sys
    2011-07-07 03:21:57 -------- d-----r- c:\program files\Skype
    .
    ==================== Find3M ====================
    .
    2011-07-10 04:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-06-30 01:46:17 138 ---ha-w- c:\documents and settings\wakwak\application data\lakerda1967.sys
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 15:34:34.79 ===============
     
  6. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Deleted because I posted the wrong file
     
  7. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Gmer part 1
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-07-10 16:48:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 HTS54108 rev.MB4I
    Running: ksf4vczx.exe; Driver: C:\DOCUME~1\wakwak\LOCALS~1\Temp\pwrdypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9E83818]
    SSDT E1ACA0B0 ZwConnectPort
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9E837D0]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9E77A20]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9E782A8]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9E83910]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9E83794]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9E782C8]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9E83866]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9E830B0]
    SSDT spoe.sys ZwSetValueKey [0xB9ECE29C]

    INT 0x62 ? 8A802BF8
    INT 0x63 ? 8A791BF8
    INT 0x84 ? 89C15BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? phumfeiu.sys The system cannot find the file specified. !
    ? spoe.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B5D078AC 5 Bytes JMP 89C151D8
    init C:\WINDOWS\System32\drivers\FNETURPX.SYS entry point in "init" section [0xBA63E380]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1072] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spoe.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A78F1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{D8138B5C-1CF3-4B61-BDDD-BE8FF03ACE95} 899B8500
    Device \Driver\usbuhci \Device\USBPDO-0 89CC91F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{233698EA-5171-4356-AF4D-CF410FDCAC23} 899B8500
    Device \Driver\usbuhci \Device\USBPDO-1 89CC91F8
    Device \Driver\usbuhci \Device\USBPDO-2 89CC91F8
    Device \Driver\usbuhci \Device\USBPDO-3 89CC91F8
    Device \Driver\usbehci \Device\USBPDO-4 89CFA1F8

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8031F8
    Device \Driver\Cdrom \Device\CdRom0 89ADDC88
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8031F8
    Device \FileSystem\Rdbss \Device\FsWrap 89B74968
    Device \Driver\iaStor \Device\Ide\iaStor0 [B9D837B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89ADD008
    Device \Driver\atapi \Device\Ide\IdePort0 89ADD008
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D837B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Cdrom \Device\CdRom1 89ADDC88
    Device \Driver\NetBT \Device\NetBt_Wins_Export 899B8500
    Device \Driver\NetBT \Device\NetbiosSmb 899B8500
    Device \FileSystem\Srv \Device\LanmanServer 89B85E88

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBFDO-0 89CC91F8
    Device \Driver\usbuhci \Device\USBFDO-1 89CC91F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8933B500
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B970D8
    Device \Driver\usbuhci \Device\USBFDO-2 89CC91F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8933B500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B970D8
    Device \Driver\usbuhci \Device\USBFDO-3 89CC91F8
    Device \FileSystem\Npfs \Device\NamedPipe 89B54AA8
    Device \Driver\usbehci \Device\USBFDO-4 89CFA1F8
    Device \Driver\Ftdisk \Device\FtControl 8A8031F8
    Device \FileSystem\Msfs \Device\Mailslot 89B51E88
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 89B3C7D8
    Device \Driver\d347prt \Device\Scsi\d347prt1 89B3C7D8
    Device \FileSystem\Fastfat \Fat 89452500
    Device \FileSystem\Fastfat \Fat 893AE3C8
    Device \FileSystem\Fastfat \Fat 99836297

    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B3A0E0
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B3A0E0
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B3A0E0
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B3A0E0
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B3A0E0
    Device \FileSystem\Cdfs \Cdfs 89476500
    Device \FileSystem\Cdfs \Cdfs 89B67790

    ---- Modules - GMER 1.0.15 ----

    Module _________ B9D2A000-B9D42000 (98304 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0
     
  8. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    ---- Files - GMER 1.0.15 ----

    Extra GMER entries deleted by Bobbye
     
  9. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Excess GMER entries deleted by Bobbye
     
  10. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Excess GMER entries deleted by Bobbye
     
  11. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    \Excess GMER entries deleted by Bobbye
     
     
  12. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Excess GMER entries deleted by Bobbye
     
  13. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Excess GMER entries deleted by Bobbye
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! Let's work on this:

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    1. Please remove Click Potato There is nothing good about it! It's usually an extension or plugin in Firefox.
    2. Then uninstall Bit Comet> Here's why:
    Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    =============================================
    Please read the directions carefully. The GMER instructions say specifically:
    Obviously you missed thi or the log wouldn't go on and on and on..................I will be deleting most of it after I've checked it.
    =============================================
    Please follow the additional steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    That will produce 2 logs from DDS. You do not need to run Mbam or GMER again.
    ================================================
    When you have finished the above, please go on to:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ================================================
    You might want to check the settings in Notify: tphotkey - tphklock.dll Try Control Panel> Keyboard and look there.
     
  15. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Hey Bobbye,
    Apologies for the GMER post.
    I don't think I have Click Potato installed, I didn't see anything in Control panel.
    Here is my dds scan I completed again:
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by wakwak at 16:48:10 on 2011-07-12
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1252 [GMT -4:00]
    .
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\PM Agent\WisFnCtrlSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://tssi.ycdsb.ca/logOnInitAction.do
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FFTI] c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\wakwak\application data\mozilla\firefox\profiles/apgqgw1y.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
    mRun: [cssauthe] "c:\program files\ibm thinkvantage\client security solution\cssauthe.exe" silent
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\\vptray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    Notify: tphotkey - tphklock.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-7-25 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-7-25 5248]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-7-28 7040]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
    R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
    R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\naveng.sys [2011-3-17 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\navex15.sys [2011-3-17 1360760]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ancsq.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
    S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-7-28 17792]
    S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-07-10 04:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-06-30 01:46:17 138 ---ha-w- c:\documents and settings\wakwak\application data\lakerda1967.sys
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 16:49:29.28 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/16/2006 6:13:29 AM
    System Uptime: 7/12/2011 9:20:39 AM (7 hours ago)
    .
    Motherboard: LENOVO | | INVALID
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 980/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 69 GiB total, 0.485 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP240: 7/10/2011 4:19:42 PM - Removed Skype™ 5.3
    RP241: 7/11/2011 8:22:56 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Access Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    Adobe Reader Chinese Traditional Fonts
    Adobe Shockwave Player 11.5
    AVI/MPEG/RM/WMV Splitter 4.28
    Badongo
    BitComet 0.93
    BlackBerry Desktop Software 6.0
    Boilsoft Video Splitter 6.32
    Bonjour
    Broadcom 802.11 Network Adapter
    Canon i455
    Catan Online World
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    Corel Photo Album 6
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    CutePDF Writer 2.8
    DAEMON Tools
    Diskeeper Lite
    DivX Content Uploader
    DivX Web Player
    docXConverter 3.1.3
    eMule
    EPSON Printer Software
    ESET Online Scanner v3
    FirstClass® Client
    FLV Player 1.3.3
    Granite
    Help Center
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Hotkey Features Setup
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    IHMC CmapLite v5.03
    Intel(R) Graphics Media Accelerator Driver
    InterVideo InstantON (remove only)
    InterVideo WinDVD
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Lenovo Care
    Lenovo Care Supplement
    Lenovo Hard Drive Quick Test
    LiveUpdate 3.0 (Symantec Corporation)
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.3
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Journal Viewer
    Motorola SM56 Data Fax Modem
    Mozilla Firefox (3.6.17)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Demo
    Network Play System (Patching)
    NJStar Communicator
    On Screen Display
    Opera 10.60
    PC-Doctor 5 for Windows
    PCMan Novus
    PM Agent V1.0.0.8
    Presentation Director
    QuickTime
    RealPlayer
    REALTEK GbE & FE Ethernet NIC Driver
    Realtek High Definition Audio Driver
    Rescue and Recovery
    Scrabble
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Small Business Center
    SpeedFan (remove only)
    SpywareBlaster 4.4
    Starcraft
    StuffIt 11
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    ThinkPad PC Card Power Policy
    ThinkVantage Technologies Welcome Message
    TurboHddUsb
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Veoh Player
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.9
    Wallpapers
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WZebra 4.2.4
    XP Themes
    YouTube Downloader 2.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2011 1:34:32 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    7/7/2011 1:33:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SASKUTIL
    7/7/2011 1:33:19 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    7/12/2011 4:48:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
    7/10/2011 4:19:51 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
     
  16. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    I tried to disable my Symantec AV live scans but it wouldn't really deactivate.

    ComboFix 11-07-12.08 - wakwak 07/12/2011 16:57:17.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1265 [GMT -4:00]
    Running from: c:\documents and settings\wakwak\Desktop\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\wakwak\Application Data\Google Talk
    C:\Install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-10 04:00 . 2006-06-11 16:34 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-06-30 01:46 . 2011-01-19 22:05 138 ---ha-w- c:\documents and settings\wakwak\Application Data\lakerda1967.sys
    2011-05-29 13:11 . 2010-07-21 06:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2010-07-21 06:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-17 737369]
    "RTHDCPL"="RTHDCPL.EXE" [2006-02-28 16005120]
    "SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-22 544768]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-15 1236992]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-02-23 106496]
    "cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2006-02-28 1992240]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
    "vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2004-08-02 124232]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-25 180269]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-01-11 22:05 13824 ------w- c:\windows\system32\tphklock.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    2004-08-23 00:05 81920 ------w- c:\program files\D-Tools\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2006-03-01 18:51 196710 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 23:40 155648 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2006-07-25 14:22 180269 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
    2010-07-28 18:37 3327488 ----a-w- c:\program files\TurboHddUsb\TurboHddUsb.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Stuffit Archive Name Service"=2 (0x2)
    "SamSs"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "iPod Service"=3 (0x3)
    "DefWatch"=2 (0x2)
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "wuauserv"=2 (0x2)
    "wscsvc"=2 (0x2)
    "Diskeeper"=3 (0x3)
    "ccPwdSvc"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:UDP"= 6112:UDP:Starcraft 6112 UDP
    "25653:TCP"= 25653:TCP:BitComet 25653 TCP
    "25653:UDP"= 25653:UDP:BitComet 25653 UDP
    "12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
    "6112:TCP"= 6112:TCP:Starcraft 6112 TCP
    "6113:TCP"= 6113:TCP:SC TCP 6113
    "6113:UDP"= 6113:UDP:SC UDP 6113
    "6114:TCP"= 6114:TCP:SC TCP 6114
    "6114:UDP"= 6114:UDP:SC UDP 6114
    "6115:TCP"= 6115:TCP:SC TCP 6115
    "6116:TCP"= 6116:TCP:SC TCP 6116
    "6117:TCP"= 6117:TCP:SC TCP 6117
    "6118:TCP"= 6118:TCP:SC TCP 6118
    "6119:TCP"= 6119:TCP:SC TCP 6119
    "6115:UDP"= 6115:UDP:SC UDP 6115
    "6116:UDP"= 6116:UDP:SC UDP 6116
    "6117:UDP"= 6117:UDP:SC UDP 6117
    "6118:UDP"= 6118:UDP:SC UDP 6118
    "6119:UDP"= 6119:UDP:SC UDP 6119
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/25/2006 9:42 AM 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/25/2006 9:42 AM 5248]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/18/2010 4:30 PM 691696]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [7/28/2010 2:37 PM 7040]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
    S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [7/28/2010 2:37 PM 17792]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://tssi.ycdsb.ca/logOnInitAction.do
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\wakwak\Application Data\Mozilla\Firefox\Profiles\apgqgw1y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-12 17:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,36,25,47,4f,84,83,47,b7,a7,02,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,36,25,47,4f,84,83,47,b7,a7,02,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(788)
    c:\windows\system32\tphklock.dll
    c:\windows\System32\BCMLogon.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2011-07-12 17:09:12
    ComboFix-quarantined-files.txt 2011-07-12 21:09
    ComboFix2.txt 2010-08-06 22:41
    .
    Pre-Run: 427,757,568 bytes free
    Post-Run: 411,844,608 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect
    .
    - - End Of File - - DE71C6865248DBDE9FC6A4E8B2C65C88
     
  17. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    By the way I'm using a Lenovo 3000 v100. I've had it for quite a few years (almost 5!) already but I'm just not ready to give up on it just because of some keyboard problem. Granted my CD-rom drive has been broken for the past 3 years and I haven't even replaced it. Otherwise, it's served me well.

    I'm not familiar with this. I don't believe I have enabled hotkeys especially since I have really next to know idea what they are.
    I checked under Control Panel > Keyboard... what do I do next? I see two devices: HID Keyboard Device and the Standard 101/102-key or Microsoft Natural PS/2 Keyboard. Says both are running fine.

    Keyboard problems still exist. Nothing is really typing on my laptop keyboard. Still using my external keyboard attached to USB.

    ooof ok... just right now as I was typing this message on my USB keyboard, everything on this Mozilla browser window shrunk...I mistakenly nudged my laptop...and it's as if someone had just pressed ctrl + - . Is it a hardware problem after all?


    Just a quick update again. I just reset my computer because of some Microsoft updates to take effect. It had trouble booting (wouldn't let me select my booting configurations) apparently because some button was depressed and it wouldn't let me boot. I figured it was the ctrl key so i just held it and selected it. It then booted. Starting to think it's a hardware problem.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please explain "I reset my computer."

    It would have been best if you had not updateed while we were working on the system.

    Take a look in the Device Manager> see if there is an error icon for any of the drivers:[​IMG]

    Control Panel> System> Hardware> Device Manager> Click on + sign on both keyboard and 'Pointing Devices
     
  19. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Sorry, about the updates part. I misunderstood what you said about

    Thought the additional steps were to update my other stuff. Apologies.

    Just checked the 'device manager'. I found and clicked the '+' 'keyboard'. It displays my HID Keyboard Device (which is probably my USB keyboard) and Standard 101/102 keys or Microsoft Natural PS/2 Keyboard (my laptop keyboard?!). It says both of them are running properly when I click in. I don't see any' Xs' or '!s' for anything in device manager.

    I didn't find pointing device. My touchpad/pointing device and the left/right click works fine though.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I don't think this has anything to do with the keyboard problem, but as far as I'm concerned, anything put on my system without my knowledge and permission is foistware. It's not malware but comes bundled with another program:

    This entry has been added to your Firefox profile:
    I found this in a Mozilla Forum from their support:
    The bold text and red type are mine. I did that to make a point.

    Does the school system have an IT available to help with system problems? I'm going to set up script to remove some entries, but I think the keyboard problem is mechanical. Something has gotten jammed up underneath causing the wrong row for the key you press. You may just have to replace the keyboard- that is not a big deal.

    Before I give you the script, I would like to to run the Error Checking, aka chkdsk. That is a great feature to work out glitches, if is can be done:

    Where to set Error Checking up
    You can do the Error Check from Command Prompt:
    Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f/r followed by a reboot. Chkdsk will start in a few seconds

    Or Windows Explorer:
    Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

    You have nothing else to do except wait for the system to reboot after the Error Checking has finished.

    The choices in Error Checking:
    1. CHKDSK or Error Check alone will only scan the current drive but will not fix errors on the disc or attempt to recover bad sectors. Using Start or Enter begins the process without a reboot.
    2. VolumeSpecifies the drive letter other than the Local Drive (followed by a colon), mount point, or volume name.) To have the checking use a different drive, the Command Chkdsk is followed by the drive letter, then a colon such as chkdsk volume E:
    3. File Errors can be found and fixed using the switch /F The nag message that comes up can be closed and the system rebooted to start the checking.
    4. Recovery of readable information in bad sectors can be done by using the switch /R This implies that the /F switch has also been used. Locates bad sectors and recovers readable information (implies /F).The nag message that comes up can be closed and the system rebooted to start the checking.

    (Please note: this is not meant to include all of the options available for Error Checking- just the appropriate options here)
     
  21. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    OK, I did the error checking overnight. I didn't really see it to completion because it was getting late. Seems like it finished I'm assuming.
    I don't know if I should replace it. Perhaps it's time for a NEW laptop anyway to be honest (my cdrom/burner drives are down/broken, there's a chipped corner of my laptop along with a few dozen scratches, my removable battery is drained/dead (2nd one dead now; I run straight from AC power) and now my keyboard has crapped up). Rarely is it a software problem oddly and the little replacements add up $$. It's been a good 5 years with this one. I'll wait until the end of the year/Christmas maybe and see how long I can take it with the USB keyboard. I have my eyes set on another Lenovo and their employee pricing events online are pretty decent.
    Back to the problem at hand, maybe I'll take out the keyboard to take a look at it and do some cleaning. Usually I don't like taking things apart unless I have to. I'm ready to move on to the next step.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I can't determine if it's the keyboard itself that has gone bad or whether the software running it has gotten corrupt But from the description of the system, it sounds like you should consider putting pennies in a jar and when there are enough, replace the system. What is confusing is that the USB keyboard gets the right keys, so my 'guess' is that it's the hardware keyboard itself gone bad.

    You could also look on the manufacturer's site for model number and get some idea of what replacement keyboard would cost. Or maybe even a used one would do. I'm sorry I can't help you more- I'm not a hardware person!.
     
  23. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    no problems Bobbye! I'll take it apart this weekend to see what's up with it.
    You mentioned a script a few posts back to take out some foistware? Will I need that still?
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Yes, I can still write the script for you to run through Combofix. I'd rather wait until you have finished opening the system and checking- so let me know when that's done.
     
  25. wakwak1214

    wakwak1214 TS Rookie Topic Starter Posts: 44

    Just did the take apart last night with a buddy who knows more about hardware. She's not exactly sure what the cause is but she mentioned something about it looking slightly warped. When we took out the keyboard it was sort of bent up so something might have caused that to happen. We did a good clean and a diluted wipe down. The keyboard still does NOT work; everything is the same still. I've looked into replacing the keyboard through ebay. They're going for about 20$ a pop. Fair enough and hopefully it'll work. Regardless, I'm probably going to get a new one come September.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.