also @ TechSpot: Leaked next generation iPhone casing photos validate multiple rumors

TechSpot

TechSpot News Products Downloads Forums

[Resolved] Laptop keyboard hardware problem or Virus?

Discussion in 'Virus and Malware Removal' started by wakwak1214, Jul 10, 2011.

Thread Status:: Not open for further replies.

Page 1 of 2

wakwak1214 Newcomer, in training

Of course, without fail, it's summer time and problems creep in with my laptop. Last summer it was a rootkit and techspot helped me with that! Thanks, problem solved.

PROBLEM: This time it's with the laptop keyboard. Just this afternoon my laptop keyboard just refused to work (not type properly). I've reseted several times already, unplugged everything, disconnected power. The laptop keyboard still refuses to work. For example, my F would become 5.....J would become 6.... the number row above the letter rows wouldn't work. There were even mouse problems with highlight and clicking objects on my desktop. For example, when I'd try to click on a folder, it would highlight all the folders above it as well (it's like the ctrl button is being pressed so everything is highlighted). Even trying to run the scanning process and copy and paste the logs have been a challenge.
My mom said she dripped some water this morning on my pad but she said it was very very little.
Currently I am using a keyboard attached to the USB port. Even that sometimes craps up.

Nonetheless, here are several things I updated/downloaded recently aside from my virus scanner updates: Skype, a few movies/shows from places like megaupload (these weren't zip /rar files just avi files) . I have since deleted all those.

Here are some of my scans:
I did mbam a few times (1st time I aborted because I realize I had did the full scan. I cleared out the infected files anyhow)

wakwak1214, Jul 10, 2011

#1
wakwak1214 Newcomer, in training

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 3:17:55 PM
mbam-log-2011-07-10 (15-17-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 52458
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

wakwak1214, Jul 10, 2011

#2
wakwak1214 Newcomer, in training

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 3:25:19 PM
mbam-log-2011-07-10 (15-25-19).txt

Scan type: Quick scan
Objects scanned: 185224
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\googletalk (Trojan.Agent) -> Value: googletalk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790772B1765D5734A893 (Malware.Trace) -> Value: SRS_IT_E8790772B1765D5734A893 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\wakwak\application data\google talk\googletalk.exe (Trojan.Agent) -> Quarantined and deleted successfully.

wakwak1214, Jul 10, 2011

#3
wakwak1214 Newcomer, in training

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7065

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 4:30:58 PM
mbam-log-2011-07-10 (16-30-58).txt

Scan type: Quick scan
Objects scanned: 185825
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

wakwak1214, Jul 10, 2011

#4
wakwak1214 Newcomer, in training

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by wakwak at 15:33:04 on 2011-07-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1105 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\PM Agent\WisFnCtrlSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpfnf5.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://tssi.ycdsb.ca/logOnInitAction.do
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FFTI] c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\wakwak\application data\mozilla\firefox\profiles/apgqgw1y.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [cssauthe] "c:\program files\ibm thinkvantage\client security solution\cssauthe.exe" silent
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-7-25 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-7-25 5248]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-7-28 7040]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
R2 WisFnCtrlSvc;WisFnCtrlSvc;c:\program files\pm agent\WisFnCtrlSvc.exe [2006-6-11 28672]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\naveng.sys [2011-3-17 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\navex15.sys [2011-3-17 1360760]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ancsq.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-7-28 17792]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
.
=============== Created Last 30 ================
.
2011-07-10 19:25:32 54016 ----a-w- c:\windows\system32\drivers\phumfeiu.sys
2011-07-07 03:21:57 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2011-07-10 04:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-06-30 01:46:17 138 ---ha-w- c:\documents and settings\wakwak\application data\lakerda1967.sys
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:34:34.79 ===============

wakwak1214, Jul 10, 2011

#5
wakwak1214 Newcomer, in training

Deleted because I posted the wrong file

wakwak1214, Jul 10, 2011

#6
wakwak1214 Newcomer, in training

Gmer part 1
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-10 16:48:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 HTS54108 rev.MB4I
Running: ksf4vczx.exe; Driver: C:\DOCUME~1\wakwak\LOCALS~1\Temp\pwrdypob.sys

---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9E83818]
SSDT E1ACA0B0 ZwConnectPort
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9E837D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9E77A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9E782A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9E83910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9E83794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9E782C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9E83866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9E830B0]
SSDT spoe.sys ZwSetValueKey [0xB9ECE29C]

INT 0x62 ? 8A802BF8
INT 0x63 ? 8A791BF8
INT 0x84 ? 89C15BF8

---- Kernel code sections - GMER 1.0.15 ----

? phumfeiu.sys The system cannot find the file specified. !
? spoe.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B5D078AC 5 Bytes JMP 89C151D8
init C:\WINDOWS\System32\drivers\FNETURPX.SYS entry point in "init" section [0xBA63E380]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1072] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spoe.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A78F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D8138B5C-1CF3-4B61-BDDD-BE8FF03ACE95} 899B8500
Device \Driver\usbuhci \Device\USBPDO-0 89CC91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{233698EA-5171-4356-AF4D-CF410FDCAC23} 899B8500
Device \Driver\usbuhci \Device\USBPDO-1 89CC91F8
Device \Driver\usbuhci \Device\USBPDO-2 89CC91F8
Device \Driver\usbuhci \Device\USBPDO-3 89CC91F8
Device \Driver\usbehci \Device\USBPDO-4 89CFA1F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8031F8
Device \Driver\Cdrom \Device\CdRom0 89ADDC88
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8031F8
Device \FileSystem\Rdbss \Device\FsWrap 89B74968
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D837B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89ADD008
Device \Driver\atapi \Device\Ide\IdePort0 89ADD008
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D837B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89ADDC88
Device \Driver\NetBT \Device\NetBt_Wins_Export 899B8500
Device \Driver\NetBT \Device\NetbiosSmb 899B8500
Device \FileSystem\Srv \Device\LanmanServer 89B85E88

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 89CC91F8
Device \Driver\usbuhci \Device\USBFDO-1 89CC91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8933B500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B970D8
Device \Driver\usbuhci \Device\USBFDO-2 89CC91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8933B500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B970D8
Device \Driver\usbuhci \Device\USBFDO-3 89CC91F8
Device \FileSystem\Npfs \Device\NamedPipe 89B54AA8
Device \Driver\usbehci \Device\USBFDO-4 89CFA1F8
Device \Driver\Ftdisk \Device\FtControl 8A8031F8
Device \FileSystem\Msfs \Device\Mailslot 89B51E88
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 89B3C7D8
Device \Driver\d347prt \Device\Scsi\d347prt1 89B3C7D8
Device \FileSystem\Fastfat \Fat 89452500
Device \FileSystem\Fastfat \Fat 893AE3C8
Device \FileSystem\Fastfat \Fat 99836297

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B3A0E0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B3A0E0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B3A0E0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B3A0E0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B3A0E0
Device \FileSystem\Cdfs \Cdfs 89476500
Device \FileSystem\Cdfs \Cdfs 89B67790

---- Modules - GMER 1.0.15 ----

Module _________ B9D2A000-B9D42000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0

wakwak1214, Jul 10, 2011

#7
wakwak1214 Newcomer, in training

---- Files - GMER 1.0.15 ----

Extra GMER entries deleted by Bobbye

wakwak1214, Jul 10, 2011

#8
wakwak1214 Newcomer, in training

Excess GMER entries deleted by Bobbye

wakwak1214, Jul 10, 2011

#9
wakwak1214 Newcomer, in training

Excess GMER entries deleted by Bobbye

wakwak1214, Jul 10, 2011

#10
wakwak1214 Newcomer, in training

\Excess GMER entries deleted by Bobbye

wakwak1214, Jul 10, 2011

#11
wakwak1214 Newcomer, in training

Excess GMER entries deleted by Bobbye

wakwak1214, Jul 10, 2011

#12
wakwak1214 Newcomer, in training

Excess GMER entries deleted by Bobbye

wakwak1214, Jul 10, 2011

#13
Bobbye Helper on the Fringe
Welcome to TechSpot! Let's work on this:

My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me.

If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.

Follow the order of the tasks I give you. Order is crucial in cleaning process.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
1. Please remove Click Potato There is nothing good about it! It's usually an extension or plugin in Firefox.
2. Then uninstall Bit Comet> Here's why:
Even if you are using a "safe" P2P program, it is only the program that is safe.

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.

Malware writers use these program to include malicious content.

File sharing is usually unmonitored and there is a danger that your private files might be accessed.

The 'sharing' also includes malware that the shared system has on it.

Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
=============================================
Please read the directions carefully. The GMER instructions say specifically:

Warning ! Please, do not select the "Show all" checkbox during the scan.Post the log.

Obviously you missed thi or the log wouldn't go on and on and on..................I will be deleting most of it after I've checked it.
=============================================
Please follow the additional steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

That will produce 2 logs from DDS. You do not need to run Mbam or GMER again.
================================================
When you have finished the above, please go on to:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
================================================
You might want to check the settings in Notify: tphotkey - tphklock.dll Try Control Panel> Keyboard and look there.
Bobbye, Jul 11, 2011

#14
wakwak1214 Newcomer, in training

Hey Bobbye,
Apologies for the GMER post.
I don't think I have Click Potato installed, I didn't see anything in Control panel.
Here is my dds scan I completed again:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by wakwak at 16:48:10 on 2011-07-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1252 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\PM Agent\WisFnCtrlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://tssi.ycdsb.ca/logOnInitAction.do
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FFTI] c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\wakwak\application data\mozilla\firefox\profiles/apgqgw1y.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [cssauthe] "c:\program files\ibm thinkvantage\client security solution\cssauthe.exe" silent
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.8.30.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-7-25 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-7-25 5248]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-7-28 7040]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\naveng.sys [2011-3-17 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110316.007\navex15.sys [2011-3-17 1360760]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ancsq.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-7-28 17792]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-10 04:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-06-30 01:46:17 138 ---ha-w- c:\documents and settings\wakwak\application data\lakerda1967.sys
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:49:29.28 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2006 6:13:29 AM
System Uptime: 7/12/2011 9:20:39 AM (7 hours ago)
.
Motherboard: LENOVO | | INVALID
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 980/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 0.485 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP240: 7/10/2011 4:19:42 PM - Removed Skype™ 5.3
RP241: 7/11/2011 8:22:56 PM - System Checkpoint
.
==== Installed Programs ======================
.
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player 11.5
AVI/MPEG/RM/WMV Splitter 4.28
Badongo
BitComet 0.93
BlackBerry Desktop Software 6.0
Boilsoft Video Splitter 6.32
Bonjour
Broadcom 802.11 Network Adapter
Canon i455
Catan Online World
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Corel Photo Album 6
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
DAEMON Tools
Diskeeper Lite
DivX Content Uploader
DivX Web Player
docXConverter 3.1.3
eMule
EPSON Printer Software
ESET Online Scanner v3
FirstClass® Client
FLV Player 1.3.3
Granite
Help Center
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hotkey Features Setup
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IHMC CmapLite v5.03
Intel(R) Graphics Media Accelerator Driver
InterVideo InstantON (remove only)
InterVideo WinDVD
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Lenovo Care
Lenovo Care Supplement
Lenovo Hard Drive Quick Test
LiveUpdate 3.0 (Symantec Corporation)
Logitech® Camera Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Demo
Network Play System (Patching)
NJStar Communicator
On Screen Display
Opera 10.60
PC-Doctor 5 for Windows
PCMan Novus
PM Agent V1.0.0.8
Presentation Director
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet NIC Driver
Realtek High Definition Audio Driver
Rescue and Recovery
Scrabble
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Small Business Center
SpeedFan (remove only)
SpywareBlaster 4.4
Starcraft
StuffIt 11
Symantec AntiVirus
Synaptics Pointing Device Driver
ThinkPad PC Card Power Policy
ThinkVantage Technologies Welcome Message
TurboHddUsb
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veoh Player
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.9
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WZebra 4.2.4
XP Themes
YouTube Downloader 2.5
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 1:34:32 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/7/2011 1:33:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SASKUTIL
7/7/2011 1:33:19 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/12/2011 4:48:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
7/10/2011 4:19:51 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

wakwak1214, Jul 12, 2011

#15
wakwak1214 Newcomer, in training

I tried to disable my Symantec AV live scans but it wouldn't really deactivate.

ComboFix 11-07-12.08 - wakwak 07/12/2011 16:57:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1265 [GMT -4:00]
Running from: c:\documents and settings\wakwak\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\wakwak\Application Data\Google Talk
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 04:00 . 2006-06-11 16:34 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-06-30 01:46 . 2011-01-19 22:05 138 ---ha-w- c:\documents and settings\wakwak\Application Data\lakerda1967.sys
2011-05-29 13:11 . 2010-07-21 06:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-07-21 06:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-17 737369]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-28 16005120]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-22 544768]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-15 1236992]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-02-23 106496]
"cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2006-02-28 1992240]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2004-08-02 124232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-25 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-01-11 22:05 13824 ------w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-23 00:05 81920 ------w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-03-01 18:51 196710 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 23:40 155648 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-07-25 14:22 180269 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
2010-07-28 18:37 3327488 ----a-w- c:\program files\TurboHddUsb\TurboHddUsb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Stuffit Archive Name Service"=2 (0x2)
"SamSs"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"DefWatch"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Diskeeper"=3 (0x3)
"ccPwdSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:Starcraft 6112 UDP
"25653:TCP"= 25653:TCP:BitComet 25653 TCP
"25653:UDP"= 25653:UDP:BitComet 25653 UDP
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"6112:TCP"= 6112:TCP:Starcraft 6112 TCP
"6113:TCP"= 6113:TCP:SC TCP 6113
"6113:UDP"= 6113:UDP:SC UDP 6113
"6114:TCP"= 6114:TCP:SC TCP 6114
"6114:UDP"= 6114:UDP:SC UDP 6114
"6115:TCP"= 6115:TCP:SC TCP 6115
"6116:TCP"= 6116:TCP:SC TCP 6116
"6117:TCP"= 6117:TCP:SC TCP 6117
"6118:TCP"= 6118:TCP:SC TCP 6118
"6119:TCP"= 6119:TCP:SC TCP 6119
"6115:UDP"= 6115:UDP:SC UDP 6115
"6116:UDP"= 6116:UDP:SC UDP 6116
"6117:UDP"= 6117:UDP:SC UDP 6117
"6118:UDP"= 6118:UDP:SC UDP 6118
"6119:UDP"= 6119:UDP:SC UDP 6119
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/25/2006 9:42 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/25/2006 9:42 AM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/18/2010 4:30 PM 691696]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [7/28/2010 2:37 PM 7040]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [7/28/2010 2:37 PM 17792]
.
.
------- Supplementary Scan -------
.
uStart Page = https://tssi.ycdsb.ca/logOnInitAction.do
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\wakwak\Application Data\Mozilla\Firefox\Profiles\apgqgw1y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,36,25,47,4f,84,83,47,b7,a7,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,36,25,47,4f,84,83,47,b7,a7,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\tphklock.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-07-12 17:09:12
ComboFix-quarantined-files.txt 2011-07-12 21:09
ComboFix2.txt 2010-08-06 22:41
.
Pre-Run: 427,757,568 bytes free
Post-Run: 411,844,608 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect
.
- - End Of File - - DE71C6865248DBDE9FC6A4E8B2C65C88

wakwak1214, Jul 12, 2011

#16
wakwak1214 Newcomer, in training

You might want to check the settings in Notify: tphotkey - tphklock.dll Try Control Panel> Keyboard and look there.

By the way I'm using a Lenovo 3000 v100. I've had it for quite a few years (almost 5!) already but I'm just not ready to give up on it just because of some keyboard problem. Granted my CD-rom drive has been broken for the past 3 years and I haven't even replaced it. Otherwise, it's served me well.

I'm not familiar with this. I don't believe I have enabled hotkeys especially since I have really next to know idea what they are.
I checked under Control Panel > Keyboard... what do I do next? I see two devices: HID Keyboard Device and the Standard 101/102-key or Microsoft Natural PS/2 Keyboard. Says both are running fine.

Keyboard problems still exist. Nothing is really typing on my laptop keyboard. Still using my external keyboard attached to USB.

ooof ok... just right now as I was typing this message on my USB keyboard, everything on this Mozilla browser window shrunk...I mistakenly nudged my laptop...and it's as if someone had just pressed ctrl + - . Is it a hardware problem after all?

Just a quick update again. I just reset my computer because of some Microsoft updates to take effect. It had trouble booting (wouldn't let me select my booting configurations) apparently because some button was depressed and it wouldn't let me boot. I figured it was the ctrl key so i just held it and selected it. It then booted. Starting to think it's a hardware problem.

wakwak1214, Jul 12, 2011

#17
Bobbye Helper on the Fringe

Please explain "I reset my computer."

I just reset my computer because of some Microsoft updates to take effect.

It would have been best if you had not updateed while we were working on the system.

Take a look in the Device Manager> see if there is an error icon for any of the drivers:

Control Panel> System> Hardware> Device Manager> Click on + sign on both keyboard and 'Pointing Devices

Bobbye, Jul 14, 2011

#18
wakwak1214 Newcomer, in training

Sorry, about the updates part. I misunderstood what you said about

Please follow the additional steps in the Preliminary Virus and Malware Removal thread HERE.

Thought the additional steps were to update my other stuff. Apologies.

Just checked the 'device manager'. I found and clicked the '+' 'keyboard'. It displays my HID Keyboard Device (which is probably my USB keyboard) and Standard 101/102 keys or Microsoft Natural PS/2 Keyboard (my laptop keyboard?!). It says both of them are running properly when I click in. I don't see any' Xs' or '!s' for anything in device manager.

I didn't find pointing device. My touchpad/pointing device and the left/right click works fine though.

wakwak1214, Jul 14, 2011

#19
Bobbye Helper on the Fringe
I don't think this has anything to do with the keyboard problem, but as far as I'm concerned, anything put on my system without my knowledge and permission is foistware. It's not malware but comes bundled with another program:

This entry has been added to your Firefox profile:

uRunOnce: [FFTI] c:\documents and settings\wakwak\application data\mozilla\firefox\profiles\apgqgw1y.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\wakwak\application data\mozilla\firefox\profiles/apgqgw1y.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

I found this in a Mozilla Forum from their support:

"Thank you for trying out the new Skype 2.6. beta. The beta includes a small extension to your default browser (in your case FireFox) which allows you to call all phone numbers found on web pages very easily. The installer for that is the FFTI.exe you discovered.

This is beta software and we are trying different solutions for how to install this important feature. Evidently you were not sufficiently made aware that the FF extension was about to be installed. I apologize for that!

The Skype install program is made to be very quick and easy to install. A downside of that primary goal, is that we have chosen not to display options such as the install path and this extension installation. There is however an option button where you can change the defualt installation path and opt-out of the FireFox extension installation."

The bold text and red type are mine. I did that to make a point.

Does the school system have an IT available to help with system problems? I'm going to set up script to remove some entries, but I think the keyboard problem is mechanical. Something has gotten jammed up underneath causing the wrong row for the key you press. You may just have to replace the keyboard- that is not a big deal.

Before I give you the script, I would like to to run the Error Checking, aka chkdsk. That is a great feature to work out glitches, if is can be done:

Where to set Error Checking up
You can do the Error Check from Command Prompt:
Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f/r followed by a reboot. Chkdsk will start in a few seconds

Or Windows Explorer:
Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

You have nothing else to do except wait for the system to reboot after the Error Checking has finished.

The choices in Error Checking:

CHKDSK or Error Check alone will only scan the current drive but will not fix errors on the disc or attempt to recover bad sectors. Using Start or Enter begins the process without a reboot.

VolumeSpecifies the drive letter other than the Local Drive (followed by a colon), mount point, or volume name.) To have the checking use a different drive, the Command Chkdsk is followed by the drive letter, then a colon such as chkdsk volume E:

File Errors can be found and fixed using the switch /F The nag message that comes up can be closed and the system rebooted to start the checking.

Recovery of readable information in bad sectors can be done by using the switch /R This implies that the /F switch has also been used. Locates bad sectors and recovers readable information (implies /F).The nag message that comes up can be closed and the system rebooted to start the checking.

(Please note: this is not meant to include all of the options available for Error Checking- just the appropriate options here)
Bobbye, Jul 15, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 2

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved