Author Topic: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time (Read 2565 times)

E310 · « **on:** March 25, 2012, 09:46:58 PM »

Hello,

I was helping a family member with their computer, infected by a rootkit, and had to go back and forth between theirs and mine using a flash drive. The internet connection on the infected computer was disabled by the rootkit, so I had to download software to my PC, copy it to the flash drive, etc, and then get the logs from that PC on the flash drive and back to mine to post.

I just want to make sure I didn't pick anything up in the process ...

DDS scans follow. THANKS in advance for taking a look!

Eddie

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Papi at 23:36:05 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2750 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\LockStatusTray.exe
C:\Program Files\VIA\VIAudioi\HDADeck\hdeck.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Documents and Settings\Papi\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\WinMsgBalloonServer.exe
C:\WINDOWS\system32\WinMsgBalloonClient.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\papi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LockStatusTray] c:\windows\LockStatusTray.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\hdeck.exe 1
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\papi\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser hd edition\MBCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.0.162/webrec.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272337390609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: MRCNotify - c:\windows\dwrcs\DWRCWXL.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\papi\application data\mozilla\firefox\profiles\m9zyoaj3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\papi\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-1 98392]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2008-10-2 122880]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-4-25 992256]
S0 cerc6;cerc6;

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2010-4-24 377920]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-12-29 401920]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2011-10-7 1034240]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-3-6 33808]
S3 Pscortp;Pscortp;

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-9 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-9 136176]
.
=============== Created Last 30 ================
.
2012-03-25 14:42:23   6582328   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bcbec203-54bb-4f1a-9eee-efa57a09f738}\mpengine.dll
2012-03-25 14:41:49   592824   ----a-w-   c:\program files\mozilla firefox\gkmedias.dll
2012-03-25 14:41:49   44472   ----a-w-   c:\program files\mozilla firefox\mozglue.dll
2012-03-21 14:21:31   --------   d-----w-   c:\program files\Applian Technologies
2012-03-18 21:11:02   --------   d-----w-   c:\documents and settings\papi\local settings\application data\visi_coupon
2012-03-18 21:10:22   --------   d-----w-   c:\program files\Yahoo!
2012-03-18 16:58:26   --------   d--h--w-   c:\windows\system32\GroupPolicy
2012-03-17 18:26:29   27744   ----a-w-   c:\windows\system32\drivers\point32.sys
2012-03-17 18:25:57   --------   d-----w-   c:\program files\Microsoft IntelliPoint
2012-03-17 18:25:12   --------   d-----w-   c:\program files\Microsoft IntelliType Pro
2012-03-05 00:31:07   409600   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-03-05 00:30:50   --------   d-----w-   c:\windows\system32\Data
2012-03-05 00:25:15   44032   ------w-   c:\windows\system32\CTSVCCDA.EXE
2012-03-05 00:25:15   25088   ------w-   c:\windows\system32\CTSVCCTL.EXE
2012-03-04 18:37:12   8704   ----a-r-   c:\windows\system32\viahdcpl.cpl
2012-03-04 18:37:07   254000   ----a-r-   c:\windows\system32\Audio3D.dll
2012-03-04 17:00:43   --------   d-----w-   C:\NetDownload
2012-03-04 00:48:16   626688   ----a-w-   c:\program files\mozilla firefox\msvcr80.dll
2012-03-04 00:48:16   548864   ----a-w-   c:\program files\mozilla firefox\msvcp80.dll
2012-03-04 00:48:16   479232   ----a-w-   c:\program files\mozilla firefox\msvcm80.dll
2012-02-29 03:20:30   --------   d-----w-   c:\documents and settings\papi\application data\GeoVid
2012-02-29 03:19:54   77824   ----a-w-   c:\windows\system32\xvid.ax
2012-02-29 03:19:54   765952   ----a-w-   c:\windows\system32\xvidcore.dll
2012-02-29 03:19:54   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2012-02-29 03:19:54   --------   d-----w-   c:\program files\common files\VHelper
2012-02-29 03:19:54   --------   d-----w-   c:\program files\common files\GeoVid
2012-02-29 03:19:54   --------   d-----w-   c:\documents and settings\all users\application data\GeoVid
2012-02-29 03:19:52   60416   ----a-w-   c:\windows\system32\dsetup.dll
2012-02-29 03:19:52   1712128   ----a-w-   c:\windows\system32\gdiplus.dll
2012-02-29 03:19:29   --------   d-----w-   c:\program files\GeoVid
2012-02-29 02:56:17   --------   d-----w-   c:\documents and settings\papi\local settings\application data\APN
2012-02-29 02:52:50   --------   d-----w-   c:\program files\DVDVideoSoft
2012-02-29 02:52:50   --------   d-----w-   c:\program files\common files\DVDVideoSoft
2012-02-29 02:52:50   --------   d-----w-   c:\documents and settings\papi\application data\DVDVideoSoft
.
==================== Find3M ====================
.
2012-03-05 00:31:07   114688   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-02-22 00:17:44   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-31 12:44:05   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-09 16:20:25   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-12-28 23:42:01   121275   ----a-w-   c:\windows\File Renamer - Basic Uninstaller.exe
.
============= FINISH: 23:36:39.35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/24/2010 1:02:27 PM
System Uptime: 3/25/2012 10:56:42 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0F896N
Processor: AMD Athlon(tm) 7550 Dual-Core Processor | AM2 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 144.58 GiB free.
D: is FIXED (FAT32) - 466 GiB total, 338.241 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys AE2500
Device ID: USB\VID_13B1&PID_003A\000000000001
Manufacturer: Cisco Consumer Products LLC
Name: Linksys AE2500
PNP Device ID: USB\VID_13B1&PID_003A\000000000001
Service: Linksys_adapter_H
.
==== System Restore Points ===================
.
RP1: 3/4/2012 1:28:16 PM - System Checkpoint
RP2: 3/4/2012 1:30:59 PM - BeforeAudioUpdate
RP3: 3/4/2012 1:32:36 PM - Configured Platform
RP4: 3/4/2012 1:36:42 PM - Configured Platform
RP5: 3/4/2012 1:53:50 PM - Software Distribution Service 3.0
RP6: 3/4/2012 7:24:40 PM - Configured Creative MediaSource 5
RP7: 3/4/2012 7:28:01 PM - Installed WaveStudio 7
RP8: 3/4/2012 7:29:09 PM - Configured Engine Installer
RP9: 3/4/2012 7:29:23 PM - Installed Creative MediaSource
RP10: 3/4/2012 7:29:40 PM - Installed Creative Audio Device Selection
RP11: 3/4/2012 7:29:49 PM - Installed Creative MediaSource Detector
RP12: 3/4/2012 7:29:55 PM - Installed Creative MediaSource Player Skin Pack
RP13: 3/4/2012 7:30:03 PM - Installed Creative Music Store Plugin
RP14: 3/4/2012 7:30:10 PM - Installed Creative MediaSource
RP15: 3/4/2012 7:31:24 PM - Installed Device Control
RP16: 3/4/2012 7:31:42 PM - Installed Creative EAX Settings
RP17: 3/4/2012 7:32:21 PM - Installed Speaker Settings
RP18: 3/4/2012 7:33:14 PM - Installed Creative MediaSource CD-ROM Burner Plugin
RP19: 3/4/2012 7:33:19 PM - Configured Engine Installer
RP20: 3/5/2012 9:14:19 PM - Software Distribution Service 3.0
RP21: 3/6/2012 11:39:04 PM - Software Distribution Service 3.0
RP22: 3/7/2012 3:00:17 AM - Software Distribution Service 3.0
RP23: 3/8/2012 6:04:54 AM - Software Distribution Service 3.0
RP24: 3/8/2012 9:02:20 PM - Software Distribution Service 3.0
RP25: 3/9/2012 9:07:22 PM - Software Distribution Service 3.0
RP26: 3/10/2012 2:23:30 AM - Software Distribution Service 3.0
RP27: 3/10/2012 10:08:44 PM - Software Distribution Service 3.0
RP28: 3/11/2012 10:48:24 PM - System Checkpoint
RP29: 3/12/2012 6:12:04 AM - Software Distribution Service 3.0
RP30: 3/12/2012 9:08:32 PM - Software Distribution Service 3.0
RP31: 3/13/2012 9:00:10 PM - Software Distribution Service 3.0
RP32: 3/14/2012 3:00:15 AM - Software Distribution Service 3.0
RP33: 3/15/2012 4:53:42 AM - System Checkpoint
RP34: 3/15/2012 6:55:35 AM - Software Distribution Service 3.0
RP35: 3/16/2012 9:49:01 AM - Software Distribution Service 3.0
RP36: 3/17/2012 1:36:38 AM - Software Distribution Service 3.0
RP37: 3/17/2012 3:25:37 AM - Software Distribution Service 3.0
RP38: 3/18/2012 8:42:36 AM - Software Distribution Service 3.0
RP39: 3/19/2012 11:11:57 AM - Software Distribution Service 3.0
RP40: 3/20/2012 2:13:22 PM - System Checkpoint
RP41: 3/20/2012 2:36:09 PM - Software Distribution Service 3.0
RP42: 3/21/2012 7:45:13 PM - System Checkpoint
RP43: 3/22/2012 9:24:50 AM - Software Distribution Service 3.0
RP44: 3/23/2012 12:09:35 PM - System Checkpoint
RP45: 3/24/2012 9:05:14 AM - Software Distribution Service 3.0
RP46: 3/25/2012 10:42:19 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
3DVIA player 5.0
ABBYY FineReader 6.0 Sprint
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS
Adobe Photoshop CS
Adobe SVG Viewer 3.0
Amazon Games & Software Downloader
Amazon MP3 Downloader 1.0.12
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.4
Bonjour
CA Yahoo! Anti-Spy (remove only)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplay 1.8
Cisco Connect
CoCSoft Stream Down 3.3
Compatibility Pack for the 2007 Office system
Creative EAX Settings
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative Speaker Settings
Creative WaveStudio 7
DC Universe Online Live
Dell Driver Download Manager
Dell Resource CD
Device Control
Digital Photo Navigator 1.5
DVD Shrink 3.2
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Perf 4490P Guide
EPSON Scan
EPSON Scan Assistant
Everio MediaBrowser HD Edition
EZ Vinyl/Tape Converter 7.7 by MixMeister
File Renamer - Basic
FLV Player 2.0 (build 25)
Free 3GP Video Converter version 5.0.6.221
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Keyboard Lock Status
KODAK Share Button App
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires Gold
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft LifeCam
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Small Business
Microsoft Security Client
Microsoft Security Essentials
Microsoft SharedView
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Platform
player
PowerDirector Express
PowerDVD DX
PowerProducer
QuarkXPress 6.5
Quicken 2011
QuickTime
RAIDXpert
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Recuva
Roxio Burn
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skins
Sound Blaster Audigy
SpywareGuard v2.2
StuffIt Standard Edition 7.5
The Sims Deluxe Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VIA Platform Device Manager
VidCrop
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol
WOT for Internet Explorer
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/21/2012 10:03:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd MRxSmb Rdbss
3/21/2012 10:03:05 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
3/21/2012 10:03:05 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
3/21/2012 10:02:57 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/21/2012 10:02:47 AM, error: Workstation [5727] - Could not load RDR device driver.
3/21/2012 10:02:47 AM, error: Workstation [5727] - Could not load Rdbss device driver.
3/20/2012 7:05:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
3/20/2012 7:05:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/20/2012 7:05:09 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\D.
3/20/2012 2:44:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

1972vet · « **Reply #1 on:** March 26, 2012, 01:18:00 AM »

Greetings E310 and Welcome to our Forums,

Let's take a look inside the box:
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

E310 · « **Reply #2 on:** March 26, 2012, 07:11:14 AM »

Greetings 1972vet!

Thanks for taking this on. Here is the log as requested.

Eddie

ComboFix 12-03-26.01 - Papi 03/26/2012 8:56.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2687 [GMT -4:00]
Running from: c:\documents and settings\Papi\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Papi\Recent\Thumbs.db
c:\windows\settings.reg
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 03:39 . 2012-03-14 02:15   6582328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2CD5865-451F-434C-BF4B-A2B3EB1C3368}\mpengine.dll
2012-03-25 14:41 . 2012-03-25 14:41   592824   ----a-w-   c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-25 14:41 . 2012-03-25 14:41   44472   ----a-w-   c:\program files\Mozilla Firefox\mozglue.dll
2012-03-21 14:21 . 2012-03-21 14:21   --------   d-----w-   c:\program files\Applian Technologies
2012-03-18 21:11 . 2012-03-18 21:11   --------   d-----w-   c:\documents and settings\Papi\Local Settings\Application Data\visi_coupon
2012-03-18 21:10 . 2012-03-18 21:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2012-03-18 21:10 . 2012-03-18 21:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2012-03-18 21:10 . 2012-03-18 21:10   --------   d-----w-   c:\documents and settings\Papi\Application Data\Yahoo!
2012-03-18 21:10 . 2012-03-18 21:10   --------   d-----w-   c:\program files\Yahoo!
2012-03-18 16:58 . 2012-03-18 16:58   --------   d--h--w-   c:\windows\system32\GroupPolicy
2012-03-17 18:26 . 2009-11-05 20:35   27744   ----a-w-   c:\windows\system32\drivers\point32.sys
2012-03-17 18:25 . 2012-03-17 18:26   --------   d-----w-   c:\program files\Microsoft IntelliPoint
2012-03-17 18:25 . 2012-03-17 18:25   --------   d-----w-   c:\program files\Microsoft IntelliType Pro
2012-03-13 22:56 . 2012-03-13 22:57   --------   d-----w-   c:\documents and settings\Eddie\Local Settings\Application Data\Google
2012-03-05 00:31 . 2012-03-05 00:31   409600   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-03-05 00:30 . 2012-03-05 00:30   --------   d-----w-   c:\windows\system32\Data
2012-03-05 00:25 . 1999-12-13 06:01   44032   ------w-   c:\windows\system32\CTSVCCDA.EXE
2012-03-05 00:25 . 1999-11-18 06:00   25088   ------w-   c:\windows\system32\CTSVCCTL.EXE
2012-03-04 18:37 . 2007-07-27 22:30   8704   ----a-r-   c:\windows\system32\viahdcpl.cpl
2012-03-04 18:37 . 2004-11-17 14:29   254000   ----a-r-   c:\windows\system32\Audio3D.dll
2012-03-04 17:00 . 2012-03-26 03:34   --------   d-----w-   C:\NetDownload
2012-03-04 00:48 . 2012-03-04 00:48   626688   ----a-w-   c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-04 00:48 . 2012-03-04 00:48   548864   ----a-w-   c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-04 00:48 . 2012-03-04 00:48   479232   ----a-w-   c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-29 03:20 . 2012-02-29 03:20   --------   d-----w-   c:\documents and settings\Papi\Application Data\GeoVid
2012-02-29 03:19 . 2012-02-29 03:19   --------   d-----w-   c:\program files\Common Files\VHelper
2012-02-29 03:19 . 2012-02-29 03:19   --------   d-----w-   c:\program files\Common Files\GeoVid
2012-02-29 03:19 . 2012-02-29 03:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\GeoVid
2012-02-29 03:19 . 2007-06-29 00:55   77824   ----a-w-   c:\windows\system32\xvid.ax
2012-02-29 03:19 . 2007-06-29 00:54   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2012-02-29 03:19 . 2007-06-29 00:52   765952   ----a-w-   c:\windows\system32\xvidcore.dll
2012-02-29 03:19 . 2005-06-07 21:11   60416   ----a-w-   c:\windows\system32\dsetup.dll
2012-02-29 03:19 . 2004-08-18 21:00   1712128   ----a-w-   c:\windows\system32\gdiplus.dll
2012-02-29 03:19 . 2012-02-29 03:19   --------   d-----w-   c:\program files\GeoVid
2012-02-29 02:56 . 2012-02-29 02:56   --------   d-----w-   c:\documents and settings\Papi\Local Settings\Application Data\APN
2012-02-29 02:52 . 2012-02-29 02:53   --------   d-----w-   c:\documents and settings\Papi\Application Data\DVDVideoSoft
2012-02-29 02:52 . 2012-02-29 02:52   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2012-02-29 02:52 . 2012-02-29 02:52   --------   d-----w-   c:\program files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 12:51 . 2010-09-10 22:58   1324   ----a-w-   c:\documents and settings\Eddie\Local Settings\Application Data\d3d9caps.tmp
2012-03-14 02:15 . 2011-04-01 02:18   6582328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-05 00:31 . 2003-03-28 03:24   114688   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-02-22 00:17 . 2011-06-04 13:09   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2008-04-13 23:00   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-03-30 04:13   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-09 16:20 . 2010-04-24 16:57   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-12-28 23:42 . 2011-12-28 23:41   121275   ----a-w-   c:\windows\File Renamer - Basic Uninstaller.exe
2012-03-25 14:41 . 2011-05-12 03:39   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\hdeck.exe" [2009-01-06 33546240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"P17Helper"="P17.dll" [2005-05-04 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Papi\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-4-26 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-26 110592]
Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2011-12-10 541976]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MRCNotify]
2011-10-14 20:20   54224   ----a-w-   c:\windows\dwrcs\DWRCWXL.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Quicken\\qw.exe"=
"c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\DC Universe Online Live\\UNREAL3\\BINARIES\\WIN32\\DCGAME.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/1/2010 2:37 PM 98392]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [10/2/2008 5:26 PM 122880]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [10/7/2011 10:06 PM 1034240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/25/2010 10:35 AM 992256]
S0 cerc6;cerc6;

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [4/24/2010 1:35 PM 377920]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [12/29/2010 6:12 PM 401920]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [3/6/2011 12:45 PM 33808]
S3 Pscortp;Pscortp;

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2011 4:19 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2011 4:19 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 20:19]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 20:19]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1003Core.job
- c:\documents and settings\Papi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 03:22]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1003UA.job
- c:\documents and settings\Papi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 03:22]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1007Core.job
- c:\documents and settings\Eddie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 22:56]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1007UA.job
- c:\documents and settings\Eddie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-13 22:56]
.
2012-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.0.162/webrec.cab
FF - ProfilePath - c:\documents and settings\Papi\Application Data\Mozilla\Firefox\Profiles\m9zyoaj3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-26 09:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\dwrcs\DWRCWXL.dll
.
Completion time: 2012-03-26 09:05:15
ComboFix-quarantined-files.txt 2012-03-26 13:05
.
Pre-Run: 155,155,554,304 bytes free
Post-Run: 155,871,744,000 bytes free
.
- - End Of File - - A1CADA6A260C0D92C2E5709CAD5CC0AD

1972vet · « **Reply #3 on:** March 26, 2012, 06:24:46 PM »

This entry in the log:
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

Is related to your ps2 syle keyboard/mouse. The fact that file is missing should imply problems with the system's ability to communicate with those hardware devices. Your issue seems related to this by your own description of this thread's title. You will need your installation media to correct this. Do you have it handy?

I need also to point out that you have Microsoft Security Essentials and McAfee Internest Security Suite running side by side. You need only one of those...if you want the free version, then I would keep MSE, otherwise, if you like the suite...then you should uninstall MSE but one or the other needs to go. Let me know what you choose and if you have your install media.

E310 · « **Reply #4 on:** March 26, 2012, 08:48:26 PM »

Well, I'll be ...

I uninstalled McAfee after a battle with a virus a year ago and have been using MSE since. I would love to be completely rid of McAfee! Please tell me what we missed.

The keyboard/mouse combo is brand spanking new. I do have the media for it.

Eddie

1972vet · « **Reply #5 on:** March 27, 2012, 07:33:36 AM »

OK, run the McAfee Removal Tool...and when that completes, reboot, then re-install your kb and mouse software. Reboot again to properly record those changes to the hard disk and post back to let me know how your system is behaving now. Thanks!

E310 · « **Reply #6 on:** March 27, 2012, 06:18:45 PM »

I went one extra step and, after reinstalling the software from the CD, I downloaded the software from Microsoft's web site. This all seems to have done the trick. I logged in to several places and couldn't duplicate the issue. So far, so good.

Next steps?

Eddie

1972vet · « **Reply #7 on:** March 27, 2012, 06:26:45 PM »

OK, run a scan using your MSE and allow the software to quarantine whatever it complains of. When it completes, post back and let me know what it found if anything at all. Good Luck!

1972vet · « **Reply #8 on:** March 28, 2012, 07:36:05 AM »

We should do a couple more rootkit scans as well...
Scan with CKScanner

Click HERE to download CKScanner and save it to your Desktop. <- Important

Right-click CKScanner.exe and click Image Run as Administrator in the context menu.
Click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop.
Click Exit

Copy the contents and paste them in your next reply.

Next:
Please download Rooter.exe and save to your desktop.

Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
Click the Scan button to begin.
Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
Rooter will automatically close. If it doesn't, just press the Close button.
Copy and paste the contents of Rooter_#.txt in your next reply.

E310 · « **Reply #9 on:** March 29, 2012, 04:08:07 PM »

Hello ... MSE did not find anything. Here are the reports from the Tools you advised:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\papi\my documents\my fonts\giganews_fonts\mostwanted_fonts__e-g_\fzjazzycracked.zip
c:\documents and settings\papi\my documents\my fonts\giganews_fonts\mostwanted_font_c-d\crackdown.zip
c:\documents and settings\papi\my documents\my fonts\giganews_fonts\mostwanted_font_c-d\crackedjohnnie.zip
c:\documents and settings\papi\my documents\my fonts\giganews_fonts\mostwanted_font_c-d\crackpot.zip
c:\program files\mame\mame36\icons\cracksht.ico
c:\program files\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\dcfxgroups\power\electric\dcfxpowele_thundercrack_imp.upk
scanner sequence 3.FN.11.MLLBMW
----- EOF -----

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 16 Model 2 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 11.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:288 Go - Free:108 Go )
D:\ [Fixed-FAT32] .. ( Total:465 Go - Free:338 Go )
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [CD_Rom]
.
Scan : 18:05.05
Path : C:\Documents and Settings\Papi\Desktop\Rooter.exe
User : Papi ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (576)
______ \??\C:\WINDOWS\system32\csrss.exe (792)
______ \??\C:\WINDOWS\system32\winlogon.exe (824)
______ C:\WINDOWS\system32\services.exe (868)
______ C:\WINDOWS\system32\lsass.exe (880)
______ C:\WINDOWS\system32\Ati2evxx.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1068)
______ C:\WINDOWS\system32\svchost.exe (1200)
______ C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (1240)
______ C:\WINDOWS\System32\svchost.exe (1276)
______ C:\WINDOWS\system32\svchost.exe (1400)
______ C:\WINDOWS\system32\svchost.exe (1488)
______ C:\WINDOWS\system32\spoolsv.exe (1872)
______ C:\WINDOWS\system32\svchost.exe (1944)
______ C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1976)
______ C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe (1988)
______ C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe (2000)
______ C:\WINDOWS\system32\CTsvcCDA.exe (2036)
______ C:\Program Files\Java\jre6\bin\jqs.exe (412)
______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (600)
______ C:\Program Files\Microsoft LifeCam\MSCamS32.exe (680)
______ C:\WINDOWS\Explorer.EXE (1640)
______ C:\Program Files\CyberLink\Shared Files\RichVideo.exe (1704)
______ C:\WINDOWS\system32\svchost.exe (1768)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (176)
______ C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (2248)
______ C:\WINDOWS\LockStatusTray.exe (2260)
______ C:\Program Files\VIA\VIAudioi\HDADeck\hdeck.exe (2292)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2436)
______ C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (2512)
______ C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (2808)
______ C:\WINDOWS\System32\alg.exe (2832)
______ C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (2888)
______ C:\WINDOWS\system32\Rundll32.exe (2908)
______ C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (3052)
______ C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe (3220)
______ C:\Program Files\Microsoft Security Client\msseces.exe (3260)
______ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (3276)
______ C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (3300)
______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (3324)
______ C:\Program Files\Microsoft IntelliPoint\ipoint.exe (3404)
______ C:\Program Files\Microsoft IntelliType Pro\itype.exe (3468)
______ C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (3492)
______ C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (3700)
______ C:\Program Files\SpywareGuard\sgmain.exe (3744)
______ C:\Program Files\SpywareGuard\sgbhp.exe (4036)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (292)
______ C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (480)
______ C:\WINDOWS\system32\WinMsgBalloonServer.exe (4032)
______ C:\WINDOWS\system32\WinMsgBalloonClient.exe (500)
______ C:\Documents and Settings\Papi\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe (3904)
______ C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe (3336)
______ C:\DOCUME~1\Papi\LOCALS~1\Temp\Adobelm_Cleanup.0001 (2308)
______ C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (2616)
______ C:\DOCUME~1\Papi\LOCALS~1\Temp\Adobelm_Cleanup.0001 (2208)
______ C:\WINDOWS\System32\svchost.exe (424)
______ C:\Documents and Settings\Papi\Desktop\Rooter.exe (2312)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41943040 | Length:309544177664)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1003Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1003UA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1007Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-2147018087-1007UA.job
C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Papi\My Documents\My Fonts\giganews_fonts\Mostwanted_Fonts__E-G_\fzjazzycracked.zip
C:\DOCUME~1\Papi\My Documents\My Fonts\giganews_fonts\Mostwanted_Font_C-D\crackdown.zip
C:\DOCUME~1\Papi\My Documents\My Fonts\giganews_fonts\Mostwanted_Font_C-D\crackedjohnnie.zip
C:\DOCUME~1\Papi\My Documents\My Fonts\giganews_fonts\Mostwanted_Font_C-D\crackpot.zip
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 18:05.06
.
C:\Rooter$\Rooter_2.txt - (29/03/2012 | 18:05.06).c

1972vet · « **Reply #10 on:** March 29, 2012, 08:20:55 PM »

This thread is being re-activated at the request of the member. After several discussions on private forums, it was learned that a tool we used, which has not been actively updated, produced ambivalent results. Those results will be ignored. Please tell me if you have your Windows installation disk handy so we can replace the missing Microsoft file that is required for the proper functioning of the keyboard and mouse. Thanks!

E310 · « **Reply #11 on:** April 03, 2012, 11:47:08 AM »

Hello 1972vet. I do have both the system disks, and the CD that came with the keyboard and mouse.

Eddie

1972vet · « **Reply #12 on:** April 03, 2012, 05:15:32 PM »

Insert your Windows XP Installation CD in the drive. Reboot the computer into Safe mode.

Once in safe mode and logged on as "Administrator", please follow the instructions below:
Click Start-->run...then type cmd into the run box and click "OK".

At the command prompt, copy and paste the following, then press your enter key:
expand d:\i386\lsass.ex_ c:\windows\system32\drivers\i8042prt.sys

Reboot when you've completed the restoration procedure above.

Next, please copy and paste the following text in Bold into a blank Notepad:

@echo off
dir C:\qoobox >> look.txt
notepad look.txt
exit

Save this as showme.bat. Change the "save as type" to all files and save it to your Desktop.
Next, please double-click the showme.bat.

Please copy and paste the contents of the text file that opens up in your next reply.
Thanks,

E310 · « **Reply #13 on:** April 05, 2012, 09:48:22 PM »

Here you go:

Volume in drive C has no label.
Volume Serial Number is 74F7-CD67

Directory of C:\qoobox

03/26/2012 09:05 AM <DIR> .
03/26/2012 09:05 AM <DIR> ..
03/26/2012 09:04 AM 14,981 Add-Remove Programs.txt
03/26/2012 08:55 AM <DIR> BackEnv
03/26/2012 09:05 AM 1,116 ComboFix-quarantined-files.txt
03/26/2012 08:55 AM <DIR> Quarantine
03/26/2012 09:04 AM 936,588 SnapShot@2012-03-26_13.03.58.dat
3 File(s) 952,685 bytes
4 Dir(s) 133,137,195,008 bytes free

Eddie

1972vet · « **Reply #14 on:** April 06, 2012, 07:22:49 AM »

Do you remember when you ran combofix last time? Your log shows that it's been run on that system 9 times. It wouldn't show that if it had been uninstalled...and without having uninstalled it, the only way I can think of that the other logs wouldn't be there is if they were simply deleted. Can you enlighten me? Thanks!

News:

Author Topic: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time (Read 2565 times)

E310

[Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

E310

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

E310

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

E310

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

E310

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

E310

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

E310

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time

1972vet

Re: [Resolved] Suspicious behavior; logins have to be done 1 keystroke at a time