Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix now keyboard will not work


  • Please log in to reply
29 replies to this topic

#1 otakugirl

otakugirl

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 22 March 2012 - 07:35 PM

Okay so in my internet searching to remove the redirect virus I was lead to Combofix. Should have listened to better judgement and found a different workable program, but I decided to attempt to give it a try. Well after saving it to my computer and it not working like the instructions said, I decided to just delete it. After finding a new program from Emsisoft which did clean out numerous issues, I did a restart. Well apparently the Combofix was not deleted and it went into what my dad called DOS mode and ran. After that completed it took me to the normal windows log in screen. The mouse works fine, however the keyboard is unresponsive when I try to type. I tried unplugging and replugging it in, nothing happened. I tried a restart, again still no response from the keyboard. We are running Vista on a Compaq. Keyboard came with the computer and plugs into the back (not USB). Mouse is a USB wireless mouse. I admit I should not have messed with Combofix and am now attempting to rectify the situation. Is there any advice anyone can give me about this unknown keyboard issue?

BC AdBot (Login to Remove)

 


#2 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 22 March 2012 - 07:57 PM

Keyboard does not work in safe mode either

#3 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 22 March 2012 - 08:21 PM

I pushed F8 and from that menu, selected the option to Repair Windows. I was taken to a blue screen and a window popped up asking me to select a language and then enter a username and login password. The keyboard worked for this. I tried a system restore and was given the following error message:
"System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details:

System Restore failed due to an unspecified error.
The file or directory is corrupted and unreadable. (0x80070570)



You might want to try System Restore again and choose a different restore point. For more information, see System Restore: frequently asked questions."

I attempted another system restore with the same result.

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:08 AM

Posted 22 March 2012 - 08:34 PM

Hello otakugirl, and welcome to BC! :thumbsup:

My name is bloopie and I'll be happy to help you as best I can!

Could you please provide some more information?

found a different workable program, but I decided to attempt to give it a try. Well after saving it to my computer and it not working like the instructions said, I decided to just delete it. After finding a new program from Emsisoft which did clean out numerous issues, I did a restart.

What program did you find from Emisoft? Could you produce a log for me?

Also, if Combofix has run successfully you should have a log for that too in the root of the C:\ drive:

C:\Combofix.txt

===========

You do not need to post the CF log here, just let me know if it exists, okay?

bloopie

#5 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 22 March 2012 - 08:42 PM

Unfortunately I cannot produce any logs... After restarting the computer, I was stuck on the login screen unable to type anything and cannot access logs (plus I don't think they were saved >.<) The Emsisoft program was Emsisoft Anti-Malware. I don't know if I would be able to produce a log for Combofix either as I am not sure how I would go about accessing it. I'm using a different computer than the one having issues.

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:08 AM

Posted 22 March 2012 - 08:56 PM

Hi again,

Do you have access to a keyboard that uses a USB connection? Try to use that keyboard instead of your PS/2 version, and let me know what problems you still have.

bloopie

Edited by bloopie, 22 March 2012 - 08:58 PM.


#7 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 22 March 2012 - 09:03 PM

Tried typing "C:\Combofix.txt" in the Command Prompt window option available on the same window I was directed to from the F8 menu Repair your computer options. It said it is not recognized as internal or external command, operable program or batch file.

Unfortunately not tonight. I plan to get one tomorrow. I will get back to you once I have tried.

#8 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 23 March 2012 - 01:17 PM

Got a USB keyboard and it seems to be working fine.

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:08 AM

Posted 23 March 2012 - 03:42 PM

Hi again,

That's good to hear. :)

Let's look again to see if CF has left a log. Try this please:

:step1:
Click the Windows Orb and in the text field on the bottom, type cmd and press Enter.

Then in the command prompt window type cd ..
(note the space between the "d" and the two dots)
(you may have to do this more than once to get your prompt down to C:\>)

If your command prompt now displays C:\>
then type in c:Combofix.txt

Did it display the CF textfile for you this time?

==========

:step2:
Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Please post the MBAM log in your next reply and let me know how your computer is running. :thumbup2:

bloopie

#10 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 25 March 2012 - 03:08 PM

First, thank you for your time and sorry for the delay. I had to help my dad with a big charity event this weekend.

No combofix log.

Malware log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
vic :: VIC-PC [administrator]

3/25/2012 3:40:19 PM
mbam-log-2012-03-25 (15-40-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269436
Time elapsed: 15 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I've used Malwarebytes in the past with great results, but had uninstalled it because it didn't seem to be updating and didn't catch anything even when a full scan was run. That's why I tried the other program, Emsisoft Anti-Malware, which seems to have taken out the redirect virus which started all of this. But thanks for explaining a little bit more about what to do if Malwarebytes gets attacked :)

The computer has been running pretty smoothly since the keyboard issue was fixed. Which I found out was because the i8042prt driver got deleted. I've gotten it back and the PS/2 ports are working again :)

There has been a small issue, however. It has happened before and I cannot remember how we fixed it last time. Anyway, for some reason if the computer is left sitting and goes to the screensaver, the internet connection gets disturbed. So far the remedy we are using to fix it is to turn the FiOS box off then on and the connection comes back. Not sure if you know why this would be happening or not, but that is the only issue we have encountered.

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:08 AM

Posted 25 March 2012 - 04:55 PM

Hello again otakugirl,

First, thank you for your time and sorry for the delay. I had to help my dad with a big charity event this weekend.

No problem at all!

I'm glad you've sorted out the driver issue! :thumbup2:

One note about Combofix:

Well after saving it to my computer and it not working like the instructions said, I decided to just delete it.

You cannot delete Combofix by sending the desktop icon into the recycle bin, it just doesn't work that way if CF was actually installed and run. CF has to be uninstalled properly, but doing that will also remove any temp directories as well as reset your system restore points (among other things)!

If you still have some problem that you may not notice now, it would not be a good idea to flush all the previous restore points out right now! That could mean there is no way to go back if you do notice a more pressing problem. I can't tell you that your machine is clean until I see some logs, so we still need to do a couple of steps yet, okay?

So I just would like you to run a couple of more scans to make sure your system is clean before we uninstall CF. Does that make sense?

==========

:step1:
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========

:step2:
Please download MiniToolBox, save it to your desktop and run it. (this tool is to check your internet issues relevant to the issue you still have)

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

==========

:step3:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

In your next reply, please post the following:

  • The Security Check log
  • The MiniToolbox log
  • The ESET log (if produced)

Still having the same issue with the internet being disturbed when the machine goes to screensaver?

bloopie

Edited by bloopie, 25 March 2012 - 04:58 PM.


#12 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 26 March 2012 - 11:48 PM

Security Check:
Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
McAfee Security Scan Plus
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 30
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 11.1.102.62
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

MiniToolBox:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Andie_2 on 26-03-2012 at 12:15:49
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
The requested operation requires elevation.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : vic-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ftrdhcpuser.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ftrdhcpuser.net
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-68-BD-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d14c:579d:7479:2e08%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 26, 2012 8:41:43 AM
Lease Expires . . . . . . . . . . : Tuesday, March 27, 2012 8:41:42 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666064
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-27-6B-B7-00-21-97-68-BD-C5
DNS Servers . . . . . . . . . . . : 192.168.1.1
184.16.4.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B1C57204-5091-4C47-8EED-2FA742EAA100}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.ftrdhcpuser.net
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71
74.125.225.72
74.125.225.73
74.125.225.78
74.125.225.64
74.125.225.65
74.125.225.66



Pinging google.com [74.125.225.64] with 32 bytes of data:

Reply from 74.125.225.64: bytes=32 time=10ms TTL=55

Reply from 74.125.225.64: bytes=32 time=10ms TTL=55



Ping statistics for 74.125.225.64:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 10ms, Average = 10ms

Server: Wireless_Broadband_Router.ftrdhcpuser.net
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=612ms TTL=51

Reply from 72.30.38.140: bytes=32 time=595ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 595ms, Maximum = 612ms, Average = 603ms

Server: Wireless_Broadband_Router.ftrdhcpuser.net
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 21 97 68 bd c5 ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16 ...00 00 00 00 00 00 00 e0 isatap.{B1C57204-5091-4C47-8EED-2FA742EAA100}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::d14c:579d:7479:2e08/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

System error 5 has occurred.

Access is denied.


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
ACDSee
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Ad-Aware (Version: 9.0.7)
Ad-Aware Security Toolbar (Version: 0.9.1.20)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
AIM 7
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 6.2.3.10)
aioscnnr (Version: 7.3.4.0)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AOL Computer Checkup
AOL Mail and AIM Gadget (Version: 1.0.0)
AOL Registration
AOL Toolbar
AOL Toolbar for Firefox (Version: 5.13.6.2)
AOL Uninstaller (Choose which Products to Remove)
C4USelfUpdater (Version: 1.00.0000)
CCScore (Version: 6.02.1001.0001)
center (Version: 6.2.5.0)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (Version: 6.0.2111)
D3DX10 (Version: 15.4.2368.0902)
Diablo II
Download Updater (AOL LLC)
Emsisoft Anti-Malware (Version: 6.0)
ESSCDBK (Version: 6.02.0001.0001)
ESScore (Version: 6.02.1001.0001)
essentials (Version: 6.0.14.0)
ESSgui (Version: 6.02.1001.0001)
ESSini (Version: 6.02.1001.0001)
ESSPCD (Version: 6.02.1001.0001)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.02.1001.0001)
Feedback Tool (Version: 1.1.0)
FinalBurner Free v2.23.0.193
Gamers Unite! Snag Bar
GIMP 2.6.10 (Version: 2.6.10)
Google Chrome (Version: 17.0.963.83)
Google Chrome Frame (Version: 17.0.963.83)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
Great Lakes Lighthouses Screensaver
Hardware Diagnostic Tools (Version: 5.1.4976.17)
HiJackThis (Version: 1.0.0)
Homepage Protection (Version: )
HP Active Support Library (Version: 3.1.9.1)
HP Advisor (Version: 3.3.12286.3436)
HP Customer Experience Enhancements (Version: 5.7.0.2784)
HP Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 2.2.3309)
HP My Display (Version: 1.40.002)
HP Photo Imaging Software
HP Photo Printing Software
HP Recovery Manager RSS (Version: 91.0.0.10)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 5.002.008.001)
HPAsset component for HP Active Support Library (Version: 3.0.0.6)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 15.4.3502.0922)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak AIO Printer (Version: 7.3.4.0)
KODAK AiO Software (Version: 7.3.8.20)
Kodak EasyShare software
ksDIP (Version: 3.20.0000.0001)
KSU (Version: 632.62.0004.0001)
LabelPrint (Version: 2.5.0904)
LightScribe System Software (Version: 1.18.3.2)
LightScribe Template Labeler (Version: 1.14.25.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.1.121.2)
McAfee SecurityCenter (Version: 10.5.247)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.7315)
My HP Games (Version: 1.0.0.62)
netbrdg (Version: 6.02.1001.0001)
Netflix in Windows Media Center (Version: 2.0.0.0)
Norton Internet Security (Version: 16.0.0.125)
Norton PC Checkup (Version: 2.0.17.20)
Notifier (Version: 6.02.0001.0001)
NVIDIA Drivers
ocr (Version: 6.2.3.50)
OfotoXMI (Version: 6.02.0001.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PCDADDIN (Version: 6.02.0001.0003)
PCDHELP (Version: 6.02.0001.0001)
Philips Songbird (Version: 5.0.1902 (1902))
PictureMover (Version: 3.3.1.7)
Power2Go (Version: 6.0.2112)
PowerDirector (Version: 7.0.2202)
PreReq (Version: 6.2.3.0)
Python 2.5.2 (Version: 2.5.2150)
Quick Web Player
Quicken 2012 (Version: 21.1.4.22)
QuickTime (Version: 7.1.3.100)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Segoe UI (Version: 15.4.2271.0615)
SFR (Version: 6.02.0001.0001)
SHASTA (Version: 6.02.0001.0001)
SKIN0001 (Version: 6.02.1001.0001)
SKINXSDK (Version: 6.02.1001.0001)
Skype™ 5.0 (Version: 5.0.152)
Soft Data Fax Modem with SmartCP (Version: 7.80.0.0)
StartNow Toolbar (Version: 2.3.0)
staticcr (Version: 5.03.0000.0001)
swMSM (Version: 12.0.0.1)
tooltips (Version: 6.02.0001.0001)
TurboTax 2008
TurboTax 2008 winiper (Version: 008.000.0123)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0338)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0218)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0190)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1000)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0428)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 winiper (Version: 009.000.0846)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2401)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0242)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 winiper (Version: 010.000.1284)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4495)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0216)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 winiper (Version: 011.000.1591)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VPRINTOL (Version: 6.02.0001.0001)
Vz In Home Agent (Version: 7.07.03)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WIRELESS (Version: 6.02.0001.0001)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2941.76 MB
Available physical RAM: 1701.88 MB
Total Pagefile: 6109.98 MB
Available Pagefile: 4076.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.84 MB

========================= Partitions: =====================================

1 Drive c: (COMPAQ) (Fixed) (Total:221.63 GB) (Free:97.28 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.25 GB) (Free:1.21 GB) NTFS

========================= Users: ========================================

User accounts for \\VIC-PC

Administrator Andie_2 Guest
Peggy vic

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

ESET log:
C:\Users\Andie_2\Music\Downloaded Music\Darius Rucker - Learn To Live (2008)\05 - If I Had Wings.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Windows\$NtUninstallKB9764$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\player[11].htm HTML/ScrInject.B.Gen virus deleted - quarantined


So far today the issue hasn't been noticed. But I will let you know tomorrow if it comes up. The ESET scan took most of the day for some reason so haven't gotten to really let the computer sit for awhile today.

#13 otakugirl

otakugirl
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:IN
  • Local time:06:08 AM

Posted 27 March 2012 - 08:02 AM

Hello. This morning when I logged on to my username after having left the computer running over night, the no connection problem was back. However when I right clicked the connection icon in the task bar, I did the option "Diagnose and repair". The first option, which was to acquire a new IP address (or something similar), did not work. I then tried the last option which was an option to reset the connection or the box worked. Will see later today if it has totally fixed the issue.

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:08 AM

Posted 27 March 2012 - 08:25 AM

Just to chime in here when trying to bring up a txt file via command prompt, you do the following:

notepad filename.txt.

So if you wanted to bring up the combofixlog.txt you would type in:

notepad c:\combofix.txt

That will open notepad to view the text file / log that combofix produced.

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:08 AM

Posted 27 March 2012 - 06:22 PM

Hello again otakugirl, and thanks to cryptodan for posting!

Please let us know if you were able to retrieve the CF log as cryptodan suggested!

==========

ESET can take a while to run so that's not an issue, but things are looking pretty clean as the logs go. Thanks for posting them. :)

There are however, some issues we need to address though:

:step1: Antivirus
It seems you have more than one AV program installed on your machine!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton Internet Security or McAfee SecurityCenter .

----------

To go to Add/Remove Programs, do the following:

--Open Programs and Features by clicking the Start button orb> click Control Panel> click Programs> and then click Programs and Features.

----------

If you have trouble removing one of the AV programs, please let me know!

==========

:step2: P2P Warning
Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Programs and Features.

If you wish to keep it, that is up to you.

==========

:step3:
Optional - VIEWPOINT MEDIA PLAYER

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player), also do so via Programs and Features.

Additional info on Viewpoint software: http://vil.nai.com/vil/content/v_137262.htm

==========

Also, please delete HiJackThis from your computer as it is way out of date and should not be used without trained help! HiJackThis is not widely used for malware removal anymore. Best to get rid of it unless you are asked to use it by a trained helper!

==========

Please resolve these issues and post another MinitoolBox log for me. Also, let me know if you had any problem with the above! Do you still have these issues?

Once that's complete, there are a few other things we should take care of so let me know how it goes and how things are running now!

bloopie

Edited by bloopie, 27 March 2012 - 08:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users