Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus locking the keyboard and more problems


  • This topic is locked This topic is locked
59 replies to this topic

#1 Sparks51

Sparks51

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 22 August 2013 - 08:24 PM

Hello Gents,

 

My main computer is having allot of problems. The keyboard will not work, either a wired type nor a usb type, would not recognize it. When going to the accessories menu to try a restore, the restore menu is blank. When trying to do a file search, that menu is also blank. If trying to look at 'system information', clicking on that option just closes all the windows/ steps that it took to get there. If trying to go to 'users accounts', all I get is a blank window. I ran malware bytes program and it did find some stuff and removed it but I still have all the above problems. I'm also off the internet with that system.

 

Please help when you can! Thank You So Much!!!

 

 

DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 18:57:43 on 2013-08-22
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.2422 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\D4\D4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ZoneAlarm Spy Blocker BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} -
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - LocalServer32 - <no file>
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [Dimension4] c:\program files\d4\D4.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\2wirew~1.lnk - c:\program files\2wire 802.11g wireless\PRISMCFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\labcenter electronics\proteus 7 professional\bin\UDSCHED.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{43C77980-F6D7-4AF7-8767-7D8049596CDB} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{A12402F9-9FAD-47EA-9DC8-B7BF7531BED4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BEA93A07-7545-48E0-A51A-805558E90D83} : NameServer = 205.171.3.65,205.171.2.65
TCP: Interfaces\{F5772614-32BC-48A2-AE4F-705666B83BA9} : DHCPNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-7-20 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-20 64288]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-12-31 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-14 266240]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-9-10 36224]
RUnknown AVFilter;AVFilter; [x]
RUnknown AVHook;AVHook; [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswndis.sys --> c:\windows\system32\drivers\aswNdis.sys [?]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;\??\c:\windows\system32\drivers\aswmonflt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\avast software\avast\avastsvc.exe" --> c:\program files\avast software\avast\AvastSvc.exe [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\avast software\avast\afwserv.exe" --> c:\program files\avast software\avast\afwServ.exe [?]
S2 gupdate1c98df87e626716;Google Update Service (gupdate1c98df87e626716);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S2 IB Updater Updater;IB Updater Updater;c:\program files\ib updater\extensionupdaterservice.exe --> c:\program files\ib updater\ExtensionUpdaterService.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2013-5-19 98984]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-18 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-18 701512]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 BxSeries;Batronix BX32-BX40 USB driver;c:\windows\system32\drivers\BX32-BX40-x86.sys [2011-5-19 19608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-18 22856]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\JRService.exe [2010-8-29 379400]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\15.tmp --> c:\windows\system32\15.tmp [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-11-3 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [2011-11-3 105984]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2007-7-13 347648]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-9-10 134912]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-7-20 449280]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-08-21 03:47:48 -------- d-----w- c:\documents and settings\owner\application data\PC Tools
2013-08-21 00:59:33 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2013-08-21 00:59:32 -------- d-----w- c:\documents and settings\owner\application data\MyTurboPC.com
2013-08-21 00:59:17 -------- d-----w- c:\documents and settings\all users\application data\MyTurboPC.com
2013-08-20 19:21:11 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-08-20 19:21:11 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-08-20 01:55:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\MFAData
2013-08-20 01:55:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Avg2013
2013-08-20 01:55:43 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-08-19 00:40:58 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2013-08-19 00:40:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-19 00:40:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-19 00:40:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-16 01:55:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 01:55:08 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-13 21:27:13 -------- d-----w- c:\program files\Kaspersky Lab
2013-08-13 21:27:13 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2013-08-13 21:26:57 74336 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-08-13 02:32:20 -------- d-----w- C:\1 AVAST STUFF
.
==================== Find3M  ====================
.
2013-08-13 21:44:28 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-08-13 21:44:26 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-08-13 21:44:26 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-08-13 21:44:26 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-08-09 03:01:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 03:01:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 02:47:18 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:53:00 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:54 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:26 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-06-22 14:28:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 14:28:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 14:28:20 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-22 14:28:20 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40:46 1876736 ------w- c:\windows\system32\win32k.sys
2013-05-28 01:59:38 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:08 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 18:58:34.03 ===============

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 27 August 2013 - 08:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505310 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 27 August 2013 - 09:16 PM

Yes I still need help!

 

Please see the original problem description and what I've tried, thank you!!!

 

Yes I have the original OS disk.

 

Thank You!

 

DDS (Ver_2012-11-20.01) - FAT32_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 20:08:58 on 2013-08-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.2450 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\D4\D4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ZoneAlarm Spy Blocker BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - 
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - 
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - 
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - LocalServer32 - <no file>
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [Dimension4] c:\program files\d4\D4.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\2wirew~1.lnk - c:\program files\2wire 802.11g wireless\PRISMCFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\labcenter electronics\proteus 7 professional\bin\UDSCHED.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{43C77980-F6D7-4AF7-8767-7D8049596CDB} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{A12402F9-9FAD-47EA-9DC8-B7BF7531BED4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BEA93A07-7545-48E0-A51A-805558E90D83} : NameServer = 205.171.3.65,205.171.2.65
TCP: Interfaces\{F5772614-32BC-48A2-AE4F-705666B83BA9} : DHCPNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-7-20 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-20 64288]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-12-31 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-14 266240]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-18 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-9-10 36224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-18 22856]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswndis.sys --> c:\windows\system32\drivers\aswNdis.sys [?]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;\??\c:\windows\system32\drivers\aswmonflt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\avast software\avast\avastsvc.exe" --> c:\program files\avast software\avast\AvastSvc.exe [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\avast software\avast\afwserv.exe" --> c:\program files\avast software\avast\afwServ.exe [?]
S2 gupdate1c98df87e626716;Google Update Service (gupdate1c98df87e626716);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S2 IB Updater Updater;IB Updater Updater;c:\program files\ib updater\extensionupdaterservice.exe --> c:\program files\ib updater\ExtensionUpdaterService.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2013-5-19 98984]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 BxSeries;Batronix BX32-BX40 USB driver;c:\windows\system32\drivers\BX32-BX40-x86.sys [2011-5-19 19608]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\JRService.exe [2010-8-29 379400]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\15.tmp --> c:\windows\system32\15.tmp [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-11-3 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [2011-11-3 105984]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2013-8-20 16128]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2007-7-13 347648]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-9-10 134912]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-7-20 449280]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-08-25 01:28:05 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-08-25 01:27:42 47568656 ----a-w- C:\gtk-2.1.8.4-setup.exe
2013-08-21 03:47:48 -------- d-----w- c:\documents and settings\owner\application data\PC Tools
2013-08-21 00:59:33 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2013-08-21 00:59:32 -------- d-----w- c:\documents and settings\owner\application data\MyTurboPC.com
2013-08-21 00:59:17 -------- d-----w- c:\documents and settings\all users\application data\MyTurboPC.com
2013-08-20 19:21:11 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-08-20 19:21:11 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-08-20 15:29:04 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2013-08-20 01:55:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\MFAData
2013-08-20 01:55:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Avg2013
2013-08-20 01:55:43 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-08-19 00:40:58 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2013-08-19 00:40:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-19 00:40:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-19 00:40:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-16 01:55:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 01:55:08 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-13 21:27:13 -------- d-----w- c:\program files\Kaspersky Lab
2013-08-13 21:27:13 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2013-08-13 21:26:57 74336 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-08-13 02:32:20 -------- d-----w- C:\1 AVAST STUFF
.
==================== Find3M  ====================
.
2013-08-13 21:44:28 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-08-13 21:44:26 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-08-13 21:44:26 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-08-13 21:44:26 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-08-09 03:01:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 03:01:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 02:47:18 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:53:00 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:54 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:26 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-06-22 14:28:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 14:28:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 14:28:20 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-22 14:28:20 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40:46 1876736 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:09:42.64 ===============


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:48 AM

Posted 28 August 2013 - 03:37 AM

Hello, my name is Elise and I'll assist you with this issue.
 
I take it from your description you have already tried different keyboards (to exclude a broken keyboard)?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 28 August 2013 - 07:43 PM

Hello Elise,

 

Yes you are correct, I've tried a known good keyboard, same problem.

 

Thanks very much for your help!

 

Below is the results of the scan you suggested.

 

 

 

Farbar Service Scanner Version: 28-08-2013
Ran by Owner (administrator) on 28-08-2013 at 18:36:17
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
aswFW(12) aswTdi(10) Gpc(6) IPSec(4) MDC8021X(8) NetBT(5) PSched(7) Tcpip(3) 
0x0D000000040000000100000002000000030000000C0000000A0000000B0000005A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.
 
**** End of log ****


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:48 AM

Posted 29 August 2013 - 02:25 AM

Is it possible you had Kaspersky AV/Internet security installed and removed it partially? I see evidence of the Kaspersky mouse/keyboard filters, if these were not properly removed this could cause issues.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 29 August 2013 - 08:54 AM

We tried putting on Kaspersky after the computer became terribly infected but we weren't successful. The virus would not let us finish the install.

 

We didn't try to remove it.



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:48 AM

Posted 29 August 2013 - 09:07 AM

Then it is possible these issues are related. Please do the following.

Click Start > All Programs > Accessories > Notepad.

Copy/paste the following text in the Notepad Window:

@echo off
Regedit /e "c:\export1.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}"
Regedit /e "c:\export2.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}"
copy c:\export1.txt+c:\export2.txt c:\export.txt
del c:\export1.txt
del c:\export2.txt
start c:\export.txt
del %0
Click File > Save and save the file as export.bat to your desktop.
Exit Notepad and double click on export.bat to run it. When its done a text file named c:\export.txt should open, please post me its contents.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 29 August 2013 - 07:50 PM

Hello Elise,

 

Here's the file.

 

Thanks!

 

 

 

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"Class"="Keyboard"
"UpperFilters"=hex(7):61,00,73,00,77,00,4b,00,62,00,64,00,00,00,6b,00,62,00,64,\
  00,63,00,6c,00,61,00,73,00,73,00,00,00,00,00
@="Keyboards"
"Icon"="-3"
"Installer32"="SysSetup.Dll,KeyboardClassInstaller"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/hdw_keyboard.htm"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0000]
"LocationInformationOverride"="plugged into keyboard port"
"InfPath"="keyboard.inf"
"InfSection"="STANDARD_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.1106"
"MatchingDeviceId"="*pnp0303"
"DriverDesc"="Standard 101/102-Key or Microsoft Natural PS/2 Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0001]
"InfPath"="keyboard.inf"
"InfSection"="HID_Keyboard_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.5512"
"MatchingDeviceId"="hid_device_system_keyboard"
"DriverDesc"="HID Keyboard Device"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"Class"="Mouse"
"UpperFilters"=hex(7):6d,00,6f,00,75,00,63,00,6c,00,61,00,73,00,73,00,00,00,00,\
  00
@="Mice and other pointing devices"
"Icon"="-2"
"Installer32"="SysSetup.Dll,MouseClassInstaller"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/hdw_mouse.htm"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0000]
"EnumPropPages32"="syssetup.dll,PS2MousePropPageProvider"
"LocationInformationOverride"="plugged into PS/2 mouse port"
"InfPath"="msmouse.inf"
"InfSection"="PS2_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="*pnp0f03"
"DriverDesc"="Microsoft PS/2 Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0001]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0002]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid\\vid_046d&pid_c00e"
"DriverDesc"="Logitech USB Wheel Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0003]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0004]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0005]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0006]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0007]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0008]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0009]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0010]
"InfPath"="msmouse.inf"
"InfSection"="HID_Mouse_Inst"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="hid_device_system_mouse"
"DriverDesc"="HID-compliant mouse"
 



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:48 AM

Posted 30 August 2013 - 02:41 AM

Have you tried already to reinstall your keyboard drivers?

 

If not, please do the following. Press Windows key + R, type devmgmt.msc and press enter. In the list that opens, locate Keyboards and expand that category. Right click on your keyboard and select Uninstall. You'll be asked to confirm/reboot, please do so. After a restart Windows will automatically reinstall the drivers. Please let me know if this makes any difference.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 30 August 2013 - 10:40 PM

Yes I tried copying one of the same version keyboard drive from another xp computer and rebooted but no change. I still cannot get the keyboard to work. So also trying what you suggest will not work, again because the keyboard is not operational.

 

There are othe issues as well, besides what I mentioned in my original post. I've looked at the device manager file and the keyboard and network adaptors all have the yellow dots. Trying to use the 'troubleshoot' button doesn't do anything, all I see is the hour glass flicker and stop.

When going to try a system restore, all the windows that I open to get to the system restore button disappear when I hit the system restore button..

 

If I try to do a file search the only thing that appears is the little dog, no text at all.

 

If I go through the control panel to go to user accounts, all I get is a blank window, no information.

 

No system logs found.

 

As I mentioned I cannot connect to the internet.

 

No IP address can be found.

 

No subnet can be found

 

No gateway can be found.

 

From all that is wrong, it seems that there's allot more messed up than just the keyboard.

 

Thanks for your time! :)



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:48 AM

Posted 31 August 2013 - 02:19 AM

I think I see the problem here.

 

Please rerun Farbar Service Scanner.

Check only the box for "other services" and in the field below it type i8042prt

Click Search and post me the resulting log.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 31 August 2013 - 11:44 AM

As I mentioned, I cannot use my keyboard, but not giving up, I discovered how to use the on screen keyboard and so was able to perform your request.

 

thanks again!

 

 

Farbar Service Scanner Version: 28-08-2013
Ran by Owner (administrator) on 31-08-2013 at 10:40:23
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

 

File Check:
========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:48 AM

Posted 01 September 2013 - 02:07 AM

Sorry about that, I thought I already had included a mention of the screen keyboard before.

Please download the following file, double click it to run it and confirm (you should see a confirmation prompt before merging and one afterwards).
http://download.bleepingcomputer.com/win-services/xp/i8042prt.reg

Restart the computer and let me know if things are running fine. If not we'll replace the file as well (that might require some keyboard input which is why I chose to focus only on the registry part for now).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 Sparks51

Sparks51
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 01 September 2013 - 12:05 PM

Hello Elise,

 

Sorry no change. :(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users