[JNC]

The keyboard stopped working on the internet after I used either TrendMicro or Panda to perform an online scan on my machine. As for purchasing Windows XP, it's definitely still available where I live.

SUPERAntispyware popped up after the combofix scan was complete saying that some program is trying to change my homepage in IE from google.ca to msn.com?!

Combofix log:

"Mike" - Mon 02/05/2007 9:11:26 Service Pack 4
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\user\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-05 to 2007-02-05 ))))))))))))))))))))))))))))))))))


2007-01-31 07:48 <DIR> d-------- C:\DOCUME~1\user\DoctorWeb
2007-01-30 12:03 75,512 --a------ C:\WINNT\zllsputility.exe
2007-01-30 12:03 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-01-30 12:02 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll
2007-01-30 12:02 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-01-30 11:49 <DIR> d-a------ C:\WINNT\Internet Logs
2007-01-29 09:27 19,728 --a------ C:\WINNT\system32\hidserv.exe
2007-01-29 09:27 13,744 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2007-01-26 12:32 <DIR> d-------- C:\HJT
2007-01-26 11:54 <DIR> d-------- C:\bintheredunthat
2007-01-26 11:46 <DIR> d-------- C:\BTU
2007-01-26 11:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-26 11:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-26 11:16 <DIR> d-------- C:\DOCUME~1\user\Application Data\SUPERAntiSpyware.com
2007-01-26 11:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-26 10:45 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-01-26 10:45 <DIR> d-------- C:\Program Files\Grisoft
2007-01-18 13:39 <DIR> d-------- C:\DOCUME~1\user\Application Data\DivX
2007-01-18 13:16 973,072 --a------ C:\WINNT\system32\sfcfiles.dll
2007-01-18 13:16 938,768 --a------ C:\WINNT\system32\ntdsa.dll
2007-01-18 13:16 84,240 --a------ C:\WINNT\system32\url.dll
2007-01-18 13:16 78,096 --a------ C:\WINNT\system32\cryptsvc.dll
2007-01-18 13:16 71,440 --a------ C:\WINNT\system32\browser.dll
2007-01-18 13:16 69,392 --a------ C:\WINNT\system32\olecli32.dll
2007-01-18 13:16 68,368 --a------ C:\WINNT\system32\msoert2.dll
2007-01-18 13:16 63,760 --a------ C:\WINNT\system32\CRYPTNET.DLL
2007-01-18 13:16 63,760 --a------ C:\WINNT\system32\adsmsext.dll
2007-01-18 13:16 575,760 --a------ C:\WINNT\system32\inetcomm.dll
2007-01-18 13:16 57,104 --a------ C:\WINNT\system32\wlnotify.dll
2007-01-18 13:16 57,104 --a------ C:\WINNT\system32\w32tm.exe
2007-01-18 13:16 57,104 --a------ C:\WINNT\system32\mpr.dll
2007-01-18 13:16 563,984 --a------ C:\WINNT\system32\CRYPT32.DLL
2007-01-18 13:16 56,080 --a------ C:\WINNT\system32\cabinet.dll
2007-01-18 13:16 549,136 --a------ C:\WINNT\system32\netcfgx.dll
2007-01-18 13:16 49,424 --a------ C:\WINNT\system32\EVENTLOG.DLL
2007-01-18 13:16 48,400 --a------ C:\WINNT\system32\w32time.dll
2007-01-18 13:16 47,616 --a------ C:\WINNT\system32\inetres.dll
2007-01-18 13:16 46,352 --a------ C:\WINNT\system32\BASESRV.DLL
2007-01-18 13:16 443,664 --a------ C:\WINNT\system32\CRYPTUI.DLL
2007-01-18 13:16 419,600 --a------ C:\WINNT\system32\USER32.DLL
2007-01-18 13:16 399,120 --a------ C:\WINNT\system32\USERENV.DLL
2007-01-18 13:16 366,864 --a------ C:\WINNT\system32\NETLOGON.DLL
2007-01-18 13:16 338,704 --a------ C:\WINNT\system32\MSGINA.DLL
2007-01-18 13:16 299,792 --a------ C:\WINNT\system32\dsprop.dll
2007-01-18 13:16 29,968 --a------ C:\WINNT\system32\profmap.dll
2007-01-18 13:16 29,456 --a------ C:\WINNT\system32\VDMDBG.DLL
2007-01-18 13:16 261,904 --a------ C:\WINNT\system32\scesrv.dll
2007-01-18 13:16 239,888 --a------ C:\WINNT\system32\wow32.dll
2007-01-18 13:16 236,816 --a------ C:\WINNT\system32\CMD.EXE
2007-01-18 13:16 212,992 --a------ C:\WINNT\system32\ODBC32.DLL
2007-01-18 13:16 186,640 --a------ C:\WINNT\system32\WINLOGON.EXE
2007-01-18 13:16 17,680 --a------ C:\WINNT\system32\seclogon.dll
2007-01-18 13:16 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL
2007-01-18 13:16 151,312 --a------ C:\WINNT\system32\SCHANNEL.DLL
2007-01-18 13:16 146,192 --a------ C:\WINNT\system32\WLDAP32.DLL
2007-01-18 13:16 134,928 --a------ C:\WINNT\system32\adsldpc.dll
2007-01-18 13:16 130,832 --a------ C:\WINNT\system32\adsldp.dll
2007-01-18 13:16 122,128 --a------ C:\WINNT\system32\mstask.exe
2007-01-18 13:16 117,520 --a------ C:\WINNT\system32\PSBASE.DLL
2007-01-18 13:16 114,448 --a------ C:\WINNT\system32\scecli.dll
2007-01-18 13:16 114,448 --a------ C:\WINNT\system32\newdev.dll
2007-01-18 11:33 96,528 --a------ C:\WINNT\system32\polagent.dll
2007-01-18 11:33 957,712 --a------ C:\WINNT\system32\OLE32.DLL
2007-01-18 11:33 52,496 --a------ C:\WINNT\system32\mtxclu.dll
2007-01-18 11:33 417,552 --a------ C:\WINNT\system32\oakley.dll
2007-01-18 11:33 29,456 --a------ C:\WINNT\system32\ipsecmon.exe
2007-01-18 11:33 242,448 --a------ C:\WINNT\system32\es.dll
2007-01-18 11:33 212,240 --a------ C:\WINNT\system32\rpcss.dll
2007-01-18 11:33 17,680 --a------ C:\WINNT\system32\linkinfo.dll
2007-01-18 11:33 137,488 --a------ C:\WINNT\system32\polstore.dll
2007-01-18 11:33 1,120,016 --a------ C:\WINNT\system32\webvw.dll
2007-01-18 11:32 530,192 --a------ C:\WINNT\system32\comctl32.dll
2007-01-18 11:32 175,888 --a------ C:\WINNT\system32\tapisrv.dll
2007-01-18 11:32 100,112 --a------ C:\WINNT\system32\netman.dll
2007-01-18 11:30 96,528 --a------ C:\WINNT\system32\dnsrslvr.dll
2007-01-18 11:30 37,136 --a------ C:\WINNT\system32\mf3216.dll
2007-01-18 11:30 233,744 --a------ C:\WINNT\system32\GDI32.DLL
2007-01-18 11:30 208,144 --a------ C:\WINNT\system32\kerberos.dll
2007-01-18 11:29 437,008 --a------ C:\WINNT\system32\rpcrt4.dll
2007-01-18 11:29 138,000 --a------ C:\WINNT\system32\faxui.dll
2007-01-18 09:55 94,424 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2007-01-18 09:55 90,112 --a------ C:\WINNT\system32\AVASTSS.scr
2007-01-18 09:55 85,952 --a------ C:\WINNT\system32\drivers\aswmon.sys
2007-01-18 09:55 689,280 --a------ C:\WINNT\system32\aswBoot.exe
2007-01-18 09:55 43,176 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2007-01-18 09:55 31,560 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2007-01-18 09:55 23,352 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2007-01-18 09:55 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-16 16:03 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-01-10 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-31 08:20 95024 --a------ C:\WINNT\system32\sfc.dll
2007-01-25 15:11 9361 --a------ C:\DOCUME~1\user\Application Data\comma separated values (windows).eml
2007-01-25 14:52 13003 --a------ C:\DOCUME~1\user\Application Data\tab separated values (windows).cal
2007-01-25 14:50 9358 --a------ C:\DOCUME~1\user\Application Data\tab separated values (windows).eml
2007-01-25 14:46 38471 --a------ C:\DOCUME~1\user\Application Data\tab separated values (windows).adr
2007-01-18 14:56 -------- d-------- C:\Program Files\mozilla firefox
2007-01-16 17:43 -------- d-------- C:\Program Files\quicktime
2007-01-16 17:38 -------- d-------- C:\Program Files\google
2007-01-16 16:29 -------- d-------- C:\Program Files\msn messenger
2007-01-15 14:33 -------- d---s---- C:\DOCUME~1\user\Application Data\microsoft
2007-01-12 12:18 -------- d-------- C:\Program Files\hp
2007-01-10 16:27 -------- d-------- C:\DOCUME~1\user\Application Data\adobeum
2006-12-27 10:16 -------- d-------- C:\Program Files\java
2006-12-20 14:46 -------- d-------- C:\DOCUME~1\user\Application Data\macromedia
2006-12-11 13:57 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-07 01:04 2071368 --a------ C:\WINNT\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"LVCOMSX"="C:\\WINNT\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN


Completion time: Mon 2007-02-05 9:18:53
C:\ComboFix2.txt ... 07-01-26 12:08

[Advertisements]

Let's make sure all Windows files are intact.

• System File Check
• Please go to Start -> Run -> type cmd and press Enter.
• At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.
• Follow the prompts, and insert your Windows installation CD if requested.
• Then please REBOOT your computer.

[Technical_1]

Let's make sure all Windows files are intact.

• System File Check
• Please go to Start -> Run -> type cmd and press Enter.
• At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.
• Follow the prompts, and insert your Windows installation CD if requested.
• Then please REBOOT your computer.

[JNC]

Let's make sure all Windows files are intact.

• System File Check
• Please go to Start -> Run -> type cmd and press Enter.
• At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.
• Follow the prompts, and insert your Windows installation CD if requested.
• Then please REBOOT your computer.

Done

[Technical_1]

Did it help the keyboard problem?

[JNC]

Did it help the keyboard problem?

No, still the same problems.

[Technical_1]

Hold on, JNC. I'm gonna get a second opinion.

[JNC]

Hi Tech_1,

I picked up a copy of XP Home yesterday, and I'm itching to install it to see if it corrects the problem.

Were you able to get a second opinion?

[Technical_1]

The only thing I can come up with for the keyboard issue is to try uninstalling IE6 and going back to 5 to see if that solves the problem. If it does, you can try reinstalling IE6. Not much else has come up on this one. Sorry I can't be of more assistance, but I don't think this one is Malware related at this point.

Let me know what you decide. I would like to get you some ending protection tips before you get gone and they will vary depending on if you stick with 2000 or go with XP.



Also, you may want to try the Software Forum. You cna provide a link back to this thread if needed, so the helper there can see what we've done so far.

[JNC]

Good call on the browser thing. I just tried using Firefox and everything works fine. IE still not working, but I'll try uninstalling IE6 like you suggested.

Let me know what else I should do before upgrading my o/s to XP

[Technical_1]

Good call on the browser thing. I just tried using Firefox and everything works fine. IE still not working, but I'll try uninstalling IE6 like you suggested.

That suggestion came from Bobbi Flekman.

Let me know what else I should do before upgrading my o/s to XP

These tips should protect you after your swap over.

Congratulations. Your system is clean of Malware.

Below is my standard closing speech. You may already have some of these programs and/or performed some of these steps. Use what you can and skip the rest.

• Please re-hide hidden files. (If applicable)
  Follow the directions you used earlier to show hidden files and undo the changes you made so that hidden files are actually hidden once again.
• Please download ATF Cleaner by Atribune.
  This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
  If you use Firefox browserClick Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  If you use Opera browserClick Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  Click Exit on the Main menu to close the program.
  For Technical Support, double-click the e-mail address located at the bottom of each menu.
  
• Create New Restore Point and Delete Old Restore Points.
  Step #1 - Create a New Restore Point
  
  Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
  
  Step #2 - Flush All Previous Points
  
  Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
  
• Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
• You should also have a good firewall. Here are 2 free ones available for personal use:
  • If you already have a software firewall, you can skip this step.
    Choose only 1 firewall.
  • Kerio Personal Firewall
  • ZoneAlarm
• You should also have a good Anti-Virus (these are also free for personal use):
  • If you already have an Anti-Virus program then make sure it is up to date.
    Choose only 1 Anti-Virus Progam.
  • AVG Anti-Virus
  • Avast Home Edition
  It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
  
• To keep your operating system up to date you should do a windows update monthly. Here's the link:
  • Microsoft Windows Update
• And to keep your system clean, run these free malware scanners weekly,
  • AdAware SE Personal
  • Spybot Search & Destroy
  and be aware of what emails you open and websites you visit.
  
• To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Safe Surfing!

Edited by Technical_1, 09 February 2007 - 07:47 AM.

[JNC]

The copy of XP Home that I purchased doesn't allow me to upgrade from Windows 2000?! It's asking for a fresh install. Nonetheless, thank you for all your help.

Geeks to Go rocks!

[Technical_1]

thank you for all your help.

Geeks to Go rocks!

You're welcome and I hope you like XP.