Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Uncontollable cursor

Started by Timothy33908 , May 31 2008 12:28 PM

  • Please log in to reply

#1
Timothy33908
Posted 31 May 2008 - 12:28 PM

Timothy33908

    New Member

  • Member
  • Pip
  • 3 posts
2 weeks ago my cursor started moving erractically and uncontrollable. If I was in explorer, cursor would move to the top and highlight/select Desktop. When I try to move it, maybe I can a little but immediately goes back to the top when I release the left mouse button. If in Firefox bookmarks, it will continuously scroll to the top and then start at the bottom and scroll to the top. I tried many virus cleaners and I think ComboFix fixed the problem. It started again yesterday, this time ComboFix has no effect. I have run Spy Bot, SAS, CF, McAfee, Yahoo CA, Malware and now Deckard. Please help, here is the Deckard log

Deckard's System Scanner v20071014.68
Run by user on 2008-05-31 14:11:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-31 18:12:01 UTC - RP18 - Deckard's System Scanner Restore Point
2: 2008-05-31 02:05:58 UTC - RP17 - System Checkpoint
1: 2008-05-29 10:40:00 UTC - RP16 - Comodo Backup


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:16, on 2008-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Hypersight\hypersight.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Downloads\dss.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOCUME~1\user\Desktop\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193295166187
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: WYEOJWPVO - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\WYEOJWPVO.exe (file missing)

--
End of file - 10214 bytes

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 kernel (Hypersight Kernel) - c:\windows\system32\drivers\kernel.sys <Not Verified; ; Hypersight Rootkit Detector>
R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TEchoCan (Toshiba Audio Effect) - c:\windows\system32\drivers\techocan.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Mic Effect>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>

S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 Tmesbs (Tmesbs32) - "c:\program files\toshiba\tme3\tmesbs32.exe" /service <Not Verified; TOSHIBA Corporation; TOSHIBA Mobile Extension Slim Select Bay Service>
R2 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>

S2 Thpsrv (TOSHIBA HDD Protection) - c:\windows\system32\thpsrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA HDD Protection>
S3 WYEOJWPVO - c:\docume~1\user\locals~1\temp\wyeojwpvo.exe (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 12:00:09 312 --a------ C:\WINDOWS\Tasks\Security Platform Backup Schedule.job
2008-05-31 09:00:00 356 --a------ C:\WINDOWS\Tasks\Clean.job
2008-03-01 02:00:00 354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 13:18:16 2454 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-31 13:11:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-31 13:08:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-31 13:08:44 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-31 13:08:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-31 13:08:43 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-31 13:08:43 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-31 13:08:43 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-31 13:08:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-31 10:58:32 0 dr-hs---- C:\cmdcons
2008-05-31 10:58:30 0 d-------- C:\WINDOWS\setup.pss
2008-05-31 10:58:14 0 d-------- C:\WINDOWS\setupupd
2008-05-31 09:24:56 98816 --a------ C:\WINDOWS\sed.exe
2008-05-30 15:43:03 46592 --a------ C:\WINDOWS\system32\drivers\kernel.sys <Not Verified; ; Hypersight Rootkit Detector>
2008-05-30 15:43:03 0 d-------- C:\Program Files\Hypersight
2008-05-30 15:23:25 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-30 15:23:21 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-30 15:15:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-30 14:51:17 0 dr-h----- C:\Documents and Settings\user\Recent
2008-05-30 14:49:57 0 d-------- C:\Program Files\Yahoo!
2008-05-29 19:24:41 0 d-------- C:\Documents and Settings\user\Application Data\McAfee
2008-05-29 14:15:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-05-29 14:14:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-05-29 14:14:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-29 13:48:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-29 13:15:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-29 13:00:23 0 d-------- C:\WINDOWS\CSC
2008-05-29 06:37:58 0 d-------- C:\temp_phw
2008-05-28 12:54:46 0 d-------- C:\Security Platform
2008-05-28 12:29:55 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC426
2008-05-28 12:29:47 0 d-------- C:\Program Files\Comodo
2008-05-27 10:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-05-27 10:16:39 0 d-------- C:\Program Files\Transparent
2008-05-24 08:43:04 0 d-------- C:\Documents and Settings\user\Application Data\Logitech
2008-05-24 08:34:23 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:34:23 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:34:23 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:34:23 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-24 08:33:54 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-23 19:25:49 0 d-------- C:\Program Files\Windows Resource Kits
2008-05-23 18:25:00 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-23 09:37:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 09:37:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 09:37:35 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2008-05-23 09:36:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-05-23 09:36:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 09:36:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-23 09:35:40 0 d-------- C:\Documents and Settings\user\Application Data\Intel
2008-05-23 09:34:34 0 d-------- C:\inteltemp
2008-05-23 09:29:55 0 d-------- C:\TOSHIBA
2008-05-23 09:17:52 0 d-------- C:\HDD Protection.temp
2008-05-23 08:53:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Infineon
2008-05-23 08:52:59 0 d-------- C:\Documents and Settings\user\Application Data\Infineon
2008-05-23 08:52:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Infineon
2008-05-23 08:51:54 0 d-------- C:\Program Files\Infineon
2008-05-23 08:27:37 0 d-------- C:\tm51v360
2008-05-23 08:18:10 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-23 08:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-23 08:14:46 0 d-------- C:\Program Files\IObit
2008-05-23 08:01:30 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 08:01:24 0 d-------- C:\Program Files\SpywareBlaster
2008-05-22 20:40:15 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-05-22 15:06:23 68096 --a------ C:\WINDOWS\zip.exe
2008-05-22 15:06:23 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-22 15:06:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-22 15:06:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-22 15:06:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-22 15:06:23 80412 --a------ C:\WINDOWS\grep.exe
2008-05-22 15:06:23 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-22 15:06:23 98816 --a------ C:\WINDOWS\_sed.exe
2008-05-22 13:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-22 13:38:10 0 d-------- C:\Documents and Settings\user\Application Data\SiteAdvisor
2008-05-22 13:16:46 0 d--h----- C:\Documents and Settings\All Users\Application Data\GTek
2008-05-22 13:16:30 0 d-------- C:\Program Files\Recuva
2008-05-22 13:12:35 0 d-------- C:\Downloads
2008-05-22 13:10:21 0 d-------- C:\Documents and Settings\user\Application Data\Software Informer
2008-05-22 13:10:15 0 d-------- C:\Program Files\Software Informer
2008-05-22 13:10:12 0 d-------- C:\Documents and Settings\user\Application Data\Free Download Manager
2008-05-22 13:10:04 0 d-------- C:\Program Files\Free Download Manager
2008-05-22 13:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-22 13:01:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-22 12:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-22 07:26:28 11254 --a------ C:\WINDOWS\system32\locate.com
2008-05-22 07:24:51 0 d-------- C:\MGtools
2008-05-20 06:51:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 14:14:48 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 11:13:50 0 d-------- C:\Program Files\Microsoft Research
2008-05-11 16:20:12 0 d-------- C:\Program Files\CCleaner
2008-05-11 15:58:54 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-11 14:39:05 0 d-------- C:\Documents and Settings\user\.housecall6.6
2008-05-11 13:36:03 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-11 13:35:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 13:35:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 12:50:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 10:53:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 10:53:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 10:53:01 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-05-11 10:49:40 1239551 --a------ C:\MGtools.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-31 13:56:59 0 d-------- C:\Documents and Settings\user\Application Data\Skype
2008-05-29 19:46:06 0 d-------- C:\Documents and Settings\user\Application Data\SI Swimsuit Calendar
2008-05-29 19:42:57 0 d-------- C:\Program Files\SiteAdvisor
2008-05-29 15:03:20 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-27 10:16:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 08:36:11 0 d-------- C:\Program Files\Logitech
2008-05-24 08:33:54 0 d-------- C:\Program Files\Common Files
2008-05-23 18:26:18 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-22 13:16:54 0 d--h----- C:\Documents and Settings\user\Application Data\GTek
2008-05-22 08:33:23 0 d-------- C:\Program Files\Windows Live
2008-05-22 08:26:43 0 d-------- C:\Program Files\Trackmaker
2008-05-22 08:24:59 0 d-------- C:\Program Files\Google
2008-05-22 08:21:33 0 d-------- C:\Program Files\Toshiba
2008-05-15 14:40:28 36632 --a------ C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).ADR
2008-05-11 10:52:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 09:19:20 0 d-------- C:\Program Files\Plaxo
2008-05-11 09:18:54 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-05-11 09:16:28 0 d-------- C:\Program Files\Runtime Software
2008-05-11 08:10:11 0 d-------- C:\Program Files\ComcastToolbar
2008-05-05 08:14:19 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-04 18:08:14 0 d-------- C:\Program Files\Recovery
2008-04-22 07:11:26 102262 --a------ C:\WINDOWS\hpoins05.dat
2008-04-21 22:36:11 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-21 21:16:35 0 d-------- C:\Program Files\HP
2008-04-21 20:22:11 0 d-------- C:\Documents and Settings\user\Application Data\eFax Messenger
2008-04-21 20:13:10 0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-04-18 12:57:29 0 d-------- C:\Program Files\QuickTime
2008-04-18 12:53:35 0 d-------- C:\Program Files\Apple Software Update
2008-04-17 23:05:33 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-04-17 11:22:50 0 d-------- C:\Program Files\PayPal
2008-04-16 10:14:58 0 d-------- C:\Program Files\HP Photosmart 11
2008-04-11 10:09:45 102364 --a------ C:\WINDOWS\hpqins13.dat
2008-04-02 07:22:14 0 d-------- C:\Program Files\McAfee


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 09:02]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 16:28]
"Hypersight"="C:\Program Files\Hypersight\hypersight.exe" [2008-04-16 01:10]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-16 15:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 07:26]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-21 05:43]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 11:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-24 08:46:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-24 08:45:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 08:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 05:43 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2005-12-21 14:42 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
TosBtNP.dll 2006-01-28 07:49 61440 C:\WINDOWS\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" -autorun
"fsm"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"IFXSPMGT"=C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"T-Mobile Connection Manager"="C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized




-- End of Deckard's System Scanner: finished at 2008-05-31 14:14:42 ------------

Attached Files


  • 0

Advertisements

#2
Timothy33908
Posted 31 May 2008 - 12:43 PM

Timothy33908

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Added Deckard extra.txt file

Attached Files


  • 0

#3
Timothy33908
Posted 31 May 2008 - 12:51 PM

Timothy33908

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
The "B" key has been re-mapped to the home key on laptop keyboard ( I am using Logitech external and it works okay).

Most of the time, cursor scrolling stops by pressing the down arrow key.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP