Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

KBD.EXE error Malware Infection [Solved]


  • This topic is locked This topic is locked

#16
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Looks like it worked this time :)

As the kbd error has gone away, and this is actually related to the keyboard, updating the drivers may not be needed. However, if it does come back, see if they'll help:

http://h10025.www1.h...130813&sw_lang=

This looks to be your system, and keyboard.

I just want to run this tool, to see if there are any leftovers:

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

eddie
  • 0

Advertisements


#17
Batke

Batke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The OTL scan output text file is attached.
Kevin

Attached Files

  • Attached File  OTL.Txt   76.08KB   39 downloads

  • 0

#18
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
That's an OTL scan :)

I know they're very similar in the wording, but can you run an OTS scan for me (different stuff it finds, etc) :yes:

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#19
Batke

Batke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Whoops, sorry about the wrong scan.
The OTS log file is attached.
Kevin

Attached Files

  • Attached File  OTS.Txt   140.84KB   30 downloads

  • 0

#20
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Thanks, that's the one :)

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.]
YN -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS45.tmp\SymNRT.exe" -> [C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS45.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\WINDOWS\LMI42.tmp\lmi_rescue.exe" -> [C:\WINDOWS\LMI42.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue]
[Files/Folders - Modified Within 30 Days]
NY ->  12 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
  • 0

#21
Batke

Batke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK, ran the fix.
Here is the OTS log.
Kevin

[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS45.tmp\SymNRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\LMI42.tmp\lmi_rescue.exe deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache6055720443553695630.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache6127524344589434024.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR4.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR5.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR6.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR7.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR8.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR9.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MARA.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MARB.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MARC.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MARD.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MARE.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF15A2.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF327.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF37DE.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6829.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF7E2F.tmp deleted successfully.
File not found!
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 11132011_070242
  • 0

#22
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, that's looking good, how's the computer running now?

If its all okay, we'll remove the tools we've used, but I'll wait until your reply :)

Either way, can you just run this:

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

eddie
  • 0

#23
Batke

Batke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The computer seems to be running pretty well now...thanks to you.
I ran the temp file cleaner as well.

I'm curious for your feedback on what you found problematic and what you removed through the various scans and fixes.
Any lessons learned for me to prevent future problems ?

Thanks
Kevin
  • 0

#24
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Good to hear :)

As to what I found, well you had old versions of Java, so when it was updated, I just removed the remains of the older one, as these can be exploited. Apart from that, I couldn't see anything that was actually malware related, but the kbd error may have just been an issue with the actual keyboard, and possibly a corrupt file.

However, it all looks like its sorted itself out. Computers are like that, you can be running merrily along, and then an error pops up. Spend all night trying to solve it, and then it never appears again, just dissapears into the ether again :yes:

To prevent this in the future? Just keep up to date, and if it does, write the exact error down, and what you were doing at the time :)

I'll reply in a minute with the removal of the tools we've used :)
  • 0

#25
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
We have a couple of last steps to perform and then you're all set. Any Problems/Questions, let me know :)

Firstly, lets uninstall the tools we've used:

Run this:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Also, remove the following from the Desktop, if still there after doing the above:

SystemLook
RSIT


==============================


  • Select Start > Control Panel then double-click on the System icon in the Control Panel.
  • In the left-hand pane click on the System Protection option.
  • When the Dialog comes up, click on the System Protection tab.
  • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  • You will get a message that the Restore Point was created successfully. Click on the Close button.
  • Click on the OK button and close the System window in the Control Panel.

Making Internet Explorer More Secure


Go to Control Panel and open the Internet Options. Click on the Advanced tab and do the following:
  • Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply


Then, click on the Security tab and do the following:
  • Make sure the Internet icon is selected.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.



Makeing FireFox More Secure

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.



Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.
  • Go to Start | Programs | Accessories | System Tools | Disk Cleanup
  • It should start straight away, but if you have to select a drive, click on the C-drive.
  • Let it run, and at the end it will give you some boxes to tick.
  • All are okay to enable, then press OK and then Yes to the question after.
  • It will close after its completed.


------------------------

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are is a free one available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run this free malware scanner
weekly, and be aware of what emails you open and websites you visit.


Have a safe and happy computing day!

eddie
  • 0

Advertisements


#26
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP