Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Keyboard Disabling Malware!

Started by tbwilkes , Jun 06 2011 02:26 AM

  • Please log in to reply

#1
tbwilkes
Posted 06 June 2011 - 02:26 AM

tbwilkes

    Member

  • Member
  • PipPip
  • 41 posts
Trying to assist a friend's son with a sick laptop.

Malwarebytes (run from USB) found and fixed about 20 infections of various nature.

However the keyboard is disabled so am unable to enter anything via keystroke. The mouse still functions ok.

Have attempted to isolate the keyboard problem by plugging in an external USB keyboard. Same problem.

The keyboard functions pre-boot as the F2, F8, F12 work and BIOS options can be selected and navigated. So would appear to not be a physical problem.

Never heard of such an infection so I'm posting the OTL log hoping that someone smarter than I can figure out what the infection might be.

Please help!


OTL logfile created on: 6/6/2011 6:12:37 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\George.DELL640M\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 492.46 Mb Available Physical Memory | 48.55% Memory free
2.38 Gb Paging File | 1.94 Gb Available in Paging File | 81.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.74 Gb Total Space | 63.04 Gb Free Space | 57.45% Space Free | Partition Type: NTFS
Drive E: | 1011.97 Mb Total Space | 971.81 Mb Free Space | 96.03% Space Free | Partition Type: FAT

Computer Name: DELL640M | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 18:10:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George.DELL640M\Desktop\OTL.exe
PRC - [2010/09/02 19:38:02 | 000,041,984 | ---- | M] () -- C:\Program Files\webserver\webserver.exe
PRC - [2010/09/02 19:36:19 | 000,155,648 | -H-- | M] (Ehtpntcj Kjd) -- C:\WINDOWS\andy127.exe
PRC - [2010/03/31 06:31:54 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2008/06/10 03:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/03/18 11:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/24 18:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/24 18:27:10 | 001,372,244 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/02/23 15:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
PRC - [2004/08/12 07:19:08 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/18 13:49:40 | 000,073,728 | R--- | M] () -- C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 18:10:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George.DELL640M\Desktop\OTL.exe
MOD - [2004/08/04 20:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/02 19:38:02 | 000,041,984 | ---- | M] () [Auto | Running] -- C:\Program Files\webserver\webserver.exe -- (webserver)
SRV - [2010/09/02 19:36:54 | 000,057,344 | ---- | M] (dev) [Auto | Start_Pending] -- C:\WINDOWS\system32\dev.dll -- (ddev)
SRV - [2009/09/16 00:35:00 | 003,363,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/09/02 19:36:54 | 000,028,288 | ---- | M] (dev) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dev.sys -- (dev)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/02/18 14:49:46 | 000,100,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 18:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/05/24 18:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 18:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 18:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 18:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 18:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 18:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 17:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 17:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/12 07:25:24 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/12 07:25:24 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/12 07:25:24 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/24 13:55:40 | 000,449,483 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M1000KNT.sys -- (M1000Srv)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.muuler.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.muuler.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA A6 60 30 C6 E5 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "ToggleEN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:2.5.6.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="


[2009/09/15 00:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Extensions
[2009/09/15 00:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Extensions\[email protected]
[2010/09/02 19:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Firefox\Profiles\1gjk5svc.default\extensions
[2010/06/03 16:18:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Firefox\Profiles\1gjk5svc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/13 21:29:55 | 000,000,000 | ---D | M] (Games Bar 1 Toolbar) -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Firefox\Profiles\1gjk5svc.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}
[2009/09/17 19:00:10 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Firefox\Profiles\1gjk5svc.default\searchplugins\bing.xml
[2010/01/20 12:13:52 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\George.DELL640M\Application Data\Mozilla\Firefox\Profiles\1gjk5svc.default\searchplugins\conduit.xml
[2010/09/05 14:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/08 04:12:17 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}

O1 HOSTS File: ([2010/09/02 19:37:56 | 000,000,766 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [M1000Mnt] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [xuri49tkd] C:\WINDOWS\andy127.exe (Ehtpntcj Kjd)
O4 - HKCU..\Run: [WinPro.exe] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\George.DELL640M\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 22:56:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{253047a8-d222-11dd-b89a-0015c5696ebe}\Shell - "" = AutoRun
O33 - MountPoints2\{253047a8-d222-11dd-b89a-0015c5696ebe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{253047a8-d222-11dd-b89a-0015c5696ebe}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{253047ab-d222-11dd-b89a-0015c5696ebe}\Shell - "" = AutoRun
O33 - MountPoints2\{253047ab-d222-11dd-b89a-0015c5696ebe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{253047ab-d222-11dd-b89a-0015c5696ebe}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 18:12:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George.DELL640M\Desktop\OTL.exe
[2011/06/05 18:33:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/06/05 16:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George.DELL640M\Application Data\Malwarebytes
[2011/06/05 16:21:43 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/05 16:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/05 16:21:40 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/05 16:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/05 16:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/08 15:09:37 | 000,055,296 | ---- | C] (trg) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283922575.exe
[2010/09/06 13:35:17 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283744095.exe
[2010/09/05 14:21:25 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283660482.exe
[2010/09/05 13:45:39 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283658337.exe
[2010/09/05 12:08:50 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283652528.exe
[2010/09/05 11:33:46 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283650424.exe
[2010/09/04 21:37:47 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283600264.exe
[2010/09/03 04:14:24 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283451262.exe
[2010/09/02 21:06:44 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283425594.exe
[2010/09/02 20:08:57 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283422136.exe
[2010/09/02 19:36:50 | 000,139,264 | ---- | C] (dev) -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\rdr_1283420208.exe

========== Files - Modified Within 30 Days ==========

[2011/06/06 18:10:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George.DELL640M\Desktop\OTL.exe
[2011/06/06 18:09:08 | 000,436,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/06 18:09:08 | 000,068,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/06 18:05:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 18:05:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 18:04:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 17:55:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 16:21:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/06/05 16:21:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 15:16:04 | 000,028,832 | ---- | C] () -- C:\WINDOWS\fs1235.dat
[2010/09/08 15:12:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\bk20856.dat
[2010/09/08 15:10:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\0991021011004952.xxe
[2010/09/05 13:46:41 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\0991025150102100.xxe
[2010/09/02 20:49:53 | 000,000,190 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/02 20:10:23 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\0991021011025699.xxe
[2010/09/02 19:38:23 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\0505256529857.xxe
[2010/09/02 19:38:00 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\05651535410097.xxe
[2010/09/02 19:37:56 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\0535049569854.xxe
[2010/09/02 19:36:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\010155555710297.xxe
[2010/09/02 19:36:19 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2010/08/16 22:58:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/01/31 22:05:06 | 000,051,652 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 20:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/09 00:54:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\George.DELL640M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/03 17:57:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/23 19:55:33 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\M1000DIF.dll
[2008/12/23 19:55:31 | 000,015,190 | R--- | C] () -- C:\WINDOWS\M1000Twn.ini
[2008/12/23 19:55:29 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F3111.bin
[2008/12/23 19:55:29 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F2111.bin
[2008/12/23 19:55:29 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F0121.bin
[2008/12/23 19:55:29 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F0111.bin
[2008/12/23 19:55:28 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H3111.bin
[2008/12/23 19:55:28 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H2111.bin
[2008/12/23 19:55:28 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H0121.bin
[2008/12/23 19:55:28 | 000,003,053 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H0111.bin
[2008/12/23 19:55:26 | 000,449,483 | R--- | C] () -- C:\WINDOWS\System32\drivers\M1000KNT.sys
[2008/12/03 21:39:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/18 08:43:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/18 08:42:26 | 000,249,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 23:34:12 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008/10/17 23:32:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 23:22:14 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/10/17 23:13:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/10/17 23:13:03 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/10/17 23:11:57 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\ETNADiag.exe
[2008/10/17 22:59:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 22:53:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/24 18:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/12 07:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 07:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 07:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 07:27:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/12 07:26:08 | 000,436,160 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 07:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 07:26:06 | 000,068,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 07:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 07:24:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 07:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 07:22:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 07:18:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 07:18:32 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/06 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/20 00:13:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/12 20:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/03/14 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/08/03 21:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/19 20:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/18 20:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George.DELL640M\Application Data\Acreon
[2009/03/11 21:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George.DELL640M\Application Data\Any DVD Converter Professional
[2010/09/02 19:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George.DELL640M\Application Data\BitTorrent
[2009/09/14 23:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George.DELL640M\Application Data\FileVOoM
[2011/06/06 18:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George.DELL640M\Application Data\LimeWire
[2010/03/14 09:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George.DELL640M\Application Data\SpinTop
[2010/09/02 21:26:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{945FFD8C-FD1C-43B2-9656-3BAE4CAFD883}_DELL640M_Eva.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887

< End of report >
  • 0

Advertisements

#2
tbwilkes
Posted 07 June 2011 - 05:59 PM

tbwilkes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Have managed to install and update Malwarebytes and this seems to have restored the keyboard function.

Multiple infections found including lodap and koobface.

Have also restored the windows firewall and installed M'soft Security essentials.

Have been unable to remove Limewire but I'll keep kicking it.

Am currently testing to see if any infections persist.

Will open a fresh topic should this be the case.

In the meantime will someone please close this topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP