Keyboard virus problem, Types "/..,nffffffffffffff...."

View previous topic View next topic Go down

Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 04, 2009 1:00 am

Hello,
Sorry about the last post it was due to a holiday break with my wife overseas, and couldnt reply to the post.

Again...I have another problem with my laptop

Im currently using another laptop.

Myother laptop has been infected with a virus?...or something
The symtoms were that, Whenever i typed something on the keyboard...4 letters would be typed when i only typed 1 letter...And everytime this happened....it would type this first.

"/..,nffffffffffffffffffffffffffffffffffffffffffff....." And it would keep typing the letter f continously ....

I hope you can help me with my problem with the laptop Big Grin
Hope to hear you soon ^^

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Wed Mar 04, 2009 1:08 am

The 'f' key is getting stuck down?
Lets have a look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 04, 2009 2:26 am

HeY! Big Grin
Uhmm no the f key is not pressed down....


DDS (Ver_09-02-01.01) - NTFSx86
Run by lina at 15:22:55.07 on Wed 04/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.2038.1306 [GMT 13:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k nfr
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\lina\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
uInternet Settings,ProxyServer = http=localhost:7070
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [nfr] rundll32.exe nfr.dll,ServiceMain /pid=10180
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
IE: ???????? Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????? Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: ?????? PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\bio-protection fingerprint solution\WinNotify.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lina\applic~1\mozilla\firefox\profiles\80rloauh.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1

============= SERVICES / DRIVERS ===============

R?2 nfr;nfr;c:\windows\system32\svchost.exe -k nfr [2004-8-4 14336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-7-20 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-4-8 78208]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 ccosm;Contrl Center of Storm Media;c:\program files\stormii\stormliv.exe /asservice --> c:\program files\stormii\stormliv.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-5 33752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-15 28933976]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20080427.009\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20080427.009\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20080427.009\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20080427.009\NAVEX15.SYS [?]
S3 npkycryp;npkycryp;\??\c:\windows\system32\npkycryp.sys --> c:\windows\system32\npkycryp.sys [?]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-03-04 15:16 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-04 15:15 --d----- c:\program files\SUPERAntiSpyware
2009-03-04 15:15 --d----- c:\docume~1\lina\applic~1\SUPERAntiSpyware.com
2009-03-04 15:15 --d----- c:\program files\common files\Wise Installation Wizard
2009-03-04 14:57 --d----- c:\docume~1\lina\applic~1\IObit
2009-03-04 14:57 --d----- c:\program files\IObit
2009-03-03 21:59 161,792 a------- c:\windows\SWREG.exe
2009-03-03 21:59 98,816 a------- c:\windows\sed.exe
2009-02-24 15:37 0 a------- c:\windows\system32\nfr.gpref
2009-02-24 15:35 0 a------- c:\windows\system32\nfr.assembly
2009-02-23 18:53 10,752 a------- c:\windows\system32\nfr.dll
2009-02-20 16:03 0 a------- c:\windows\system32\drivers\nfr.dll.gpref
2009-02-18 17:14 0 a------- c:\windows\system32\drivers\nfr.dll.assembly
2009-02-18 17:14 16,900 a------- c:\windows\system32\drivers\nfr.dll
2009-02-18 16:13 26,112 a------- c:\windows\system32\stu2.exe
2009-02-04 20:58 --d----- c:\program files\iPod
2009-02-04 20:58 --d----- c:\program files\iTunes
2009-02-04 20:58 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-04 20:56 32,000 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-02-18 16:13 8,704 a------- c:\windows\system32\userinit.exe
2009-01-09 00:12 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 12:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-16 22:53 17,293 a------- c:\docume~1\lina\applic~1\aqosab.dll
2008-11-16 22:53 17,240 a------- c:\docume~1\lina\applic~1\dysu.vbs
2008-11-16 22:53 15,024 a------- c:\docume~1\alluse~1\applic~1\qemucyjib.reg
2008-11-16 22:53 12,609 a------- c:\docume~1\alluse~1\applic~1\ezigydej.vbs
2008-11-16 22:53 11,956 a------- c:\docume~1\alluse~1\applic~1\arelukoqeq.bat
2008-11-16 22:53 10,556 a------- c:\program files\common files\apol._dl
2008-11-16 22:53 10,489 a------- c:\program files\common files\awybe._sy
2008-11-16 22:53 10,369 a------- c:\docume~1\lina\applic~1\ohub.exe
2008-12-02 11:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat

============= FINISH: 15:23:50.34 ===============

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Wed Mar 04, 2009 2:30 am


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8 and Norton Internet Security)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 04, 2009 4:24 am

ComboFix 09-03-02.01 - lina 2009-03-04 16:41:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1524 [GMT 13:00]
Running from: c:\documents and settings\lina\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 15:16 . 2009-03-04 15:16 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 15:15 . 2009-03-04 15:16 d-------- c:\program files\SUPERAntiSpyware
2009-03-04 15:15 . 2009-03-04 15:15 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-04 15:15 . 2009-03-04 15:15 d-------- c:\documents and settings\lina\Application Data\SUPERAntiSpyware.com
2009-03-04 14:57 . 2009-03-04 14:57 d-------- c:\program files\IObit
2009-03-04 14:57 . 2009-03-04 14:57 d-------- c:\documents and settings\lina\Application Data\IObit
2009-02-24 15:37 . 2009-02-24 15:37 0 --a------ c:\windows\system32\nfr.gpref
2009-02-24 15:35 . 2009-02-24 15:35 0 --a------ c:\windows\system32\nfr.assembly
2009-02-20 16:03 . 2009-02-20 16:03 0 --a------ c:\windows\system32\drivers\nfr.dll.gpref
2009-02-18 17:14 . 2009-02-18 17:14 0 --a------ c:\windows\system32\drivers\nfr.dll.assembly
2009-02-18 16:13 . 2008-04-14 13:12 26,112 --a------ c:\windows\system32\stu2.exe
2009-02-04 20:58 . 2009-02-04 20:58 d-------- c:\program files\iTunes
2009-02-04 20:58 . 2009-02-04 20:58 d-------- c:\program files\iPod
2009-02-04 20:58 . 2009-02-04 20:58 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-04 20:56 . 2009-02-04 20:56 d-------- c:\program files\Common Files\Apple
2009-02-04 20:56 . 2009-02-04 20:56 d-------- c:\program files\Apple Software Update
2009-02-04 20:56 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 07:56 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-18 03:13 8,704 ----a-w c:\windows\system32\userinit.exe
2009-02-13 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-04 07:58 --------- d-----w c:\program files\Bonjour
2009-01-08 11:12 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-08 11:12 --------- d-----w c:\program files\Java
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-16 09:53 17,293 ----a-w c:\documents and settings\lina\Application Data\aqosab.dll
2008-11-16 09:53 17,240 ----a-w c:\documents and settings\lina\Application Data\dysu.vbs
2008-11-16 09:53 15,024 ----a-w c:\documents and settings\All Users\Application Data\qemucyjib.reg
2008-11-16 09:53 12,609 ----a-w c:\documents and settings\All Users\Application Data\ezigydej.vbs
2008-11-16 09:53 11,956 ----a-w c:\documents and settings\All Users\Application Data\arelukoqeq.bat
2008-11-16 09:53 10,556 ----a-w c:\program files\Common Files\apol._dl
2008-11-16 09:53 10,489 ----a-w c:\program files\Common Files\awybe._sy
2008-11-16 09:53 10,369 ----a-w c:\documents and settings\lina\Application Data\ohub.exe
2007-06-01 21:14 4,683,144 ----a-w c:\documents and settings\i386\KB933566.EXE
2007-05-21 20:42 558,984 ----a-w c:\documents and settings\i386\KB935840.EXE
2007-05-21 19:42 802,696 ----a-w c:\documents and settings\i386\KB935839.EXE
2007-05-19 01:12 1,600,392 ----a-w c:\documents and settings\i386\KB929123.EXE
2007-05-05 00:42 1,266,056 ----a-w c:\documents and settings\i386\KB927891.EXE
2007-04-17 20:06 4,684,168 ----a-w c:\documents and settings\i386\KB931768.EXE
2007-04-16 23:38 795,528 ----a-w c:\documents and settings\i386\KB930916.EXE
2007-04-02 08:02 719,240 ----a-w c:\documents and settings\i386\KB935448.exe
2007-03-22 21:04 2,297,224 ----a-w c:\documents and settings\i386\KB931784.EXE
2007-03-21 10:54 561,544 ----a-w c:\documents and settings\i386\KB931261.EXE
2007-03-21 02:37 575,880 ----a-w c:\documents and settings\i386\KB932168.EXE
2007-02-07 01:27 2,292,536 ----a-w c:\documents and settings\i386\KB929338.EXE
2007-02-06 01:29 963,464 ----a-w c:\documents and settings\i386\KB928470.EXE
2006-06-14 09:00 82,944 ----a-w c:\documents and settings\i386\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w c:\documents and settings\i386\splitter.sys
2006-06-14 08:47 172,416 ----a-w c:\documents and settings\i386\kmixer.sys
2006-05-05 09:41 453,120 ----a-w c:\documents and settings\i386\mrxsmb.sys
2006-04-26 09:55 583,480 ----a-w c:\documents and settings\i386\KB918005.exe
2006-03-17 00:33 262,784 ----a-w c:\documents and settings\i386\http.sys
2006-02-24 20:00 5,010,672 ----a-w c:\documents and settings\i386\KB912945.EXE
2006-02-15 00:22 142,464 ----a-w c:\documents and settings\i386\aec.sys
2005-11-04 05:05 512,752 ----a-w c:\documents and settings\i386\KB909667.exe
2005-10-12 18:00 2,583,280 ----a-w c:\documents and settings\i386\KB896256.exe
2005-03-02 00:59 2,179,328 ----a-w c:\documents and settings\i386\ntoskrnl.exe
2005-03-02 00:57 2,135,552 ----a-w c:\documents and settings\i386\ntkrnlmp.exe
2005-03-02 00:34 2,056,832 ----a-w c:\documents and settings\i386\ntkrnlpa.exe
2005-03-02 00:34 2,015,232 ----a-w c:\documents and settings\i386\ntkrpamp.exe
2004-12-21 20:33 6,144 ----a-w c:\documents and settings\TEM\NTIDrvr.sys
2004-10-07 01:20 352,488 ----a-w c:\documents and settings\i386\Q885855.exe
2002-11-13 17:12 32,256 ----a-w c:\documents and settings\TEM\addfilter.exe
2008-12-01 22:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120220081203\index.dat
.

------- Sigcheck -------

2004-08-04 18:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 13:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-18 16:13 8704 62592e700aaa4fe32483c7640f5472ad c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 07:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-04 02:16:05 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-04 02:16:05 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2000-08-30 19:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 19:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-12-15 04:59:45 1,653,480 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-03 09:20:39 1,653,544 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-04 03:25:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_148.dat
.

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 04, 2009 4:25 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-05 171448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-08-01 53248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-01 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-19 14:38 2869760 c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQUpdateCenter.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQPet\\QQPetAgent.exe"=
"c:\\Program Files\\Tencent\\QQGame\\QQGameDl.exe"=
"c:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:nfr
"7070:TCP"= 7070:TCP:nfr

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-20 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-08 78208]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice --> c:\program files\StormII\stormliv.exe [?]
S2 nfr;nfr;c:\windows\System32\svchost.exe -k nfr [2004-08-04 14336]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-05 33752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-15 28933976]
S3 npkycryp;npkycryp;\??\c:\windows\system32\npkycryp.sys --> c:\windows\system32\npkycryp.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfr REG_MULTI_SZ nfr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{131897da-d724-11dd-9afb-0013e8af1dcd}]
\Shell\AutoRun\command - lgrncie.bat
\Shell\explore\Command - lgrncie.bat
\Shell\open\Command - lgrncie.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7076a3-b0a5-11dd-9ac2-0013e8af1dcd}]
\Shell\AutoRun\command - G:\PMB_P.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c26f83be-7320-11dd-9a7c-0013e8af1dcd}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee2f421b-74af-11dd-9a7f-0013e8af1dcd}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-04-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - lina.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-02-04 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-02-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2009-03-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-04 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-nfr - nfr.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
uInternet Settings,ProxyServer = http=localhost:7070
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\lina\Application Data\Mozilla\Firefox\Profiles\80rloauh.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
.
.
------- File Associations -------
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-03-04 16:42:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-155772267-545420903-2524767943-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Q*Q*8nb]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Sb*_ *C*C*l*e*a*n*e*r*.*.*.*\command]
@="c:\\Program Files\\CCleaner\\ccleaner.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
@DACL=(02 0013)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,8e,6a,70,
8a,8a,c6,c8,01,02,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\àeLeQ*Q*°‹LrhV]
@DACL=(02 0013)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,80,1e,00,00,00,00,00,00,f8,d9,
f8,7e,45,c9,01,00,00,00,00,44,00,3a,00,5c,00,74,00,6f,00,6f,00,6c,00,73,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ??"
"UninstallString"="c:\\Program Files\\Tencent\\QQGame\\Uninstall.EXE"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\àeLeQ*Q*°‹LrhV]
"DisplayName"="??QQ??? 2.30"
"UninstallString"="d:\\tools\\??QQ???\\uninst.exe"
"DisplayIcon"="d:\\tools\\??QQ???\\QQJPQ.exe"
"DisplayVersion"="2.30"
"URLInfoAbout"="http://www.wdjpq.com"
"Publisher"="?????"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
.
Completion time: 2009-03-04 16:43:24
ComboFix-quarantined-files.txt 2009-03-04 03:43:22
ComboFix2.txt 2009-03-03 10:05:18
ComboFix3.txt 2009-03-03 09:29:45
ComboFix4.txt 2009-03-03 09:14:31
ComboFix5.txt 2009-03-04 03:40:45

Pre-Run: 13,494,538,240 bytes free
Post-Run: 13,478,789,120 bytes free

289 --- E O F --- 2009-03-03 04:17:48

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Wed Mar 04, 2009 2:43 pm

Hello.

I asked that your AV be disabled before running Combofix because it will intefere
See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8 and Norton Internet Security)
Please allow Combofix to install the recovery console too.

I have to ask, did you install QQ games?

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
nfr

File::
c:\windows\system32\nfr.gpref
c:\windows\system32\nfr.assembly
c:\windows\system32\drivers\nfr.dll.gpref
c:\windows\system32\drivers\nfr.dll.assembly
c:\documents and settings\lina\Application Data\aqosab.dll
c:\documents and settings\lina\Application Data\dysu.vbs
c:\documents and settings\All Users\Application Data\qemucyjib.reg
c:\documents and settings\All Users\Application Data\ezigydej.vbs
c:\documents and settings\All Users\Application Data\arelukoqeq.bat
c:\program files\Common Files\apol._dl
c:\program files\Common Files\awybe._sy
c:\documents and settings\lina\Application Data\ohub.exe

FCOPY::
c:\windows\ServicePackFiles\i386\userinit.exe | c:\windows\system32\userinit.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"=-
"7070:TCP"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{131897da-d724-11dd-9afb-0013e8af1dcd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7076a3-b0a5-11dd-9ac2-0013e8af1dcd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee2f421b-74af-11dd-9a7f-0013e8af1dcd}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Thu Mar 05, 2009 7:45 am

Yeah i think i do have QQ games...

And by the way, you told me to disable the norton and AVG sercurtiy things..
But on my task bar...it doesnt show up...
And i did a file search in my computer, Yes there are files for AVG8 etc..But i dont seem to find the program which i can open and disable it...
I think its not running on the computer =/...Im not sure

I did what you told me, The combofix and the notepad thing
The virus is still there.
I will post the combo log soon, when i get my USB

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Thu Mar 05, 2009 9:31 am

Okay.
We'll uninstall them and remove this because it's renamed your userinit and dropped it's own. I need to see the Combofix log before we go any further.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Thu Mar 05, 2009 10:47 am

ComboFix 09-03-04.01 - lina 2009-03-05 17:45:53.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1503 [GMT 13:00]
Running from: c:\documents and settings\lina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\lina\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\arelukoqeq.bat
c:\documents and settings\All Users\Application Data\ezigydej.vbs
c:\documents and settings\All Users\Application Data\qemucyjib.reg
c:\documents and settings\lina\Application Data\aqosab.dll
c:\documents and settings\lina\Application Data\dysu.vbs
c:\documents and settings\lina\Application Data\ohub.exe
c:\program files\Common Files\apol._dl
c:\program files\Common Files\awybe._sy
c:\windows\system32\drivers\nfr.dll.assembly
c:\windows\system32\drivers\nfr.dll.gpref
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\arelukoqeq.bat
c:\documents and settings\All Users\Application Data\ezigydej.vbs
c:\documents and settings\All Users\Application Data\qemucyjib.reg
c:\documents and settings\lina\Application Data\aqosab.dll
c:\documents and settings\lina\Application Data\dysu.vbs
c:\documents and settings\lina\Application Data\ohub.exe
c:\program files\Common Files\apol._dl
c:\program files\Common Files\awybe._sy
c:\windows\system32\drivers\nfr.dll.assembly
c:\windows\system32\drivers\nfr.dll.gpref
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NFR
-------\Service_nfr


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-04 15:16 . 2009-03-04 15:16 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 15:15 . 2009-03-04 15:16 d-------- c:\program files\SUPERAntiSpyware
2009-03-04 15:15 . 2009-03-04 15:15 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-04 15:15 . 2009-03-04 15:15 d-------- c:\documents and settings\lina\Application Data\SUPERAntiSpyware.com
2009-03-04 14:57 . 2009-03-04 14:57 d-------- c:\program files\IObit
2009-03-04 14:57 . 2009-03-04 14:57 d-------- c:\documents and settings\lina\Application Data\IObit
2009-02-18 16:13 . 2008-04-14 13:12 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 07:56 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-04 07:58 --------- d-----w c:\program files\iTunes
2009-02-04 07:58 --------- d-----w c:\program files\iPod
2009-02-04 07:58 --------- d-----w c:\program files\Bonjour
2009-02-04 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-04 07:56 --------- d-----w c:\program files\Common Files\Apple
2009-02-04 07:56 --------- d-----w c:\program files\Apple Software Update
2009-01-08 11:12 --------- d-----w c:\program files\Java
2007-06-01 21:14 4,683,144 ----a-w c:\documents and settings\i386\KB933566.EXE
2007-05-21 20:42 558,984 ----a-w c:\documents and settings\i386\KB935840.EXE
2007-05-21 19:42 802,696 ----a-w c:\documents and settings\i386\KB935839.EXE
2007-05-19 01:12 1,600,392 ----a-w c:\documents and settings\i386\KB929123.EXE
2007-05-05 00:42 1,266,056 ----a-w c:\documents and settings\i386\KB927891.EXE
2007-04-17 20:06 4,684,168 ----a-w c:\documents and settings\i386\KB931768.EXE
2007-04-16 23:38 795,528 ----a-w c:\documents and settings\i386\KB930916.EXE
2007-04-02 08:02 719,240 ----a-w c:\documents and settings\i386\KB935448.exe
2007-03-22 21:04 2,297,224 ----a-w c:\documents and settings\i386\KB931784.EXE
2007-03-21 10:54 561,544 ----a-w c:\documents and settings\i386\KB931261.EXE
2007-03-21 02:37 575,880 ----a-w c:\documents and settings\i386\KB932168.EXE
2007-02-07 01:27 2,292,536 ----a-w c:\documents and settings\i386\KB929338.EXE
2007-02-06 01:29 963,464 ----a-w c:\documents and settings\i386\KB928470.EXE
2006-06-14 09:00 82,944 ----a-w c:\documents and settings\i386\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w c:\documents and settings\i386\splitter.sys
2006-06-14 08:47 172,416 ----a-w c:\documents and settings\i386\kmixer.sys
2006-05-05 09:41 453,120 ----a-w c:\documents and settings\i386\mrxsmb.sys
2006-04-26 09:55 583,480 ----a-w c:\documents and settings\i386\KB918005.exe
2006-03-17 00:33 262,784 ----a-w c:\documents and settings\i386\http.sys
2006-02-24 20:00 5,010,672 ----a-w c:\documents and settings\i386\KB912945.EXE
2006-02-15 00:22 142,464 ----a-w c:\documents and settings\i386\aec.sys
2005-11-04 05:05 512,752 ----a-w c:\documents and settings\i386\KB909667.exe
2005-10-12 18:00 2,583,280 ----a-w c:\documents and settings\i386\KB896256.exe
2005-03-02 00:59 2,179,328 ----a-w c:\documents and settings\i386\ntoskrnl.exe
2005-03-02 00:57 2,135,552 ----a-w c:\documents and settings\i386\ntkrnlmp.exe
2005-03-02 00:34 2,056,832 ----a-w c:\documents and settings\i386\ntkrnlpa.exe
2005-03-02 00:34 2,015,232 ----a-w c:\documents and settings\i386\ntkrpamp.exe
2004-12-21 20:33 6,144 ----a-w c:\documents and settings\TEM\NTIDrvr.sys
2004-10-07 01:20 352,488 ----a-w c:\documents and settings\i386\Q885855.exe
2002-11-13 17:12 32,256 ----a-w c:\documents and settings\TEM\addfilter.exe
2008-12-01 22:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120220081203\index.dat
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 07:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-04 02:16:05 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-04 02:16:05 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2000-08-30 19:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 19:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2008-04-14 00:12:38 26,112 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-12-15 04:59:45 1,653,480 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-03 09:20:39 1,653,544 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-05 04:48:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c4.dat

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Thu Mar 05, 2009 10:47 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-05 171448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-08-01 53248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-01 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-19 14:38 2869760 c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQUpdateCenter.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQPet\\QQPetAgent.exe"=
"c:\\Program Files\\Tencent\\QQGame\\QQGameDl.exe"=
"c:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-20 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-08 78208]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice --> c:\program files\StormII\stormliv.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-05 33752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-15 28933976]
S3 npkycryp;npkycryp;\??\c:\windows\system32\npkycryp.sys --> c:\windows\system32\npkycryp.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfr REG_MULTI_SZ nfr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c26f83be-7320-11dd-9a7c-0013e8af1dcd}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-04-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - lina.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-02-04 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-02-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2009-03-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-04 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
uInternet Settings,ProxyServer = http=localhost:7070
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\lina\Application Data\Mozilla\Firefox\Profiles\80rloauh.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-03-05 17:49:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-155772267-545420903-2524767943-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Q*Q*8nb]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Sb*_ *C*C*l*e*a*n*e*r*.*.*.*\command]
@="c:\\Program Files\\CCleaner\\ccleaner.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
@DACL=(02 0013)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,8e,6a,70,
8a,8a,c6,c8,01,02,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\àeLeQ*Q*°‹LrhV]
@DACL=(02 0013)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,80,1e,00,00,00,00,00,00,f8,d9,
f8,7e,45,c9,01,00,00,00,00,44,00,3a,00,5c,00,74,00,6f,00,6f,00,6c,00,73,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ??"
"UninstallString"="c:\\Program Files\\Tencent\\QQGame\\Uninstall.EXE"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\àeLeQ*Q*°‹LrhV]
"DisplayName"="??QQ??? 2.30"
"UninstallString"="d:\\tools\\??QQ???\\uninst.exe"
"DisplayIcon"="d:\\tools\\??QQ???\\QQJPQ.exe"
"DisplayVersion"="2.30"
"URLInfoAbout"="http://www.wdjpq.com"
"Publisher"="?????"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\docume~1\lina\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-05 17:51:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 04:51:20
ComboFix2.txt 2009-03-04 03:43:25
ComboFix3.txt 2009-03-03 10:05:18
ComboFix4.txt 2009-03-03 09:29:45
ComboFix5.txt 2009-03-05 04:43:48

Pre-Run: 13,433,253,888 bytes free
Post-Run: 13,416,087,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

307 --- E O F --- 2009-03-03 04:17:48

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Thu Mar 05, 2009 5:08 pm

Hello.
I want to get a registry export of a key.

  • Now open a new notepad file.
  • Input this into the notepad file:

    regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost"
    start notepad C:\look.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Fri Mar 06, 2009 5:07 am

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,42,00,\
49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,\
00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,6e,00,61,00,70,00,\
61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,\
00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"bthsvcs"=hex(7):42,00,74,00,68,00,53,00,65,00,72,00,76,00,00,00,00,00
"eapsvcs"=hex(7):65,00,61,00,70,00,68,00,6f,00,73,00,74,00,00,00,00,00
"dot3svc"=hex(7):64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,00,00
"nfr"=hex(7):6e,00,66,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Fri Mar 06, 2009 10:03 am

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\npkycryp.sys

Driver::
npkycryp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"nfr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Fri Mar 06, 2009 10:34 pm

The problem is still there > < ...
Will send you a log file in a few hours, off to work ^^

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Sat Mar 07, 2009 8:27 pm

ComboFix 09-03-04.01 - lina 2009-03-07 10:43:00.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1452 [GMT 13:00]
Running from: c:\documents and settings\lina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\lina\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\npkycryp.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npkycryp


((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-04 15:16 . 2009-03-04 15:16 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 15:15 . 2009-03-04 15:16 d-------- c:\program files\SUPERAntiSpyware
2009-03-04 15:15 . 2009-03-04 15:15 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-04 15:15 . 2009-03-04 15:15 d-------- c:\documents and settings\lina\Application Data\SUPERAntiSpyware.com
2009-03-04 14:57 . 2009-03-04 14:57 d-------- c:\program files\IObit
2009-03-04 14:57 . 2009-03-04 14:57 d-------- c:\documents and settings\lina\Application Data\IObit
2009-02-18 16:13 . 2008-04-14 13:12 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 07:56 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-04 07:58 --------- d-----w c:\program files\iTunes
2009-02-04 07:58 --------- d-----w c:\program files\iPod
2009-02-04 07:58 --------- d-----w c:\program files\Bonjour
2009-02-04 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-04 07:56 --------- d-----w c:\program files\Common Files\Apple
2009-02-04 07:56 --------- d-----w c:\program files\Apple Software Update
2009-01-08 11:12 --------- d-----w c:\program files\Java
2007-06-01 21:14 4,683,144 ----a-w c:\documents and settings\i386\KB933566.EXE
2007-05-21 20:42 558,984 ----a-w c:\documents and settings\i386\KB935840.EXE
2007-05-21 19:42 802,696 ----a-w c:\documents and settings\i386\KB935839.EXE
2007-05-19 01:12 1,600,392 ----a-w c:\documents and settings\i386\KB929123.EXE
2007-05-05 00:42 1,266,056 ----a-w c:\documents and settings\i386\KB927891.EXE
2007-04-17 20:06 4,684,168 ----a-w c:\documents and settings\i386\KB931768.EXE
2007-04-16 23:38 795,528 ----a-w c:\documents and settings\i386\KB930916.EXE
2007-04-02 08:02 719,240 ----a-w c:\documents and settings\i386\KB935448.exe
2007-03-22 21:04 2,297,224 ----a-w c:\documents and settings\i386\KB931784.EXE
2007-03-21 10:54 561,544 ----a-w c:\documents and settings\i386\KB931261.EXE
2007-03-21 02:37 575,880 ----a-w c:\documents and settings\i386\KB932168.EXE
2007-02-07 01:27 2,292,536 ----a-w c:\documents and settings\i386\KB929338.EXE
2007-02-06 01:29 963,464 ----a-w c:\documents and settings\i386\KB928470.EXE
2006-06-14 09:00 82,944 ----a-w c:\documents and settings\i386\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w c:\documents and settings\i386\splitter.sys
2006-06-14 08:47 172,416 ----a-w c:\documents and settings\i386\kmixer.sys
2006-05-05 09:41 453,120 ----a-w c:\documents and settings\i386\mrxsmb.sys
2006-04-26 09:55 583,480 ----a-w c:\documents and settings\i386\KB918005.exe
2006-03-17 00:33 262,784 ----a-w c:\documents and settings\i386\http.sys
2006-02-24 20:00 5,010,672 ----a-w c:\documents and settings\i386\KB912945.EXE
2006-02-15 00:22 142,464 ----a-w c:\documents and settings\i386\aec.sys
2005-11-04 05:05 512,752 ----a-w c:\documents and settings\i386\KB909667.exe
2005-10-12 18:00 2,583,280 ----a-w c:\documents and settings\i386\KB896256.exe
2005-03-02 00:59 2,179,328 ----a-w c:\documents and settings\i386\ntoskrnl.exe
2005-03-02 00:57 2,135,552 ----a-w c:\documents and settings\i386\ntkrnlmp.exe
2005-03-02 00:34 2,056,832 ----a-w c:\documents and settings\i386\ntkrnlpa.exe
2005-03-02 00:34 2,015,232 ----a-w c:\documents and settings\i386\ntkrpamp.exe
2004-12-21 20:33 6,144 ----a-w c:\documents and settings\TEM\NTIDrvr.sys
2004-10-07 01:20 352,488 ----a-w c:\documents and settings\i386\Q885855.exe
2002-11-13 17:12 32,256 ----a-w c:\documents and settings\TEM\addfilter.exe
2008-12-01 22:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120220081203\index.dat
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 07:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-04 02:16:05 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-04 02:16:05 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2000-08-30 19:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 19:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2008-09-17 02:29:12 20,040 ----a-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
+ 2008-04-14 00:12:38 26,112 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-12-15 04:59:45 1,653,480 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-03 09:20:39 1,653,544 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-18 03:13:49 8,704 ----a-w c:\windows\system32\userinit.exe
+ 2008-04-14 00:12:38 26,112 ----a-w c:\windows\system32\userinit.exe
+ 2009-03-06 21:46:37 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-05 171448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-08-01 53248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-01 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-19 14:38 2869760 c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQUpdateCenter.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQPet\\QQPetAgent.exe"=
"c:\\Program Files\\Tencent\\QQGame\\QQGameDl.exe"=
"c:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-20 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-08 78208]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice --> c:\program files\StormII\stormliv.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-05 33752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-15 28933976]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c26f83be-7320-11dd-9a7c-0013e8af1dcd}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-04-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - lina.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-02-04 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-02-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2009-03-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-04 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
uInternet Settings,ProxyServer = http=localhost:7070
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\lina\Application Data\Mozilla\Firefox\Profiles\80rloauh.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-03-07 10:47:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Sat Mar 07, 2009 8:28 pm

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-155772267-545420903-2524767943-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Q*Q*8nb]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Sb*_ *C*C*l*e*a*n*e*r*.*.*.*\command]
@="c:\\Program Files\\CCleaner\\ccleaner.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
@DACL=(02 0013)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,8e,6a,70,
8a,8a,c6,c8,01,02,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\àeLeQ*Q*°‹LrhV]
@DACL=(02 0013)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,80,1e,00,00,00,00,00,00,f8,d9,
f8,7e,45,c9,01,00,00,00,00,44,00,3a,00,5c,00,74,00,6f,00,6f,00,6c,00,73,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ??"
"UninstallString"="c:\\Program Files\\Tencent\\QQGame\\Uninstall.EXE"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\àeLeQ*Q*°‹LrhV]
"DisplayName"="??QQ??? 2.30"
"UninstallString"="d:\\tools\\??QQ???\\uninst.exe"
"DisplayIcon"="d:\\tools\\??QQ???\\QQJPQ.exe"
"DisplayVersion"="2.30"
"URLInfoAbout"="http://www.wdjpq.com"
"Publisher"="?????"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-07 10:49:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 21:49:23
ComboFix2.txt 2009-03-05 04:51:24
ComboFix3.txt 2009-03-04 03:43:25
ComboFix4.txt 2009-03-03 10:05:18
ComboFix5.txt 2009-03-06 21:42:37

Pre-Run: 13,376,122,880 bytes free
Post-Run: 13,356,953,600 bytes free

261 --- E O F --- 2009-03-06 04:57:54

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Sat Mar 07, 2009 8:52 pm

Hello.
Any change now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Sat Mar 07, 2009 11:07 pm

Problem still there
~

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Sun Mar 08, 2009 1:18 am

Hello.

I don't think this is malware.

I would uninstall Tencent QQ and QQ games, they are rather questionable. I also see Regcure uninstalled, I advice against registry cleaners because of false positives may leave your machine crippled.

Do you want to try and uninstall/remove un-needed stuff and see if it's just general computer lag?

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Mon Mar 09, 2009 3:19 am

Okay done, Problem still there

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Mon Mar 09, 2009 2:52 pm

Post a new Hijack This log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Tue Mar 10, 2009 11:05 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:29, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\lina\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: QQ????????.lnk
O4 - Startup: ??QQ.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - C:\Program Files\StormII\stormliv.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10695 bytes

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Tue Mar 10, 2009 11:10 pm


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: QQ????????.lnk
    O4 - Startup: ??QQ.lnk
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - C:\Program Files\StormII\stormliv.exe (file missing)
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
See if the typing lag has somewhat decreased.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Tue Mar 10, 2009 11:27 pm

It decreased a bit, But then after a while it comes back again.
Its not really a lag...Its like...when i was in the middle of typing [You must be registered and logged in to see this link.] ...It just went like this "[You must be registered and logged in to see this link.] And so on...i didnt even press the / buttons and so on....~

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Tue Mar 10, 2009 11:28 pm

And it keeps doing that until i restart up my computer again

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Tue Mar 10, 2009 11:30 pm

Not sure what that's about, but as far as I can tell, it's not malware doing it. But that doesn't mean to say the malware hasn't done it's damaged and left it's mark.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 11, 2009 2:40 am

Hmm alright...so whats my next step?
Is it possible to fix this problem?

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Wed Mar 11, 2009 2:54 am

Hello.
I'm off to bed now, so I'll think this over while I get some rest.
Best advice for right now is remove QQ software and regcure.

Lets get an uninstall list and I'll look it over in the morning.

  • Open HijackThis
  • Click "Open the Misc Tools section"
  • Click "Open Uninstall Manager"
  • Click "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 11, 2009 2:56 am

Okay thanks will do ina few minutes ^^
Good night ~

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Wed Mar 11, 2009 6:53 pm

????
????? Adobe Creative Suite 3 Design Premium
??????? 3.2 ??? (3.2.0.0605)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Bio-Protection fingerprint solution 3.0.1.1
Acer Crystal Eye webcam
Acer Crystal Eye Webcam Video Class Camera
Acer GridVista
Acer ScreenSaver
Acrobat.com
Acrobat.com
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Recommended Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Glyphlet Creation Tool CS3
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SGM CS3
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Agere Systems HDA Modem
AHV content for Acrobat and Flash
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
ccCommon
CCleaner (remove only)
CSS FULL DZ [Oct 15 2007] v18.1
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 11
Launch Manager
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Moyea FLV Downloader version 1.16.0.17
Moyea FLV Player version 1.0.0.0
Mozilla Firefox (3.0.6)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mZConfig
Native Instruments Sibelius Player
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NTI Backup NOW! 4.7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
PDF Settings
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Sibelius 3
Smart Defrag 1.11
SPBBC 32bit
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
WIDCOMM Bluetooth Software
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Service Pack 3
WinRAR ???????

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Wed Mar 11, 2009 7:11 pm

Hello.
Is this OS not english or have you installed cracked software?


Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    ????
    ??????? 3.2 ??? (3.2.0.0605)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Thu Mar 12, 2009 4:17 am

Oh its not english~...its surpose to be chinese

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Thu Mar 12, 2009 5:13 am

*UPDATE*
Restarted computer after checking emails.
The system starts up but it stays at the "ACER" screen and will not load
I tried press F8 for safe mode/F2 to enter setup, But does not work
I also tried reseating my ram, still same problem...Just stuck on "ACER" Screen...

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Thu Mar 12, 2009 1:38 pm

Hmmm.
Do you have your XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Thu Mar 12, 2009 6:46 pm

Nope, it didnt come with it?

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Thu Mar 12, 2009 9:04 pm

Well looks like you need to get your hands on one, then we can try a repair install.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by AnotherLexus on Fri Mar 13, 2009 2:49 am

Lol, uhmm i just thought of getting a new hdd~ shud that work?

AnotherLexus
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-08
OS : Windows Vista Basic

View user profile

Back to top Go down

Re: Keyboard virus problem, Types "/..,nffffffffffffff...."

Post by Belahzur on Fri Mar 13, 2009 9:22 am

If it has an OS on it, yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum