Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Dec 2007
    Posts
    23
    Points
    0

    Default Laptop touch pad goes crazy and keyboard works off and on

    I have a HP Pavilian zv6000 laptop. First, my touch pad would work fine for about 5-20 seconds then start to go crazy. If I touch the pad to go move the mouse it would automatically right and left click and go crazy. About 2-4 months later my key pad would stop working. I would have to restart my computer to get it back again. latley that technique is not working and it works when it feels like working. I'm typing really fast before it decides to stop working. I'm not sure if its a virus or hardware problem. I tried updating my touchpad drives but that would casue it not to work at all. Not sure whats going on. I've had this laptop for about little over 2 years. I'm using an optical mouse.







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46, on 1/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SSC\NSCTOP.EXE
    C:\Program Files\Symantec\Quarantine\Server\qserver.exe
    C:\Program Files\Symantec\Quarantine\Server\ScanExplicit.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec\Quarantine\Server\IcePack.exe
    C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    C:\WINDOWS\system32\ams_ii\iao.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/mini...ansporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activ...areScanner.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.johannrain-softwareentwic...an8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - file://D:\mathplayer\deltacvx.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...60/mcfscan.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: Symantec Quarantine Agent (IcePack) - IBM Corp. - C:\Program Files\Symantec\Quarantine\Server\IcePack.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
    O23 - Service: Symantec Central Quarantine (qserver) - Symantec Corporation - C:\Program Files\Symantec\Quarantine\Server\qserver.exe
    O23 - Service: Symantec Quarantine Scanner (ScanExplicit) - IBM Corp. - C:\Program Files\Symantec\Quarantine\Server\ScanExplicit.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9007 bytes




    ComboFix 07-12-31.4 - Ellis Christian 2007-12-31 1:13:34.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -5:00]
    Running from: C:\Documents and Settings\Ellis Christian\Local Settings\Temporary Internet Files\Content.IE5\P8CN1H3F\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
    .

    2007-12-30 22:53 . 2007-12-30 22:53 d-------- C:\Program Files\Yahoo!
    2007-12-30 22:52 . 2007-12-30 22:53 d-------- C:\Program Files\CCleaner
    2007-12-08 21:51 . 2007-12-30 22:07 d-------- C:\WINDOWS\system32\ActiveScan
    2007-12-08 21:51 . 2007-12-30 22:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-12-08 21:51 . 2007-12-30 22:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-12-08 21:51 . 2007-12-30 22:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-12-04 22:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-04 22:16 . 2007-12-30 22:30 d-------- C:\Program Files\SUPERAntiSpyware
    2007-12-04 22:16 . 2007-12-04 22:16 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-04 22:16 . 2007-12-04 22:16 d-------- C:\Documents and Settings\Ellis Christian\Application Data\SUPERAntiSpyware.com
    2007-12-04 22:16 . 2007-12-04 22:16 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-02 22:20 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-12-02 22:20 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-12-02 20:29 . 2006-01-18 15:13 147,456 -ra------ C:\WINDOWS\system32\MUINST_Y.EXE
    2007-12-02 20:29 . 2005-07-11 20:09 61,440 -ra------ C:\WINDOWS\system32\MCOINS_Y.DLL
    2007-12-02 20:29 . 2005-07-11 20:01 3,005 -ra------ C:\WINDOWS\system32\MUNZ___Y.UNM
    2007-12-02 17:11 . 2007-12-02 17:11 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-02 16:32 . 2007-12-02 16:32 d-------- C:\ZUD55721
    2007-12-02 12:34 . 2007-12-02 12:34 d-------- C:\Program Files\Envelope Manager
    2007-11-18 07:39 . 2007-11-18 07:39 0 --a------ C:\WINDOWS\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-31 06:19 21,469,984 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-31 06:00 --------- d-----w C:\Documents and Settings\Ellis Christian\Application Data\WeatherBug
    2007-12-31 05:51 288,212 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-31 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-16 19:26 --------- d-----w C:\Program Files\HP
    2007-11-30 06:51 512 ----a-w C:\ScanSectorLog.dat
    2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-11-14 21:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-11-13 23:38 17,331,911 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_11_22_57_16_full.dmp.zip
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-03 02:16 --------- d-----w C:\Program Files\PartyGaming
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-28 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-16 16:40 91,520 ----a-w C:\WINDOWS\HPBroker.dll
    2007-08-17 19:16 17,079,961 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_15_22_30_55_full.dmp.zip
    2007-08-14 03:06 2,526,678 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2006-01-30 21:21 190 ----a-w C:\Program Files\Common Files\psasetup.log
    2005-08-20 07:17 0 ----a-w C:\Documents and Settings\Ellis Christian\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-01-06 09:57 1343488]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Newsflash.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Newsflash.lnk
    backup=C:\WINDOWS\pss\Newsflash.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk
    backup=C:\WINDOWS\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PayPal Plug-In for Outlook Express.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PayPal Plug-In for Outlook Express.lnk
    backup=C:\WINDOWS\pss\PayPal Plug-In for Outlook Express.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk
    backup=C:\WINDOWS\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2004-12-21 23:05 344064 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe /min

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    2004-11-05 15:52 233534 --a------ C:\Program Files\HPQ\Default Settings\cpqset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2004-12-08 19:23 790528 --a------ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2004-08-04 07:00 44032 --a------ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-02-23 15:45 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
    C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 12:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
    2004-11-11 20:50 212992 --a------ C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDI]
    2005-08-05 12:18 344064 --a------ C:\Program Files\Toleron\RDI\DIServer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-08-20 01:57 36972 --a------ C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2004-11-03 21:38 688218 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    2004-11-03 21:40 98394 --a------ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracker]
    2004-10-27 12:02 118784 --a------ C:\Program Files\MySoftware\MyInvoices\tracker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    2004-12-08 20:44 184320 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    2007-11-14 16:05 919016 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2 (0x2)

    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-09 18:59]
    S3 MhzNet;Megaherz Lan/Modem PCMCIA Device Driver;C:\WINDOWS\system32\DRIVERS\xem336n5.sys []
    S3 WinPVT;WinPVT;C:\Program Files\HP\WinPVT\WinPVT.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-31 06:17:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 01:20:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-31 1:21:46
    C:\qoobox\ComboFix2.txt 2007-12-08 00:25:38
    C:\qoobox\ComboFix3.txt 2007-12-05 13:27:16
    .
    2007-12-16 18:43:55 --- E O F ---












    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/31/2007 at 00:25 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3355
    Trace Rules Database Version: 1354

    Scan type : Complete Scan
    Total Scan Time : 01:15:31

    Memory items scanned : 505
    Memory threats detected : 0
    Registry items scanned : 7067
    Registry threats detected : 0
    File items scanned : 100322
    File threats detected : 0

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I see that we got the PC cleaned up just a month ago.

    Again you are not running the combo scan from the desk top like you were told last time.

    You now have 2 anti virus programs running, can only have only one.

    How did you come up with this really old version of Java ????
    It is even older than the one you had a month ago.

    You never said anything about key board problems that you had been having in your last post.

    Probably should have followed Steams advice last month to wipe the drive and re install every thing.

    BG

  3. #3
    Member trickytiger's Avatar
    Join Date
    Dec 2005
    Posts
    35
    Points
    1

    Default

    I would reccommend you format your hard drive and do a clean install of windows, if that doesn't fix the problem it could be hardware related if that's the case you will need to take it to a computer shop.

  4. #4
    Member
    Join Date
    Dec 2007
    Posts
    23
    Points
    0

    Default

    My first post which was a month ago was for my desktop. I got it to work. I am having trouble with my laptop now. It just started acting crazy about a month ago. I try working on it myself and had no luck. I donít want to take it into best buy unless itís like a hardware problem. I thought I was running ComboFix from my desktop; I will rescan it today and make all the corrections you noted. How does my HijackThis look?

  5. #5
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    No problem, I should have not have assumed this was the same PC

    Run another Combo scan after you get it saved to your desk top.

    Moving this post to the Spyware forum.

    BG

  6. #6
    Member
    Join Date
    Dec 2007
    Posts
    23
    Points
    0

    Default

    Here is my Combofix report.


    ComboFix 08-01-05.8 - Ellis Christian 2008-01-05 11:50:39.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.103 [GMT -5:00]
    Running from: C:\Documents and Settings\Ellis Christian\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
    .

    2007-12-31 01:24 . 2007-12-31 01:24 d-------- C:\Program Files\Trend Micro
    2007-12-30 22:53 . 2007-12-30 22:53 d-------- C:\Program Files\Yahoo!
    2007-12-30 22:52 . 2007-12-30 22:53 d-------- C:\Program Files\CCleaner
    2007-12-08 21:51 . 2007-12-30 22:07 d-------- C:\WINDOWS\system32\ActiveScan
    2007-12-08 21:51 . 2007-12-30 22:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-12-08 21:51 . 2007-12-30 22:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-12-08 21:51 . 2007-12-30 22:06 1,406 --a------ C:\WINDOWS\system32\Help.ico

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-05 16:57 21,774,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-04 02:41 292,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-04 00:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-12-31 06:00 --------- d-----w C:\Documents and Settings\Ellis Christian\Application Data\WeatherBug
    2007-12-31 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-16 19:26 --------- d-----w C:\Program Files\HP
    2007-12-05 03:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-05 03:16 --------- d-----w C:\Documents and Settings\Ellis Christian\Application Data\SUPERAntiSpyware.com
    2007-12-05 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-02 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-02 17:34 --------- d-----w C:\Program Files\Envelope Manager
    2007-11-30 06:51 512 ----a-w C:\ScanSectorLog.dat
    2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-11-14 21:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-11-13 23:38 17,331,911 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_11_22_57_16_full.dmp.zip
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-16 16:40 91,520 ----a-w C:\WINDOWS\HPBroker.dll
    2007-08-17 19:16 17,079,961 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_15_22_30_55_full.dmp.zip
    2007-08-14 03:06 2,526,678 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2006-01-30 21:21 190 ----a-w C:\Program Files\Common Files\psasetup.log
    2005-08-20 07:17 0 ----a-w C:\Documents and Settings\Ellis Christian\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-31_ 1.20.54.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-18 15:04:16 341,296 ----a-w C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
    + 2004-08-04 12:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
    + 2004-08-04 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
    - 2004-11-04 02:26:42 186,016 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
    + 2005-02-02 16:58:58 191,456 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
    + 2004-08-04 12:00:00 52,736 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\i8042prt.sys
    + 2004-08-04 12:00:00 23,040 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\mouclass.sys
    + 2005-02-02 17:14:34 69,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\InstNT.exe
    + 2007-09-15 07:13:24 163,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynCOM.dll
    + 2005-02-02 17:01:30 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynCtrl.dll
    + 2005-02-02 17:13:00 548,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynISDLL.dll
    + 2005-02-02 16:57:54 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynMood.exe
    + 2005-02-02 16:58:58 191,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTP.sys
    + 2007-09-15 07:21:56 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPAPI.dll
    + 2005-02-02 17:14:24 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPCo2.dll
    + 2005-02-02 17:02:10 41,065 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPCOM.dll
    + 2007-09-15 07:23:16 942,080 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPCpl.dll
    + 2007-09-15 07:27:20 1,015,808 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPEnh.exe
    + 2005-02-02 17:12:14 69,724 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPFcs.dll
    + 2005-02-02 17:12:22 102,492 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynTPLpr.exe
    + 2005-02-02 16:58:02 163,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SynZMetr.exe
    + 2005-02-02 17:12:42 212,992 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\Tutorial.exe
    - 2004-11-04 02:28:50 77,917 ----a-w C:\WINDOWS\system32\SynCOM.dll
    + 2005-02-02 17:01:14 82,015 ----a-w C:\WINDOWS\system32\SynCOM.dll
    - 2004-11-04 02:29:04 114,688 ----a-w C:\WINDOWS\system32\SynCtrl.dll
    + 2005-02-02 17:01:30 114,688 ----a-w C:\WINDOWS\system32\SynCtrl.dll
    - 2004-11-04 02:29:28 90,202 ----a-w C:\WINDOWS\system32\SynTPAPI.dll
    + 2005-02-02 17:01:54 90,204 ----a-w C:\WINDOWS\system32\SynTPAPI.dll
    - 2004-11-04 02:42:16 81,920 ----a-w C:\WINDOWS\system32\SynTPCo2.dll
    + 2005-02-02 17:14:24 81,920 ----a-w C:\WINDOWS\system32\SynTPCo2.dll
    + 2007-09-15 07:50:26 110,592 ----a-w C:\WINDOWS\system32\SynTPCo4.dll
    - 2004-11-04 02:39:58 69,722 ----a-w C:\WINDOWS\system32\SynTPFcs.dll
    + 2005-02-02 17:12:14 69,724 ----a-w C:\WINDOWS\system32\SynTPFcs.dll
    - 2007-12-31 05:59:52 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    + 2008-01-05 16:42:12 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    - 2007-12-31 06:00:45 197,404 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
    + 2008-01-05 16:44:25 216,752 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
    - 2007-12-30 21:42:54 7,398,382 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
    + 2008-01-04 00:53:03 7,433,042 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 12:12 102492]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 12:11 692316]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Newsflash.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Newsflash.lnk
    backup=C:\WINDOWS\pss\Newsflash.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk
    backup=C:\WINDOWS\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PayPal Plug-In for Outlook Express.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PayPal Plug-In for Outlook Express.lnk
    backup=C:\WINDOWS\pss\PayPal Plug-In for Outlook Express.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk
    backup=C:\WINDOWS\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-12-21 23:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2007-10-11 04:56 249896 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    --a------ 2004-11-05 15:52 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    --a------ 2004-12-03 15:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    --a------ 2004-12-08 19:23 790528 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    --a------ 2004-08-04 07:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-04 07:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
    --a------ 2005-07-04 09:50 643072 C:\Program Files\PureEdge\Viewer 6.5\masqform.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-04 07:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-04 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-04 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
    --a------ 2004-11-11 20:50 212992 C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-02-18 15:48 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDI]
    --a------ 2005-08-05 12:18 344064 C:\Program Files\Toleron\RDI\DIServer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-08-20 01:57 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    --a------ 2005-08-19 19:41 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2005-02-02 12:11 692316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2005-02-02 12:12 102492 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracker]
    --a------ 2004-10-27 12:02 118784 C:\Program Files\MySoftware\MyInvoices\tracker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2003-08-19 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    --a------ 2004-12-08 20:44 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    --a------ 2006-01-06 09:57 1343488 C:\Program Files\AWS\WeatherBug\Weather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    --a------ 2007-11-14 16:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2 (0x2)

    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-09 18:59]
    S3 MhzNet;Megaherz Lan/Modem PCMCIA Device Driver;C:\WINDOWS\system32\DRIVERS\xem336n5.sys []
    S3 WinPVT;WinPVT;C:\Program Files\HP\WinPVT\WinPVT.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-05 16:57:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-05 11:57:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-05 11:59:03
    ComboFix2.txt 2007-12-31 06:21:47
    ComboFix3.txt 2007-12-08 00:25:38
    ComboFix4.txt 2007-12-05 13:27:16
    .
    2007-12-16 18:43:55 --- E O F ---

  7. #7
    Member
    Join Date
    Dec 2007
    Posts
    23
    Points
    0

    Default

    Hijackthis log:





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:13, on 1/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\Program Files\SSC\NSCTOP.EXE
    C:\Program Files\Symantec\Quarantine\Server\qserver.exe
    C:\Program Files\Symantec\Quarantine\Server\ScanExplicit.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Symantec\Quarantine\Server\IcePack.exe
    C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    C:\WINDOWS\system32\ams_ii\iao.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ellis Christian\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/mini...ansporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activ...areScanner.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.johannrain-softwareentwic...an8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - file://D:\mathplayer\deltacvx.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...60/mcfscan.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: Symantec Quarantine Agent (IcePack) - IBM Corp. - C:\Program Files\Symantec\Quarantine\Server\IcePack.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
    O23 - Service: Symantec Central Quarantine (qserver) - Symantec Corporation - C:\Program Files\Symantec\Quarantine\Server\qserver.exe
    O23 - Service: Symantec Quarantine Scanner (ScanExplicit) - IBM Corp. - C:\Program Files\Symantec\Quarantine\Server\ScanExplicit.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8984 bytes

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    I see No malware in ANY of your logs ...

    latley that technique is not working and it works when it feels like working.
    Sounds like a loose connection/wire somewhere ...

    .....then start to go crazy. If I touch the pad to go move the mouse it would automatically right and left click and go crazy
    This is what happens when you have a loose connection or broken wire in a mouse lead ... on a laptop, that would be something similar internally ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Dec 2007
    Posts
    23
    Points
    0

    Default

    Thank you for your help, I took it in to the techs so they can fix it. Thanks Again.

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Please let us know what they find, we are always interested in knowing what the problem turned out to be ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -