Solved

Caps reversed

Posted on 2009-05-19
19
616 Views
Last Modified: 2013-12-06
I think I have a virus or spyware but can't find any info on how to get rid of it. My caps lock will reverse at random times and stay that way until my computer is restarted. My mouse also highlights everything when I try to select an item. I have switched keyboards and the mouse but the problem still persists.  How do I get rid of this?
0
Comment
Question by:jcm26003
19 Comments
 
LVL 4

Expert Comment

by:BrianHeck
ID: 24424475
Could it be related to sticky-keys?  You could try disabling all the special functions for type-aiding.  Press the shift key 5 times in repetition and then click the Settings button.  Uncheck all the boxes and maybe drill down to make sure sub-level boxes are also cleared.
0
 

Author Comment

by:jcm26003
ID: 24424552
Already tried that. Nothing will disable the sticky-keys.
0
 

Author Comment

by:jcm26003
ID: 24424668
Here is a link to someone else's description of the same problem. It's identical to what's happening on mine.

http://forums.techguy.org/general-security/793177-reverse-caps-lock-clicking-links.html
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24424778
Could you please tell us what antivirus and antispyware solutions do you use on your PC? Do you use Spybot with TeaTimer enabled??
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24424817
Also, do you have any Windows Customization software installed?? with addins for MS Office?
0
 

Author Comment

by:jcm26003
ID: 24424847
No customized software or addins.  I use AVG anti-virus and Spyware Terminator.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24424909
Can you scan with SuperAntiSpyware (www.superantispyware.com) and let us know what you find on your PC?

0
 

Author Comment

by:jcm26003
ID: 24425127
Scanning now. I'll let you know.
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24425338
What happens if you go into Safe Mode? Same results?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:jcm26003
ID: 24432417
I quarantined/removed 247 threats using "superantispyware." For the time being everything is working fine. I don't know though if it's because of the reboot or if I actually got rid of it. I'll keep you posted.  If it happens again I'll start up in safe mode and see if it has the same problem.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24432579
Thats good! Keep us posted.
0
 

Author Comment

by:jcm26003
ID: 24436336
I AM NOW BACK TO ALL CAPS> I WAS ON MY COMPUTER ALL DAY> IT TOOK ABOUT SIX OR SEVEN HOURS AND NOW IT"S BACK AT IT> GRRRR>  NOW WHAT?
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24440115
I see.... I suggest that you download ComboFix from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix and save it with a different name like jabba.exe, then disable your existing antivirus and anti-spyware programs and run it. After ComboFix creates a log, then send us that log, reenable your antivirus and anti-spyware protection and run a full SuperAntiSpyware scan again.
0
 

Author Comment

by:jcm26003
ID: 24445126
Here's the ComboFix log.

ComboFix 09-05-20.A1 - John ****** 05/21/2009 15:04.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.266 [GMT -4:00]
Running from: c:\documents and settings\John ******\Desktop\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\docume~1\JOHN**~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\JOHN**~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\SalesMonitor
c:\documents and settings\All Users\Application Data\WinAntiSpyware 2007
c:\documents and settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
c:\documents and settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
c:\program files\Insider
c:\program files\Words
c:\program files\Words\list.txt
c:\program files\Words\script.txt
c:\temp\fse
c:\temp\sanR24
c:\windows\cookies.ini
c:\windows\IE4 Error Log.txt
c:\windows\system32\axyxtnlk.ini
c:\windows\system32\bqphgbwi.ini
c:\windows\system32\cccdd.ini
c:\windows\system32\cccdd.ini2
c:\windows\system32\dccdd.bak1
c:\windows\system32\dccdd.bak2
c:\windows\system32\dccdd.ini
c:\windows\system32\dccdd.ini2
c:\windows\system32\dccdd.tmp
c:\windows\system32\ddeeg.bak1
c:\windows\system32\ddeeg.bak2
c:\windows\system32\ddeeg.ini
c:\windows\system32\dgyhxdex.ini
c:\windows\system32\f10WtR
c:\windows\system32\guehfdfw.ini
c:\windows\system32\iDlo01
c:\windows\system32\idqdqwcw.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\pac.txt
c:\windows\system32\qxkxgdfs.ini
c:\windows\system32\tmp.reg
c:\windows\system32\tstwa.bak2
c:\windows\system32\tstwa.ini2
c:\windows\system32\tstwa.tmp
c:\windows\system32\uepunsbr.ini
c:\windows\system32\Ultra.dll
c:\windows\system32\vtddpqqg.ini
c:\windows\system32\vvvwa.ini
c:\windows\system32\wknngotu.ini
c:\windows\system32\xskhafwd.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_FOPN


(((((((((((((((((((((((((   Files Created from 2009-04-21 to 2009-05-21  )))))))))))))))))))))))))))))))
.

2009-05-19 18:36 . 2009-05-19 18:36      --------      d-----w      c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-19 18:34 . 2009-05-19 18:35      --------      d-----w      c:\program files\SUPERAntiSpyware
2009-05-19 18:34 . 2009-05-19 18:34      --------      d-----w      c:\documents and settings\John ******\Application Data\SUPERAntiSpyware.com
2009-05-19 18:34 . 2009-05-19 18:34      --------      d-----w      c:\program files\Common Files\Wise Installation Wizard
2009-05-14 13:30 . 2009-05-14 13:31      --------      d-----w      c:\program files\WinClamAVShield
2009-05-14 12:33 . 2009-05-14 12:33      --------      d-----w      c:\program files\Crawler
2009-05-13 15:32 . 2009-05-13 15:32      --------      d-----w      c:\documents and settings\NetworkService\Local Settings\Application Data\Softonic_English
2009-05-12 20:08 . 2009-05-20 19:10      --------      d-----w      c:\documents and settings\John ******\.gimp-2.6
2009-05-12 20:06 . 2009-05-12 20:08      --------      d-----w      c:\documents and settings\John ******\.gegl-0.0
2009-05-12 20:06 . 2009-05-12 20:06      --------      d-----w      c:\documents and settings\John ******\Local Settings\Application Data\Conduit
2009-05-12 20:06 . 2009-05-12 20:06      --------      d-----w      c:\program files\Conduit
2009-05-12 20:06 . 2009-05-12 20:08      --------      d-----w      c:\documents and settings\John ******\Local Settings\Application Data\Softonic_English
2009-05-12 20:06 . 2009-05-12 20:06      --------      d-----w      c:\program files\Softonic_English
2009-05-12 20:01 . 2009-05-12 20:02      --------      d-----w      c:\program files\GIMP-2.0
2009-04-28 16:05 . 2009-04-28 16:05      286720      ----a-w      c:\windows\system32\swb_uninst.exe
2009-04-28 16:05 . 2009-04-28 16:05      --------      d-----w      c:\program files\Instant Pre-Marital Inventory
2009-04-28 14:35 . 2009-04-28 19:43      --------      d-----w      c:\documents and settings\All Users\Application Data\Yahoo! Companion

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 18:47 . 2005-08-07 04:01      --------      d--h--w      c:\program files\InstallShield Installation Information
2009-05-21 13:45 . 2007-11-07 19:04      --------      d-----w      c:\program files\Spyware Terminator
2009-05-19 17:07 . 2009-03-26 13:46      11952      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-19 17:07 . 2009-03-26 13:46      325896      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-19 17:05 . 2009-03-26 13:46      108552      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-14 12:24 . 2005-08-07 03:59      --------      d-----w      c:\program files\Java
2009-05-14 12:17 . 2006-11-03 22:48      --------      d-----w      c:\program files\PCBugDoctor
2009-05-06 18:43 . 2005-08-30 18:15      114176      ----a-w      c:\documents and settings\John ******\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 14:35 . 2005-08-17 16:43      --------      d-----w      c:\program files\Yahoo!
2009-04-02 15:10 . 2006-06-18 19:21      --------      d-----w      c:\program files\iTunes
2009-04-02 15:10 . 2005-09-21 15:26      --------      d-----w      c:\program files\Google
2009-04-02 14:04 . 2009-04-02 14:04      --------      d-----w      c:\program files\iPod
2009-04-02 13:48 . 2005-08-07 04:12      --------      d-----w      c:\program files\QuickTime
2009-04-02 13:40 . 2009-04-02 13:39      --------      d-----w      c:\program files\Apple Software Update
2009-04-02 13:38 . 2009-04-02 13:38      --------      d-----w      c:\program files\Common Files\Apple
2009-03-26 13:45 . 2009-03-26 13:45      --------      d-----w      c:\program files\AVG
2009-03-09 09:19 . 2008-12-10 20:46      410984      ----a-w      c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 17:51      284160      ----a-w      c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 17:51      826368      ----a-w      c:\windows\system32\wininet.dll
2007-11-14 21:29 . 2007-11-14 21:28      6872      --sha-w      c:\windows\system32\yybeg.tmp
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-03-10 15:47      2079256      ----a-w      c:\program files\Softonic_English\tbSoft.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-21 180269]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-07 2834432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05      356352      ----a-w      c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 17:07      11952      ----a-w      c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Help & Support.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Support Service.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141843405\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141843405\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 09:46 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 09:46 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 02:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 02:22 PM 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/14/2007 09:40 PM 138752]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 09:45 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/2/2007 04:12 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 02:22 PM 7408]
S3 VQ630;VQ630 Dual Mode Digital Camera;c:\windows\system32\drivers\vqppcam.sys [7/15/2002 10:20 AM 468384]
S3 VQ630BLK;VQ630 Dual Mode Digital Camera(Bulk);c:\windows\system32\drivers\vqbulk.sys [11/29/2001 08:11 AM 28536]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 06:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 13:45]

2009-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{53b2c80b-1f9b-4348-81ce-ff6cf5f2ace1} - (no file)
BHO-{59AA5B93-4140-4081-B1EC-8B0E58EA90AC} - (no file)
BHO-{6C1C4556-E2C4-4F2D-9979-F8118AA09375} - (no file)
BHO-{7FE56D3C-1F30-4978-996F-0A6E81648996} - (no file)
BHO-{ADCF7E27-F13D-45FA-B867-E0609B51EC58} - (no file)
BHO-{C28A3379-3901-4DA0-8406-4FF9B9F57F75} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-ddccyww - ddccyww.dll
Notify-xxyvsts - xxyvsts.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.christ4today.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - hxxps://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2468)
c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\SBHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-21 15:20 - machine was rebooted
ComboFix-quarantined-files.txt  2009-05-21 19:20

Pre-Run: 854,228,992 bytes free
Post-Run: 1,967,407,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

263      --- E O F ---      2009-05-13 07:22
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24446039
Thanks for sending the log. Its best to do a SuperAntiSpyware scan now, I will analyse the ComboFix log in the meanwhile.
0
 
LVL 16

Accepted Solution

by:
warturtle earned 500 total points
ID: 24446150
Hmm.. analysis is complete for ComboFix log. You had a rogue computer security program (its a malware actually that calls itself anti-spyware program) called WinAntiSpyware 2007. This was installed on your PC along with some other malware, which ComboFix got rid of. More information about this is here:

http://www.spywareremove.com/removeWinAntiSpyware2007.html


The only strange entry still left in the ComboFix log that is evident is: c:\windows\system32\yybeg.tmp

Can you upload it on www.virustotal.com for a virus check or scan the c:\windows\system32 folder with AVG to make sure that its not a malicious file? Make sure to update AVG to have the latest definitions.
0
 

Author Closing Comment

by:jcm26003
ID: 31583133
This seemed to do the trick. I left my computer running for several days while out of town.  So far so good.  I'll be back if there is any more trouble.
0
 

Author Comment

by:jcm26003
ID: 24484637
Oh. And thank you!
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24484944
Thanks for the feedback, glad I could be of help :).

You can uninstall ComboFix as follows >

Start > Run > then type "ComboFix /u" (with no quotes, and space between x and / )
Then hit enter.  This will uninstall ComboFix, reset your clock settings, re-hide system hidden files, re-hide the file extensions and reset System Restore.

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now