Mouse and keyboard disabled

View previous topic View next topic Go down

Mouse and keyboard disabled

Post by brussman on Tue May 25, 2010 12:48 pm

I ran a MAlware removal program that required restarting the computer when it was done. My PC boots up to the login screen but the mouse and keyboard do not work so I cannot log in. When I try to start is safe mode the keyboard works to arrow up and down to choose a boot up opotion but again when I get to the log in screen, no keyboasrd and mouse. I have tryed bboting in safe mode with networking and command prompt with the same results. help please!

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Tue May 25, 2010 7:02 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Wed May 26, 2010 2:38 pm

I don't think I can use this software because I can't login. I get stuck at the login screen - no mouse or keyboard

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Wed May 26, 2010 3:08 pm

Please do this:

First
[You must be registered and logged in to see this link.] this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. [You must be registered and logged in to see this link.]

Second
  • Download [You must be registered and logged in to see this link.] and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

scan results

Post by brussman on Tue Jun 01, 2010 11:08 am

OTL logfile created on: 5/28/2010 11:18:35 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 786.00 Mb Available Physical Memory | 77.00% Memory free
905.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (aswUpdSv)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/26 01:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/03/17 19:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (3aa3f37e-0bb0-434b-b9c7-21ba6aed8806)
DRV - [2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/17 12:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 12:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/02/23 11:59:59 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/02/23 11:59:59 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/08/28 04:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/05 16:08:28 | 000,241,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/06/07 17:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/24 12:59:30 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/04/24 12:57:20 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/21 11:19:44 | 000,040,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/12/06 14:26:06 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/04/24 18:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1997/06/17 06:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System] -- C:\WINDOWS\system32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\brussman_ON_C\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKU\brussman_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\brussman_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Nancy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Nancy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Nancy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Nancy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 06:00:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 21:48:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Documents and Settings\brussman\My Documents\components [2008/02/18 17:56:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Documents and Settings\brussman\My Documents\plugins [2010/03/27 09:00:02 | 000,000,000 | ---D | M]

[2010/05/22 16:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/31 20:07:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/16 21:48:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 21:48:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/28 10:14:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2009/08/18 23:49:04 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\brussman_ON_C\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\brussman_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\brussman_ON_C\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKU\brussman_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Nancy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKU\administrator.MIDWEST_NT_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\brussman_ON_C..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\brussman_ON_C..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\brussman_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\brussman_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\Nancy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Patrick_Vanderlind_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.MIDWEST_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\brussman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\brussman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nancy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Patrick_Vanderlind_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.142.225.3 167.142.225.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mwestmp.com
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 16:10:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 21:59:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/24 00:00:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\brussman\Recent
[2010/05/08 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/04/30 21:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker

========== Files - Modified Within 30 Days ==========

[2010/05/28 23:09:31 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/28 23:09:31 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/28 23:09:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 23:09:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 22:04:05 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/28 18:46:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{52669972-7D23-4EA9-AF45-0BD0FDE4D58C}.job
[2010/05/27 23:21:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 06:46:57 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\brussman\NTUSER.DAT
[2010/05/24 06:46:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\brussman\ntuser.ini
[2010/05/24 06:46:52 | 022,427,724 | -H-- | M] () -- C:\Documents and Settings\brussman\Local Settings\Application Data\IconCache.db
[2010/05/24 06:13:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/24 03:14:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/05/24 00:07:41 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 16:49:40 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/23 16:49:40 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/22 16:40:53 | 000,072,174 | ---- | M] () -- C:\Documents and Settings\brussman\Desktop\[You must be registered and logged in to see this link.]
[2010/05/20 22:41:04 | 000,000,281 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2010/05/19 23:00:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/05/18 14:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 23:57:13 | 000,001,890 | -H-- | M] () -- C:\Documents and Settings\brussman\My Documents\Default.rdp
[2010/05/02 19:15:06 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7700#MY38S120N0K5.job
[2010/04/30 14:58:09 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\brussman\Desktop\Microsoft Office Outlook 2003.lnk
[2010/04/29 16:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 16:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/23 16:49:40 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/23 16:49:40 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/22 16:40:53 | 000,072,174 | ---- | C] () -- C:\Documents and Settings\brussman\Desktop\[You must be registered and logged in to see this link.]
[2010/04/14 23:00:58 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
[2010/04/02 10:39:26 | 001,314,816 | ---- | C] () -- C:\WINDOWS\System32\RdLMh-c3Q.dll
[2010/03/21 03:30:44 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\NTUSER.DAT.LOG
[2010/03/21 03:30:43 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/03/21 03:30:43 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Nancy\NTUSER.DAT.LOG
[2010/03/21 03:30:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Patrick Vanderlind\NTUSER.DAT.LOG
[2010/02/21 15:14:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.brussman.ini
[2009/05/21 13:39:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\fusioncache.dat
[2009/05/21 13:39:24 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\Nancy\NTUSER.DAT
[2009/05/21 13:39:24 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Nancy\ntuser.ini
[2008/01/16 13:34:58 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\brussman\Application Data\Install.log
[2008/01/16 13:34:51 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\brussman\Application Data\Uninstall.exe
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/21 22:34:02 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/15 22:22:29 | 000,000,057 | ---- | C] () -- C:\WINDOWS\NWDECDU.INI
[2007/04/15 22:22:08 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2007/02/26 20:45:03 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2007/02/23 11:59:59 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/02/23 11:59:59 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/02/04 01:09:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.tif
[2007/02/04 01:09:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.dat
[2007/02/02 20:55:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/02/02 20:55:23 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2007/02/02 20:55:22 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007/02/02 20:55:22 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007/01/22 00:01:41 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\brussman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/12 16:23:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/12 16:08:11 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\brussman\Local Settings\Application Data\fusioncache.dat
[2007/01/12 16:08:10 | 011,010,048 | -H-- | C] () -- C:\Documents and Settings\brussman\NTUSER.DAT
[2007/01/12 16:08:10 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\brussman\ntuser.dat.LOG
[2007/01/12 16:08:10 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\brussman\ntuser.ini
[2007/01/12 16:06:09 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\Local Settings\Application Data\fusioncache.dat
[2007/01/12 16:06:08 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\NTUSER.DAT
[2007/01/12 16:06:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\ntuser.ini
[2007/01/12 15:55:03 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Patrick Vanderlind\Local Settings\Application Data\fusioncache.dat
[2007/01/12 15:55:02 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Patrick Vanderlind\NTUSER.DAT
[2007/01/12 15:55:02 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Patrick Vanderlind\ntuser.ini
[2006/12/22 09:12:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/22 09:12:22 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/12/22 09:10:13 | 000,131,058 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2006/12/22 08:53:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2006/12/22 08:50:30 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 01:20:24 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/08/12 01:20:15 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/08/12 01:20:15 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:20:25 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/08/11 19:20:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/08/11 19:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/11 19:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/08/11 19:20:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/25 13:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\alot
[2008/01/16 13:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Backup
[2010/03/03 00:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Facebook
[2010/04/30 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Full Tilt Poker.Net
[2010/03/20 22:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\IObit
[2008/02/18 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Netscape
[2007/08/11 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Reno 911 Paintball
[2009/01/24 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Simple Star
[2009/06/14 19:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Snapfish
[2009/10/11 17:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\VTExtra
[2008/07/18 19:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\W Photo Studio Viewer
[2009/06/18 21:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\IObit
[2010/05/19 23:00:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/05/28 18:46:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{52669972-7D23-4EA9-AF45-0BD0FDE4D58C}.job

========== Purity Check ==========


< End of report >

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Tue Jun 01, 2010 5:43 pm

Please open OTLPE -- Click None and paste this in the Custom Scans box:
Code:
/md5start
userinit.exe
atapi.sys
iastor.sys
netlogon.dll
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Report

Post by brussman on Wed Jun 02, 2010 11:24 am

OTL logfile created on: 6/2/2010 12:12:01 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 786.00 Mb Available Physical Memory | 77.00% Memory free
905.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.14% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 04:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 23:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 23:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2006/08/27 23:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< End of report >

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Thu Jun 03, 2010 4:28 am

Did the mouse and keyboard work in OTLPE?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

yes

Post by brussman on Thu Jun 03, 2010 11:23 am

yes - they have since the first time I booted off the disc you had me burn

Thanks
Bob

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Thu Jun 03, 2010 5:13 pm

Oh I see.

So, this would have to do with Windows drivers being slightly corrupted.

Will you please tell me the maker of the keyboard and mouse.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Dell

Post by brussman on Fri Jun 04, 2010 11:20 am

Dell Keyboard Model: SK-8115
Dell Mouse M/N: MOA78BO







good luck

Bob R

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Fri Jun 04, 2010 10:02 pm

Do you have the Dell driver's disc?

Those drivers are automatically known Windows drivers, so it may not need Dell drivers.


If not, then do you have the Windows XP disc?

I am just trying to get all the information straight, so I know if it is safe to do a couple of repairs. I don't want to do the repairs, if we do not have a safe way out. Right On!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Sat Jun 05, 2010 3:50 pm

I have a CD "Operating System" note says "Already installed on your computer"
Reinstallation CD
Windows XP professional, service pack 2
Note on CD This CD is not for reinstallation of programs or drivers



I also have a Dell Dimension resource CD pn 0628D Rev A01

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Sat Jun 05, 2010 5:43 pm

OK good.

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    c:\windows\system32\config|c:\windows\repair\system /replace

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Tue Jun 08, 2010 11:59 am

I copied thetext as instructed - when I clicked FIX it went immediately to the reboot? window and stayed there - waited 15 min, nothing - clicked yes on reboot? window, nothing. Rebooted computer off disc - repeated process, said no to reboot? and got the report below

========== FILES ==========
File c:windowsrepairsystem not found.
========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 06082010_033807

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Tue Jun 08, 2010 6:08 pm

Please open OTLPE -- Click None and paste this in the Custom Scans box:
Code:
/md5start
mouse.drv
keyboard.drv
keyboard.sys
keyboard.inf
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Thu Jun 10, 2010 12:03 pm

OTL logfile created on: 6/10/2010 12:26:45 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 75.00% Memory free
905.00 Mb Paging File | 824.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.63% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========


< Code: >


< MD5 for: KEYBOARD.DRV >
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\i386\KEYBOARD.DRV
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\WINDOWS\system\KEYBOARD.DRV
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\WINDOWS\system32\dllcache\keyboard.drv
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\WINDOWS\system32\keyboard.drv

< MD5 for: KEYBOARD.INF >
[2008/04/13 12:29:43 | 000,043,203 | ---- | M] () MD5=7BBDE91DF15EA16103A3EF5C00A1FB77 -- C:\WINDOWS\inf\keyboard.inf
[2008/04/13 12:29:43 | 000,043,203 | ---- | M] () MD5=7BBDE91DF15EA16103A3EF5C00A1FB77 -- C:\WINDOWS\ServicePackFiles\i386\keyboard.inf
[2004/08/04 07:00:00 | 000,031,254 | ---- | M] () MD5=FFEEE39C5A83FA52064BD758B897B7F7 -- C:\i386\keyboard.inf
[2004/08/04 07:00:00 | 000,031,254 | ---- | M] () MD5=FFEEE39C5A83FA52064BD758B897B7F7 -- C:\WINDOWS\$NtServicePackUninstall$\keyboard.inf

< MD5 for: KEYBOARD.SYS >
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\i386\keyboard.sys
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\ServicePackFiles\i386\keyboard.sys
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\system32\dllcache\keyboard.sys
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\system32\keyboard.sys

< MD5 for: MOUSE.DRV >
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\i386\MOUSE.DRV
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\WINDOWS\system\MOUSE.DRV
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\WINDOWS\system32\dllcache\mouse.drv
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\WINDOWS\system32\mouse.drv
< End of report >

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Fri Jun 11, 2010 12:37 am

Please open OTLPE -- Click None and paste this in the Custom Scans box:
Code:
/md5start
kbdhid.sys
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Fri Jun 11, 2010 2:27 am

OTL logfile created on: 6/11/2010 5:23:58 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 736.00 Mb Available Physical Memory | 72.00% Memory free
905.00 Mb Paging File | 813.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========


< /mdstart >
Invalid Switch: mdstart

< kbdhid.sys >

< /md5stop >
Invalid Switch: md5stop


< End of report >

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Fri Jun 11, 2010 3:02 am

Try one more time. You did not get the 5 in there correctly on one of the switches.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Fri Jun 11, 2010 3:48 am

OTL logfile created on: 6/11/2010 6:40:14 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 730.00 Mb Available Physical Memory | 71.00% Memory free
905.00 Mb Paging File | 806.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========



< MD5 for: KBDHID.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:kbdhid.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdhid.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdhid.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdhid.sys
[2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=9EF487A186DEA361AA06913A75B3FA99 -- C:\WINDOWS\ServicePackFiles\i386\kbdhid.sys
[2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=9EF487A186DEA361AA06913A75B3FA99 -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2004/08/04 00:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=E182FA8E49E8EE41B4ADC53093F3C7E6 -- C:\i386\kbdhid.sys
[2004/08/04 00:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=E182FA8E49E8EE41B4ADC53093F3C7E6 -- C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys
< End of report >

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Fri Jun 11, 2010 4:17 am

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    C:\WINDOWS\system32\drivers\kbdhid.sys|C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys /replace

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Fri Jun 11, 2010 4:43 am

When you say "..allow it to reboot, " should it reboot on its own or do I click yes

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Fri Jun 11, 2010 4:52 am

========== FILES ==========
File C:\WINDOWS\system32\drivers\kbdhid.sys successfully replaced with C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys
========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 06112010_074705

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Fri Jun 11, 2010 4:55 am

Good.

Now, boot normally and see if the keyboard works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Fri Jun 11, 2010 5:04 am

no - same results as previous try


when I clicked FIX it went immediately to the reboot? window and stayed there - waited 15 min, nothing - clicked yes on reboot? window, nothing. Rebooted computer off disc - repeated process, said no to reboot? and got the report below

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Sat Jun 12, 2010 3:48 am

We will need to replace it from the Recovery Console then.

Please boot in to your Windows CD, use the R option for the Recovery Console.

Log on to the current installation.

Let me know when you have gotten this far.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Sat Jun 12, 2010 3:55 pm

I got to "Please a screen which asks "Which Windows installation would you like to log onto" and " Please select a valid installation number" (I am at the Recovery Console.

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Sat Jun 12, 2010 7:35 pm

Choose option 1.

You should see a C:\ type of prompt.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Sun Jun 13, 2010 1:47 am

thanks for your help - I need the administrator password to continue - the IT at my work used his password for the entire network at my company to set up my pc and is unable to give it to me (the company bought this PC for me so i can work from home - is ther any way around this?

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Sun Jun 13, 2010 6:49 pm

Ok. We are going to fix that in OTLPE, then you should be able to run the Recovery Console without a password.

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
    "SecurityLevel"=dword:00000001


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Sun Jun 13, 2010 7:37 pm

great - I am at the C:\windows prompt in the recovery consol

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Mon Jun 14, 2010 6:15 am

Please type in the following command.

copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys

Once this is completed successfully, remove the CD from the computer and reboot.

See if your keyboard works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Tue Jun 15, 2010 11:25 am

I keyed in "copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys" and hit enter and I got:

Access is denied.

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Tue Jun 15, 2010 6:40 pm

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys and press "Enter".

Type exit and press "Enter".

See if this works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Thu Jun 17, 2010 11:17 am

Same - Access is denied after copy command

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Thu Jun 17, 2010 6:03 pm

Alright. Seems the rootkit has blocked that file from being replaced. Let's take ownership of the file, then try again. Similar process.

Type attrib -s -r c:\windows\system32\drivers\kbdhid.sys and press "Enter".

Type copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys and press "Enter".

Type exit and press "Enter".

See if this works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Fri Jun 18, 2010 2:11 pm

attrib -s -r c:\windows\system32\drivers\kbdhid.sys and press "Enter". When I ran this it didn't work " unrecognized command". I then tried attrib -s-r c:\windows\system32\drivers\kbdhid.sys (no space between -s and -r) and it worked.
Still get Access denied after copy command. What do you think?

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Fri Jun 18, 2010 5:21 pm

Would you be up for an in-place upgrade of Windows, a data-safe way to place a new install of Windows in to the old one's place?

In this case, Windows would be reinstalled, and hopefully restore all functionality to hardware.

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by brussman on Mon Jun 21, 2010 9:49 pm

Hi I'm back! Thank you for all your help. I got impatient and formated my hard drive and reinstalled windows. I have a Seagate backup so its cool. What are my best options to avoid the repeat of this virus? Can you recommend what software to get? What about good firewall?

brussman
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-06-19
OS : XP

View user profile

Back to top Go down

Re: Mouse and keyboard disabled

Post by Dr Jay on Mon Jun 21, 2010 10:42 pm

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum