Virus causing keyboard not to work

View previous topic View next topic Go down

Virus causing keyboard not to work

Post by cailinaingeal on Sun Dec 04, 2011 1:05 am

Hello, some how we have gotten a virus on our other computer, and I am writing this on a different computer. I tried running Malwarebytes' Anti-Malware software a few time but the computer would hard shut down every time. I decided to run Combo-fix. It found a virus that starts with an R (sorry I didn't write down the name) and say it was difficult to remove because it attacks the tpc/ip files. After a moment of running the fix the computer shut down again. I ran Combo-fix again and it deleted several infected files including three roaming files. Since then none of the keys on the computer are working, every thing else seems to be working fine.

Thanks for your help.


cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Sun Dec 04, 2011 1:07 am

OTL logfile created on: 12/3/2011 2:44:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.19 Mb Total Physical Memory | 291.77 Mb Available Physical Memory | 38.08% Memory free
1.75 Gb Paging File | 0.96 Gb Available in Paging File | 54.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 15.35 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 55.10 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.68 Gb Free Space | 98.87% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/03 14:43:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.com
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/28 10:57:54 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008/02/28 10:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2007/07/03 12:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/28 20:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/13 18:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/06/13 13:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/05/18 02:24:18 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/25 18:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/23 11:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/01/26 16:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/11/17 21:14:34 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/08/15 09:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2007/07/03 12:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/28 20:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 18:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 13:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/04/25 18:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 11:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/01/26 16:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006/11/24 14:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/17 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/12/03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 00:49:18 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2007/11/18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/17 12:58:16 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/27 13:25:12 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/08/27 13:25:12 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/13 21:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/16 20:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/16 19:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/16 07:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/07 20:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/07 20:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 18:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {392d065e-4679-4d12-8342-2a2d505fd309} - C:\Program Files\Quizulous2\prxtbQui0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {392d065e-4679-4d12-8342-2a2d505fd309} - C:\Program Files\Quizulous2\prxtbQui0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Cloud Reader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: Thor Theme = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjkopjbmfimijpgcebkefnbhgpemgfd\1.0_0\

O1 HOSTS File: ([2011/12/03 13:50:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Quizulous2 Toolbar) - {392d065e-4679-4d12-8342-2a2d505fd309} - C:\Program Files\Quizulous2\prxtbQui0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Quizulous2 Toolbar) - {392d065e-4679-4d12-8342-2a2d505fd309} - C:\Program Files\Quizulous2\prxtbQui0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Quizulous2 Toolbar) - {392D065E-4679-4D12-8342-2A2D505FD309} - C:\Program Files\Quizulous2\prxtbQui0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} [You must be registered and logged in to see this link.] (AtlAtomadersCtlAttrib Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} [You must be registered and logged in to see this link.] (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} [You must be registered and logged in to see this link.] (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06BF1744-9144-48C7-8B25-1013D9CC2663}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13CDFF80-1126-4C42-BFDA-CF21C68B1754}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Acer Assist Launcher - hkey= - key= - C:\Program Files\Acer Assist\launcher.exe ()
MsConfig - StartUpReg: Acer Product Registration - hkey= - key= - C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: lxddamon - hkey= - key= - C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
MsConfig - StartUpReg: lxddmon.exe - hkey= - key= - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PLFSet - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\iyvu9_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 13:56:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/03 13:56:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/12/03 13:33:06 | 000,000,000 | ---D | C] -- C:\Combo-Fix3811C
[2011/12/03 12:45:22 | 000,000,000 | ---D | C] -- C:\Cache
[2011/12/03 12:44:54 | 000,000,000 | ---D | C] -- C:\w
[2011/12/03 12:44:52 | 000,000,000 | ---D | C] -- C:\skins
[2011/12/03 12:44:52 | 000,000,000 | ---D | C] -- C:\att
[2011/12/03 12:44:50 | 000,000,000 | ---D | C] -- C:\e
[2011/12/03 10:17:47 | 000,000,000 | ---D | C] -- C:\Combo-Fix11347C
[2011/12/03 09:37:31 | 000,000,000 | ---D | C] -- C:\Combo-Fix9416C
[2011/12/03 09:01:41 | 000,000,000 | R--D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/03 08:50:18 | 004,326,308 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\Combo-Fix.exe
[2011/12/03 08:48:52 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/11/06 17:56:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010/07/19 10:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2010/07/19 10:47:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2010/07/19 10:47:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2010/07/19 10:47:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2010/07/19 10:47:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2010/07/19 10:47:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2010/07/19 10:47:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2010/07/19 10:47:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2010/07/19 10:47:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2010/07/19 10:47:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2010/07/19 10:47:29 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2010/07/19 10:47:28 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2010/07/19 10:47:28 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2010/07/19 10:47:28 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2010/07/19 10:47:27 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/02/27 19:33:09 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2008/02/27 19:33:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2008/02/27 19:33:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2008/02/27 19:33:05 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2008/02/27 19:33:04 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2008/02/27 19:33:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2008/02/27 19:33:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2008/02/27 19:33:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2008/02/27 19:33:02 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2008/02/27 19:32:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2008/02/27 19:32:58 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2008/02/27 19:32:56 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2008/02/27 19:32:56 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2008/02/27 19:32:56 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2008/02/27 19:32:54 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[2007/08/25 11:53:14 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/08/25 11:38:37 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/08/25 11:38:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/07 13:27:37 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/08/07 12:07:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/03 14:17:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\o4D1E.com_.b
[2011/12/03 14:17:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/03 14:14:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 14:14:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 14:08:43 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 14:08:43 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/03 13:59:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2689532994-4069854329-2397085193-1000UA.job
[2011/12/03 13:50:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/03 13:28:46 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/03 13:28:05 | 000,042,095 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/03 13:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 12:45:00 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/12/03 12:45:00 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/12/03 12:45:00 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/12/03 12:45:00 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/12/03 12:45:00 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/12/03 12:44:59 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/12/03 12:44:59 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/12/03 12:44:59 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2011/12/03 12:44:58 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/12/03 12:44:57 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/12/03 12:44:57 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/12/03 12:44:57 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/12/03 12:44:56 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/12/03 12:44:56 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/12/03 12:44:56 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/12/03 12:44:55 | 000,000,284 | ---- | M] () -- C:\map_1.gif
[2011/12/03 12:44:55 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/12/03 12:44:55 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/12/03 12:44:55 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/12/03 12:44:52 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/12/03 12:42:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/03 11:17:57 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/03 11:02:45 | 000,042,095 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/03 11:01:05 | 804,155,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 10:17:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/03 09:34:03 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/12/03 09:25:44 | 184,010,730 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/03 09:18:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/03 08:50:42 | 004,326,308 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\Combo-Fix.exe
[2011/12/02 23:16:48 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/02 18:34:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\doeR23dF.exe.b
[2011/12/02 18:19:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/02 18:00:08 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2689532994-4069854329-2397085193-1000Core.job
[2011/12/02 17:17:31 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/02 16:16:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/02 16:16:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/02 16:16:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/02 16:16:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/02 16:16:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/02 16:16:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/02 16:16:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/02 15:39:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\o4D1E.com.b
[2011/12/02 15:34:02 | 000,000,112 | ---- | M] () -- C:\ProgramData\7lRL0ux1i.dat
[2011/12/02 15:32:49 | 000,116,224 | ---- | M] () -- C:\Windows\System32\o4D1E.com__
[2011/12/02 15:16:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/02 05:09:57 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/11/18 16:01:47 | 000,002,046 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/11/18 16:01:47 | 000,002,008 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/15 19:18:32 | 004,440,093 | ---- | M] () -- C:\Users\Owner\MBP5220F_F7_OM_EN_v2.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 14:17:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\o4D1E.com_.b
[2011/12/03 12:45:00 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/12/03 12:45:00 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/12/03 12:45:00 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/12/03 12:45:00 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/12/03 12:45:00 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/12/03 12:44:59 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/12/03 12:44:59 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/12/03 12:44:59 | 000,000,103 | ---- | C] () -- C:\del_1.gif
[2011/12/03 12:44:57 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/12/03 12:44:57 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/12/03 12:44:57 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/12/03 12:44:56 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/12/03 12:44:56 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/12/03 12:44:56 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/12/03 12:44:56 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/12/03 12:44:55 | 000,000,284 | ---- | C] () -- C:\map_1.gif
[2011/12/03 12:44:55 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/12/03 12:44:55 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/12/03 12:44:55 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/12/03 12:44:52 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/12/03 10:14:03 | 804,155,392 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/02 18:34:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\doeR23dF.exe.b
[2011/12/02 15:39:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\o4D1E.com.b
[2011/12/02 15:28:09 | 000,000,112 | ---- | C] () -- C:\ProgramData\7lRL0ux1i.dat
[2011/12/02 15:28:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/02 15:28:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/02 15:28:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/02 15:28:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/02 15:28:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/02 15:28:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/02 15:28:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/02 15:27:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/02 15:27:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/02 15:27:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/02 15:27:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/02 15:27:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/02 15:27:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/02 15:27:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/02 15:27:52 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/02 15:27:51 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/02 15:27:50 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/02 15:27:49 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/02 15:27:48 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/02 15:27:47 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/02 15:27:45 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/02 15:27:45 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/02 15:27:43 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/02 15:27:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/02 15:27:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\o4D1E.com__
[2011/11/15 19:18:29 | 004,440,093 | ---- | C] () -- C:\Users\Owner\MBP5220F_F7_OM_EN_v2.pdf
[2011/11/06 17:56:28 | 000,002,046 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/11/06 17:56:28 | 000,002,008 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/06 17:54:49 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2689532994-4069854329-2397085193-1000UA.job
[2011/11/06 17:54:40 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2689532994-4069854329-2397085193-1000Core.job
[2011/09/23 17:19:15 | 000,165,339 | ---- | C] () -- C:\Windows\Zac Browser - English Uninstaller.exe
[2011/07/01 20:19:43 | 000,000,208 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/05/14 07:27:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/14 07:27:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/14 07:27:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/14 07:27:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/14 07:27:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/13 20:46:08 | 000,010,914 | -HS- | C] () -- C:\Users\Owner\AppData\Local\l1mt4nci68jk2ni176
[2011/05/13 20:46:08 | 000,010,902 | -HS- | C] () -- C:\ProgramData\l1mt4nci68jk2ni176
[2010/07/19 10:53:00 | 000,000,249 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/07/19 10:47:32 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2010/07/19 10:47:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2010/02/20 04:51:29 | 000,753,794 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/01/31 03:03:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/31 02:14:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/31 02:14:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/06 12:41:05 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/05/01 09:39:27 | 000,042,095 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/01 09:39:27 | 000,042,095 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/13 19:17:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\PlugFile.dll
[2009/04/13 19:17:37 | 000,011,136 | ---- | C] () -- C:\Windows\System32\Fprun300.dll
[2009/04/13 19:17:36 | 000,038,688 | ---- | C] () -- C:\Windows\System32\Leaddib.drv
[2008/11/26 15:31:07 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/10/21 18:07:01 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys
[2008/09/13 19:02:28 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/07/27 11:58:52 | 000,000,537 | ---- | C] () -- C:\Windows\EReg077.dat
[2008/04/16 11:30:45 | 000,003,921 | ---- | C] () -- C:\ProgramData\lxdd
[2008/04/01 14:47:51 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/04/01 11:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/02/27 19:53:36 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2008/02/27 19:45:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/02/27 19:45:24 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/02/27 19:45:03 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/02/27 19:45:03 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/02/27 19:35:30 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2008/02/27 19:33:12 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2008/02/27 19:32:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2007/12/27 12:18:59 | 000,014,848 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/23 22:43:02 | 000,041,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2007/12/23 22:41:49 | 000,001,123 | ---- | C] () -- C:\Windows\eReg.dat
[2007/12/23 22:16:13 | 000,041,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2007/08/25 12:27:44 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007/08/25 12:27:43 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/08/25 11:53:14 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/08/07 14:39:42 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/07 13:41:17 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/07 13:41:17 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/07 13:40:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/07 13:27:34 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/07 12:38:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/07 12:35:20 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/08/07 12:26:50 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/08/07 12:07:14 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/04/25 18:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 18:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 18:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 18:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 18:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 18:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/02/07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/12/25 17:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 07:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,378,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2005/10/05 11:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/04/30 17:57:52 | 015,228,928 | ---- | M] () -- C:\Users\Owner\Desktop\AFL_Live.exe
[2011/12/03 08:50:42 | 004,326,308 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\Combo-Fix.exe
[2010/12/06 05:38:09 | 000,017,981 | ---- | M] () -- C:\Users\Owner\Desktop\mstsc.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/12/03 14:14:50 | 000,003,296 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 14:14:50 | 000,003,296 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >





cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Sun Dec 04, 2011 1:07 am

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/02/27 19:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2007/08/25 11:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Deluxe
[2007/12/15 05:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Assist
[2007/08/25 11:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\ACER Crystal Eye webcam
[2010/02/03 21:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone
[2010/12/06 08:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc
[2007/12/15 05:31:17 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Registration
[2009/06/06 12:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2010/06/20 12:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2011/07/04 18:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/08/25 11:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2011/09/03 12:33:58 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/05/15 16:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\Army Builder
[2011/10/26 16:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2011/10/21 16:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-HSI
[2011/10/22 07:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouth
[2011/10/22 18:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/09/05 03:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\CleanUp!
[2011/12/03 13:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/02/05 17:38:20 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/08/07 12:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/07/29 16:18:21 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2010/02/17 21:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/12/24 01:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2007/12/23 21:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2010/05/23 15:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2011/05/14 11:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/02/17 21:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\File Extension Finder
[2011/03/30 11:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2011/09/30 20:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Futuremark
[2008/02/10 21:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2011/05/31 18:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/06 21:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2009/04/04 23:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/06/06 12:19:40 | 000,000,000 | ---D | M] -- C:\Program Files\HeavyMetal
[2009/06/06 11:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\HeavyMetal Aero
[2008/04/01 15:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames
[2011/10/25 14:46:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/10/13 03:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/10/22 18:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/17 16:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Irrational Games
[2010/01/04 18:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/07/26 20:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Juno
[2007/08/25 11:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2008/02/27 19:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 2500 Series
[2008/02/27 19:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2008/02/27 19:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/07/19 10:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark X1100 Series
[2011/10/25 14:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2010/03/06 08:20:56 | 000,000,000 | ---D | M] -- C:\Program Files\Lx_cats
[2011/10/07 12:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 17:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall
[2011/06/10 07:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/30 17:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/13 03:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/02/10 21:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/02/10 21:09:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/02/15 11:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/28 02:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 06:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2008/02/10 21:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/12/15 17:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/06 10:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2007/08/07 13:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2009/10/14 18:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/02/03 21:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\NovaLogic
[2011/07/26 14:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2010/06/12 18:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2011/10/01 03:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2011/09/03 12:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/12/02 17:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quizulous2
[2009/04/13 19:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\Rand McNally
[2007/08/07 12:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/13 15:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2010/11/10 14:50:33 | 000,000,000 | ---D | M] -- C:\Program Files\Strategy First
[2008/07/31 13:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2007/08/25 11:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\SUYIN
[2008/04/01 11:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2008/07/03 10:39:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/03/20 21:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2010/01/30 14:42:01 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/02/11 06:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/02/11 06:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/02/11 06:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/02/11 06:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/11/08 22:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/06/15 21:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/02/11 06:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/02/12 04:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/02/11 06:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/07/01 20:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\WON
[2011/10/26 16:34:08 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2011/09/23 17:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Zac Browser


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/07 13:18:47 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007/08/07 13:18:47 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/20 05:57:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/20 05:57:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/20 05:57:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 03:47:59

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/18 13:29:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/18 13:29:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/18 13:29:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/18 13:29:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/18 13:29:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/18 13:29:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/18 13:29:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/18 13:29:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/18 13:29:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/18 13:29:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:30A9E86A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9BC95BE9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Sun Dec 04, 2011 1:08 am

OTL Extras logfile created on: 12/3/2011 2:44:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.19 Mb Total Physical Memory | 291.77 Mb Available Physical Memory | 38.08% Memory free
1.75 Gb Paging File | 0.96 Gb Available in Paging File | 54.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 15.35 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 55.10 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.68 Gb Free Space | 98.87% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F70D57-5DF5-46FF-9C88-FFDFF5987C52}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{053578A2-4964-4575-9A31-6BD3781CC1F7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0E0AA54F-9770-4015-9C16-2E3E7B30F437}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{245F7AAC-D730-4B1D-B4D0-5CAAF8E065DE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2CA1A8B1-C667-41CF-A866-7C1B1200713B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2F96B1EA-54AD-4EF4-9221-1F96E82F84D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57215BB5-D0F1-4B30-A0F0-3C1CF779836A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58FD2735-27ED-4FB8-846C-BF2AD2A31E8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B8738DF8-0028-4219-8040-3C2DB0DEF12B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D5A1F81F-61B1-42DE-9BBD-7B582BFC7B2A}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{DE54574E-BDAE-487A-97D0-DBD82E1A10E7}" = lport=49652 | protocol=6 | dir=in | name=akamai netsession interface |
"{FA3D0FBC-9F11-4471-9B16-8AFDDFC91E70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083223B5-57B6-4DF6-B7F7-FF4B9F45E4E3}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{0AF4A2BF-6F54-44BF-B75F-36DBCF9456D8}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{0B5511E8-3649-4D5D-ABBA-7C31F0526981}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{0D30DC05-9327-433F-8648-019233AC82C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0ECE3D62-0627-4740-9288-C39C5052B2B8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1024B90C-064B-4C1A-A3B9-A2FA2322A58B}" = protocol=17 | dir=in | app=c:\program files\army builder\armybuilder.exe |
"{10C2D016-B884-4B29-8590-B02E90571927}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{118A939A-065A-47E3-A5D6-E41633E645CA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{172D910A-D561-4513-A0D1-BBDF383AF433}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{1B930AE2-9443-46AA-B14D-5AE006C0550D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1F31D601-5C88-41E9-BC48-E1FF9A790F36}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2194AE33-6174-4909-9583-864C67836CFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{29F2EAF2-A058-4D8B-9B7B-B40ED65F0CE8}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{39269E90-B470-4DCD-98CA-23F49B0FBDEC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{3A6AF93E-6442-485B-A295-F4A3D2CBC358}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{451B4395-2A13-4D1B-AF58-EE3C7AA931D5}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{498D2B76-6F47-40AD-8B08-97A69061B7E2}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{49A80168-B93A-4172-AEB8-EFB493F3D1C7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{4BAFBB92-C621-4B30-95FC-4FAA56D67642}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{55F55207-5FB7-4557-9A07-39C2A7BC4CE0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{585FFD70-8747-48C0-99CA-CF4596F4E498}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5D36553C-3EEB-4CAA-BFB3-5AB7CCC23D79}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{614E980B-2CC1-4018-B96D-331CD759261D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67E26D44-3C0C-4153-9E20-0E1A45F67DDE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{6A7F1A7A-9F6A-4021-8535-2D0EE834ED7A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{6EBA588D-7D0C-457F-AAC9-A4B97066AB12}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{6FE367BC-DA89-4B1F-BD5C-BA3D3930081B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{72B3CD1E-FF65-4024-B61A-E719B65889E7}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{75F113FF-B7FA-4694-B650-5AC605B46D6E}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{7CD94689-62D8-4771-9544-A133111F8AA5}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{838C6103-5DC3-40C8-840E-7B8C9C55BAEB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{83E66919-E8E6-4CD7-B373-413DF461024F}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{868D2B27-F9E9-4139-BA43-CEA818467CC3}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{8F02A9C9-F0F0-4D25-858C-1721074DA5A2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{9B926D02-3A15-4091-B324-645526871E15}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{9C51DA1F-5D29-4C38-8718-E17A6FE36607}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{9CCAED11-D765-47B4-8A59-7A465E092CA0}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{A021A09F-3734-4FDA-9196-15728583BDAE}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A11C8549-53B0-4198-9AE8-B8555267C735}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A421DAB6-52B3-45F7-8586-B192534C933D}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{A4ACDEB3-DD13-457A-8D49-146FFF7B405D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{A6838678-875D-49B3-AE9B-CBF421EA3289}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{A93046B5-A10A-488A-B2F0-FF089A1F6B4E}" = protocol=6 | dir=in | app=c:\program files\army builder\armybuilder.exe |
"{AA422DB1-E780-492C-861F-A61CDB74EC2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AF3C43CF-B8F9-469B-8642-C5E078D2129E}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{B39A13CC-D34A-4949-965A-3E19F813739E}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{B52A812D-8244-47ED-BBAB-BDBC3F6763CC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{B83FF33C-8124-48BC-BFF0-55244A3B4451}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{BC3F46A9-A503-4584-B0A8-5153E0FF8E51}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{CB6E152D-3FE5-41BA-BDAE-58A74EBF1C74}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{CF782E6F-1C7E-4A65-84BC-36609D57A13D}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{CF9879B4-CB69-434C-9931-D38EE2AD902E}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{CFF637FC-2B95-43F3-9689-83C54C2D8DEA}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{D2313D63-2623-42F9-A07A-D2304AB5A180}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{D4A37136-6C7B-4B09-9BFB-5498504A946E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6988108-D6C0-4818-BE92-0C990E2ABC93}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{DBC3B6C4-057D-4304-A178-C900DAAD5531}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{DFF93E0F-FA4D-42CF-A291-350871951E04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9923DC2-F6AC-4268-937C-452F4A4077A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EADBE8CA-ED8B-4900-85D6-7C60E919841A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{F60AE52A-AD70-43C7-94CA-C8AF75F917D5}" = dir=in | app=f:\itunes.exe |
"{F797077B-4F28-44DF-8E03-4F5C7714BFAE}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{FBAB19F0-A049-4A0C-A652-38B5712174D6}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{FC03FEC7-15B9-48D4-B4BF-0012FDEF9582}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"TCP Query User{1B99F942-5E8D-4DD3-A9BA-678E2384ACED}C:\program files\novalogic\delta force\df.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"TCP Query User{1CECB45C-AA26-4E77-8D01-D0FB69B62CF9}C:\program files\strategy first\disciples 2 gold elves\discipl2.exe" = protocol=6 | dir=in | app=c:\program files\strategy first\disciples 2 gold elves\discipl2.exe |
"TCP Query User{2A15672F-AF1A-40A1-BD7F-5C4D83B6474E}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe |
"TCP Query User{981BB01D-BB1B-4B9E-A85E-85E992870954}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A6105CC7-0AD0-4FC1-95BB-C2C5B7B95D51}C:\program files\novalogic\delta force\df.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"TCP Query User{B79DD575-3186-4528-9EE4-3208D78F7844}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"TCP Query User{BEA62D3F-51E2-4335-A09C-9A7D7128C58B}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D9C22C8A-12CB-424C-A3C0-7C879774BB45}C:\program files\lexmark 2500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"TCP Query User{E0B6BBDF-55CB-40D1-B361-6CC72A9057C7}F:\second life\slvoice.exe" = protocol=6 | dir=in | app=f:\second life\slvoice.exe |
"TCP Query User{F7F03BE4-869F-4246-AED6-CB58F7878A6A}C:\westwood\dune2000\dune2000.dat" = protocol=6 | dir=in | app=c:\westwood\dune2000\dune2000.dat |
"UDP Query User{009DFBFA-8013-4306-BFE8-33971932A139}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe |
"UDP Query User{077E08DA-83E0-4B3D-B44D-BE79C9018D06}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2FD3FB96-BA0A-44F4-B05F-D4AA560B8754}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{48BC4678-E923-4390-A8E2-3D2E468C75AF}F:\second life\slvoice.exe" = protocol=17 | dir=in | app=f:\second life\slvoice.exe |
"UDP Query User{5F4C5CDA-8BA7-4296-92A8-57E9A0CABC73}C:\program files\novalogic\delta force\df.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"UDP Query User{71D7ECB0-3077-432C-8EE7-52B27AA6E3A9}C:\westwood\dune2000\dune2000.dat" = protocol=17 | dir=in | app=c:\westwood\dune2000\dune2000.dat |
"UDP Query User{775C9C79-545A-40A0-8561-4710B9111AC0}C:\program files\lexmark 2500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"UDP Query User{90625C22-4C88-4080-B8C2-626199A62CF0}C:\program files\strategy first\disciples 2 gold elves\discipl2.exe" = protocol=17 | dir=in | app=c:\program files\strategy first\disciples 2 gold elves\discipl2.exe |
"UDP Query User{B3BB6D6A-CA4B-4943-9387-E98791E4A972}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"UDP Query User{E7C594A7-2629-4423-872A-3E25FFFE513D}C:\program files\novalogic\delta force\df.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force\df.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43867B63-C464-4570-823D-D92DC08E3400}_is1" = Army Builder 3.3b
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75AD7D33-EF26-4609-9D8D-CBF7F9AC5E08}" = Freedom Force
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88A77307-828D-45AD-90A2-E018228B097F}" = Operation Blockade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface Service
"Bejeweled Blitz" = Bejeweled Blitz
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Delta Force" = Delta Force
"Disciples 2 Gold Gallean" = Disciples 2 Gold Gallean
"Disciples II Rise of the Elves" = Disciples II Rise of the Elves
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GOM Player" = GOM Player
"GridVista" = Acer GridVista
"HeavyMetal Battle Armor1.0" = HeavyMetal Battle Armor
"HeavyMetal_Plus" = HeavyMetal Plus
"Impulse" = Impulse
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Lexmark X1100 Series" = Lexmark X1100 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MyPublisher" = MyPublisher
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIA Drivers" = NVIDIA Drivers
"Panzer General 3D" = Panzer General 3D
"Quizulous2 Toolbar" = Quizulous2 Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TripMaker" = Rand McNally TripMaker Deluxe 2000
"UnityWebPlayer" = Unity Web Player
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Zac Browser - English" = Zac Browser - English

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2011 2:27:53 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1613144

Error - 12/3/2011 2:27:53 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1613144

Error - 12/3/2011 2:29:34 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0xfbc, application
start time 0x01ccb1e97f467ce0.

Error - 12/3/2011 2:29:44 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x1510, application
start time 0x01ccb1e985ec9b10.

Error - 12/3/2011 2:29:57 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x10d0, application
start time 0x01ccb1e98ec29190.

Error - 12/3/2011 2:30:06 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x5a0, application
start time 0x01ccb1e9949e3ba0.

Error - 12/3/2011 2:31:23 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x13f8, application
start time 0x01ccb1e9c27e7ee0.

Error - 12/3/2011 2:31:32 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0xfd8, application
start time 0x01ccb1e9c7b380e0.

Error - 12/3/2011 4:02:24 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x1064, application
start time 0x01ccb1f674e8d1a0.

Error - 12/3/2011 4:02:43 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x620, application
start time 0x01ccb1f684e735b0.

[ Media Center Events ]
Error - 2/8/2008 7:45:43 AM | Computer Name = Scott | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 4:11:11 PM | Computer Name = Scott | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 4:39:17 PM | Computer Name = Scott | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 10/11/2009 11:45:49 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/19/2009 4:47:33 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/15/2009 4:43:14 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/3/2011 2:46:50 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/3/2011 2:47:05 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume ACER.

Error - 12/3/2011 2:47:05 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume ACER.

Error - 12/3/2011 2:47:05 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/3/2011 2:47:05 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/3/2011 2:50:18 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 12/3/2011 2:50:38 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume ACER.

Error - 12/3/2011 2:50:38 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume ACER.

Error - 12/3/2011 2:50:38 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume ACER.

Error - 12/3/2011 2:50:38 PM | Computer Name = Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume ACER.


< End of report >

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by Belahzur on Mon Dec 05, 2011 6:04 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Mon Dec 05, 2011 10:50 pm

ComboFix 11-12-05.04 - Owner 12/05/2011 17:45:12.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.766.273 [GMT -5:00]
Running from: c:\users\Owner\Desktop\commy.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 23:05 . 2011-12-05 23:06 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-12-05 23:05 . 2011-12-05 23:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-05 23:05 . 2011-12-05 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-03 17:45 . 2011-12-03 17:45 -------- d-----w- C:\Cache
2011-12-03 17:44 . 2011-12-03 17:44 -------- d-----w- C:\w
2011-12-03 17:44 . 2011-12-03 17:45 -------- d-----w- C:\att
2011-12-03 17:44 . 2011-12-03 17:44 -------- d-----w- C:\skins
2011-12-03 17:44 . 2011-12-03 17:45 -------- d-----w- C:\e
2011-12-03 13:48 . 2011-12-03 13:53 -------- d-----w- C:\Combo-Fix
2011-12-02 20:27 . 2011-12-02 20:32 116224 ----a-w- c:\windows\system32\o4D1E.com__
2011-11-08 22:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 22:19 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 22:19 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 20:16 . 2011-05-19 10:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 22:19 . 2011-09-23 22:19 165339 ----a-w- c:\windows\Zac Browser - English Uninstaller.exe
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-07 17:31 . 2011-12-05 22:18 90460 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-12-05 22:18 80016 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2011-12-04 23:13 80016 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-15 10:32 . 2011-12-05 22:18 16204 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2689532994-4069854329-2397085193-1000_UserData.bin
- 2007-12-15 10:32 . 2011-12-04 23:13 16204 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2689532994-4069854329-2397085193-1000_UserData.bin
- 2011-12-04 23:10 . 2011-12-04 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-05 22:15 . 2011-12-05 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-04 23:10 . 2011-12-04 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-05 22:15 . 2011-12-05 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2011-12-05 22:29 604502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2011-12-04 23:19 604502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2011-12-04 23:19 104170 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2011-12-05 22:29 104170 c:\windows\System32\perfc009.dat
+ 2011-02-14 06:14 . 2011-12-05 13:53 378992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-14 06:14 . 2011-12-04 06:59 378992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 03:40 . 2011-12-05 00:25 17992152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2689532994-4069854329-2397085193-1000-8192.dat
- 2011-04-19 03:40 . 2011-12-04 06:59 17992152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2689532994-4069854329-2397085193-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{392d065e-4679-4d12-8342-2a2d505fd309}"= "c:\program files\Quizulous2\prxtbQui0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{392d065e-4679-4d12-8342-2a2d505fd309}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{392d065e-4679-4d12-8342-2a2d505fd309}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Quizulous2\prxtbQui0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{392d065e-4679-4d12-8342-2a2d505fd309}"= "c:\program files\Quizulous2\prxtbQui0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{392d065e-4679-4d12-8342-2a2d505fd309}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{392D065E-4679-4D12-8342-2A2D505FD309}"= "c:\program files\Quizulous2\prxtbQui0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{392d065e-4679-4d12-8342-2a2d505fd309}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 4468736]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2007-06-11 21:54 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 23:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-06-27 09:15 752136 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-05-24 20:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
2007-04-24 18:49 45056 ----a-w- c:\windows\PLFSet.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-25 13:44 171448 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2689532994-4069854329-2397085193-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 22:54]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2689532994-4069854329-2397085193-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-12-05 18:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}"=hex:51,66,7a,6c,4c,1d,38,12,12,38,ad,
58,75,50,10,02,d8,cb,7a,2d,b5,19,2a,3d
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{392D065E-4679-4D12-8342-2A2D505FD309}"=hex:51,66,7a,6c,4c,1d,38,12,30,05,3e,
3d,4b,08,7c,08,fc,54,69,6d,55,01,97,1d
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:39,be,3e,a1,40,b1,cc,01
.
[HKEY_USERS\S-1-5-21-2689532994-4069854329-2397085193-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**%|Î_ñ7]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4eda807b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-05 18:23:36
ComboFix-quarantined-files.txt 2011-12-05 23:23
ComboFix2.txt 2011-12-05 00:15
ComboFix3.txt 2011-12-03 18:55
ComboFix4.txt 2011-12-03 15:53
ComboFix5.txt 2011-12-05 22:42
.
Pre-Run: 17,213,128,704 bytes free
Post-Run: 16,756,412,416 bytes free
.
- - End Of File - - D9EF52A228775E3FD7058272A4243608

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by Belahzur on Wed Dec 07, 2011 1:10 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Thu Dec 08, 2011 2:41 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Thu Dec 08, 2011 3:27 am

The above reply is everything that was in the ESET log. After scanning the program found 13 infected files and was able to remove 12 of them. One of the files deleted was win32/kryptic. It could not remove a win32/rootkit file.

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by Belahzur on Fri Dec 09, 2011 1:55 pm

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Fri Dec 09, 2011 9:52 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5520
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 162):
0x82047000 \SystemRoot\system32\ntkrnlpa.exe
0x82014000 \SystemRoot\system32\hal.dll
0x8060D000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\PSHED.dll
0x80625000 \SystemRoot\system32\BOOTVID.dll
0x8062D000 \SystemRoot\system32\CLFS.SYS
0x8066E000 \SystemRoot\system32\CI.dll
0x8074E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807CA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82608000 \SystemRoot\system32\drivers\acpi.sys
0x8264E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82657000 \SystemRoot\system32\drivers\msisadrv.sys
0x8265F000 \SystemRoot\system32\drivers\pci.sys
0x82686000 \SystemRoot\System32\drivers\partmgr.sys
0x82695000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82698000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x826A2000 \SystemRoot\system32\drivers\volmgr.sys
0x826B1000 \SystemRoot\System32\drivers\volmgrx.sys
0x826FB000 \SystemRoot\system32\drivers\pciide.sys
0x82702000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82710000 \SystemRoot\System32\drivers\mountmgr.sys
0x82720000 \SystemRoot\system32\drivers\atapi.sys
0x82728000 \SystemRoot\system32\drivers\ataport.SYS
0x82746000 \SystemRoot\system32\drivers\fltmgr.sys
0x82778000 \SystemRoot\system32\drivers\fileinfo.sys
0x82788000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x85E0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85E7B000 \SystemRoot\system32\drivers\ndis.sys
0x85F86000 \SystemRoot\system32\drivers\msrpc.sys
0x85FB1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8600A000 \SystemRoot\System32\drivers\tcpip.sys
0x860F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8620E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8631E000 \SystemRoot\system32\drivers\volsnap.sys
0x86357000 \SystemRoot\System32\Drivers\spldr.sys
0x8635F000 \SystemRoot\system32\drivers\psdvdisk.sys
0x86371000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8637A000 \SystemRoot\System32\Drivers\mup.sys
0x86389000 \SystemRoot\System32\drivers\ecache.sys
0x863B0000 \SystemRoot\system32\drivers\disk.sys
0x863C1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x863E2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8610F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8611A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86123000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x86133000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8613C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x86140000 \SystemRoot\system32\DRIVERS\enecir.sys
0x86152000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8620B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8616A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x86174000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x861B2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x861C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x861D9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x861DB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A002000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A08F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A09F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A0AD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A0C7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8A0D6000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8A0EA000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8A20B000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8A308000 \SystemRoot\system32\DRIVERS\athr.sys
0x8A409000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8AB4B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ABEB000 \SystemRoot\System32\drivers\watchdog.sys
0x8A3C7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A13B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A17C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A193000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A19E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1C1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A1D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A1E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x861E1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x861F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x85FEC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ABF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x82791000 \SystemRoot\system32\DRIVERS\ks.sys
0x827BB000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8A3F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x827C9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AE0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AE42000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BA0D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BBBE000 \SystemRoot\system32\drivers\portcls.sys
0x8AE53000 \SystemRoot\system32\drivers\drmk.sys
0x8AE78000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8AEB5000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BC0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BCBE000 \SystemRoot\system32\drivers\modem.sys
0x8BCCB000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8BCD6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8BCE6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8BCED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8BCF6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8BCFE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BD07000 \SystemRoot\System32\Drivers\Null.SYS
0x8BD0E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BD15000 \SystemRoot\System32\drivers\vga.sys
0x8BD21000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BD42000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BD4A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BD52000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BD5D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BD6B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BD74000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BD8A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD9E000 \SystemRoot\system32\drivers\afd.sys
0x8AFB8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BDE6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BBEB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AFEA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C00C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C048000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8C04C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C056000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C0B4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C0CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C0D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C804000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8C9AB000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8C9B8000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8C9BF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C9CC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C9D7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97C10000 \SystemRoot\System32\win32k.sys
0x8C9DF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C9E9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97E30000 \SystemRoot\System32\TSDDD.dll
0x97E50000 \SystemRoot\System32\cdd.dll
0x8C0D6000 \SystemRoot\system32\drivers\luafv.sys
0x8C0F1000 \SystemRoot\system32\drivers\spsys.sys
0x8C1A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C1B1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C1DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C1E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E20E000 \SystemRoot\system32\drivers\HTTP.sys
0x9E27B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E298000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E2B1000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E2D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E2F1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E32A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E342000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E36A000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E3D1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9E3E7000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9E3F8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA520D000 \SystemRoot\system32\drivers\peauth.sys
0xA52EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA52F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA5301000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA5309000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xA530B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA5320000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA5348000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA535D000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x776D0000 \Windows\System32\ntdll.dll

Processes (total 75):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\SLsvc.exe
1164 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\rundll32.exe
1628 C:\Windows\System32\spoolsv.exe
1916 C:\Windows\System32\taskeng.exe
1956 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
196 C:\Windows\System32\svchost.exe
316 C:\Windows\System32\dwm.exe
340 C:\Acer\ALaunch\ALaunchSvc.exe
392 C:\Windows\explorer.exe
1712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1684 C:\Windows\RtHDVCpl.exe
732 C:\Windows\System32\rundll32.exe
1992 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
12 C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
1836 C:\Program Files\Bonjour\mDNSResponder.exe
1348 C:\Windows\System32\svchost.exe
868 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
444 C:\Windows\ehome\ehtray.exe
1340 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2052 C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
2104 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2252 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2276 C:\Windows\System32\lxbkcoms.exe
2320 C:\Windows\System32\lxddcoms.exe
2356 C:\Program Files\Common Files\Motive\McciCMService.exe
2396 C:\Acer\Mobility Center\MobilityService.exe
2580 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2620 C:\Windows\System32\svchost.exe
2660 C:\Windows\System32\svchost.exe
2684 C:\Windows\System32\SearchIndexer.exe
2900 C:\Windows\System32\drivers\XAudio.exe
2932 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2980 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3024 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3084 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3252 WmiPrvSE.exe
3256 WmiPrvSE.exe
3372 C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
3404 C:\Windows\ehome\ehmsas.exe
3424 unsecapp.exe
3728 C:\Windows\System32\taskeng.exe
3992 C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
1952 C:\Users\Owner\AppData\Local\temp\RtkBtMnt.exe
1076 C:\Program Files\Windows Media Player\wmpnscfg.exe
1440 C:\Program Files\Windows Media Player\wmpnetwk.exe
2024 C:\Windows\System32\svchost.exe
3880 C:\Program Files\Internet Explorer\iexplore.exe
1856 C:\Program Files\Internet Explorer\iexplore.exe
2128 WUDFHost.exe
4136 C:\Windows\System32\notepad.exe
5476 C:\Program Files\Internet Explorer\iexplore.exe
5908 taskeng.exe
3460 C:\Windows\System32\SearchProtocolHost.exe
1744 C:\Windows\System32\SearchFilterHost.exe
1948 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by Belahzur on Mon Dec 12, 2011 12:21 am

Hello.
Do you have your Vista disc? we may need to repair the MBR.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by cailinaingeal on Mon Dec 12, 2011 2:14 am

We don't have a disk for Vista. It was already loaded onto the laptop.

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing keyboard not to work

Post by Belahzur on Wed Dec 14, 2011 10:29 pm

Okay, can you get a disc? we need it to repair the MBR.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum