Mouse and keyboard disabled

I ran a MAlware removal program that required restarting the computer when it was done. My PC boots up to the login screen but the mouse and keyboard do not work so I cannot log in. When I try to start is safe mode the keyboard works to arrow up and down to choose a boot up opotion but again when I get to the log in screen, no keyboasrd and mouse. I have tryed bboting in safe mode with networking and command prompt with the same results. help please!

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

• Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:
  
  Reply to this topic with the word BUMP, or
  see this topic.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

I don't think I can use this software because I can't login. I get stuck at the login screen - no mouse or keyboard

Please do this:

First
ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.

OTL logfile created on: 5/28/2010 11:18:35 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 786.00 Mb Available Physical Memory | 77.00% Memory free
905.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (aswUpdSv)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/26 01:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/03/17 19:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (3aa3f37e-0bb0-434b-b9c7-21ba6aed8806)
DRV - [2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/17 12:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 12:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/02/23 11:59:59 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/02/23 11:59:59 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/08/28 04:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/05 16:08:28 | 000,241,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/06/07 17:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/24 12:59:30 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/04/24 12:57:20 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/21 11:19:44 | 000,040,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/12/06 14:26:06 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/04/24 18:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1997/06/17 06:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System] -- C:\WINDOWS\system32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\administrator.MIDWEST_NT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.zugo.com/?cfg=2-80-0-McEo
IE - HKU\brussman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT2384137
IE - HKU\brussman_ON_C\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKU\brussman_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\brussman_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Nancy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\Nancy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\Nancy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Nancy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061222
IE - HKU\Patrick_Vanderlind_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 06:00:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 21:48:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Documents and Settings\brussman\My Documents\components [2008/02/18 17:56:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Documents and Settings\brussman\My Documents\plugins [2010/03/27 09:00:02 | 000,000,000 | ---D | M]

[2010/05/22 16:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/31 20:07:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/16 21:48:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 21:48:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/28 10:14:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2009/08/18 23:49:04 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\brussman_ON_C\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\brussman_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\brussman_ON_C\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKU\brussman_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Nancy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKU\administrator.MIDWEST_NT_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\brussman_ON_C..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\brussman_ON_C..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\brussman_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\brussman_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\Nancy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Patrick_Vanderlind_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.MIDWEST_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\brussman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\brussman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nancy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Patrick_Vanderlind_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.142.225.3 167.142.225.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mwestmp.com
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 16:10:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 21:59:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/24 00:00:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\brussman\Recent
[2010/05/08 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/04/30 21:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker

========== Files - Modified Within 30 Days ==========

[2010/05/28 23:09:31 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/28 23:09:31 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/28 23:09:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 23:09:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 22:04:05 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/28 18:46:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{52669972-7D23-4EA9-AF45-0BD0FDE4D58C}.job
[2010/05/27 23:21:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 06:46:57 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\brussman\NTUSER.DAT
[2010/05/24 06:46:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\brussman\ntuser.ini
[2010/05/24 06:46:52 | 022,427,724 | -H-- | M] () -- C:\Documents and Settings\brussman\Local Settings\Application Data\IconCache.db
[2010/05/24 06:13:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/24 03:14:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/05/24 00:07:41 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 16:49:40 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/23 16:49:40 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/22 16:40:53 | 000,072,174 | ---- | M] () -- C:\Documents and Settings\brussman\Desktop\www.allegiantair.com-aaRes-aaBooking_confirmation.tif
[2010/05/20 22:41:04 | 000,000,281 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2010/05/19 23:00:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/05/18 14:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 23:57:13 | 000,001,890 | -H-- | M] () -- C:\Documents and Settings\brussman\My Documents\Default.rdp
[2010/05/02 19:15:06 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7700#MY38S120N0K5.job
[2010/04/30 14:58:09 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\brussman\Desktop\Microsoft Office Outlook 2003.lnk
[2010/04/29 16:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 16:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/23 16:49:40 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/23 16:49:40 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/22 16:40:53 | 000,072,174 | ---- | C] () -- C:\Documents and Settings\brussman\Desktop\www.allegiantair.com-aaRes-aaBooking_confirmation.tif
[2010/04/14 23:00:58 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
[2010/04/02 10:39:26 | 001,314,816 | ---- | C] () -- C:\WINDOWS\System32\RdLMh-c3Q.dll
[2010/03/21 03:30:44 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\NTUSER.DAT.LOG
[2010/03/21 03:30:43 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/03/21 03:30:43 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Nancy\NTUSER.DAT.LOG
[2010/03/21 03:30:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Patrick Vanderlind\NTUSER.DAT.LOG
[2010/02/21 15:14:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.brussman.ini
[2009/05/21 13:39:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\fusioncache.dat
[2009/05/21 13:39:24 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\Nancy\NTUSER.DAT
[2009/05/21 13:39:24 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Nancy\ntuser.ini
[2008/01/16 13:34:58 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\brussman\Application Data\Install.log
[2008/01/16 13:34:51 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\brussman\Application Data\Uninstall.exe
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/21 22:34:02 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/15 22:22:29 | 000,000,057 | ---- | C] () -- C:\WINDOWS\NWDECDU.INI
[2007/04/15 22:22:08 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2007/02/26 20:45:03 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2007/02/23 11:59:59 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/02/23 11:59:59 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/02/04 01:09:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.tif
[2007/02/04 01:09:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.dat
[2007/02/02 20:55:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/02/02 20:55:23 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2007/02/02 20:55:22 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007/02/02 20:55:22 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007/01/22 00:01:41 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\brussman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/12 16:23:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/12 16:08:11 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\brussman\Local Settings\Application Data\fusioncache.dat
[2007/01/12 16:08:10 | 011,010,048 | -H-- | C] () -- C:\Documents and Settings\brussman\NTUSER.DAT
[2007/01/12 16:08:10 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\brussman\ntuser.dat.LOG
[2007/01/12 16:08:10 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\brussman\ntuser.ini
[2007/01/12 16:06:09 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\Local Settings\Application Data\fusioncache.dat
[2007/01/12 16:06:08 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\NTUSER.DAT
[2007/01/12 16:06:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\administrator.MIDWEST_NT\ntuser.ini
[2007/01/12 15:55:03 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Patrick Vanderlind\Local Settings\Application Data\fusioncache.dat
[2007/01/12 15:55:02 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Patrick Vanderlind\NTUSER.DAT
[2007/01/12 15:55:02 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Patrick Vanderlind\ntuser.ini
[2006/12/22 09:12:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/22 09:12:22 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/12/22 09:10:13 | 000,131,058 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2006/12/22 08:53:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2006/12/22 08:50:30 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 01:20:24 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/08/12 01:20:15 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/08/12 01:20:15 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:20:25 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/08/11 19:20:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/08/11 19:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/11 19:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/08/11 19:20:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/25 13:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\alot
[2008/01/16 13:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Backup
[2010/03/03 00:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Facebook
[2010/04/30 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Full Tilt Poker.Net
[2010/03/20 22:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\IObit
[2008/02/18 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Netscape
[2007/08/11 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Reno 911 Paintball
[2009/01/24 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Simple Star
[2009/06/14 19:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\Snapfish
[2009/10/11 17:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\VTExtra
[2008/07/18 19:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brussman\Application Data\W Photo Studio Viewer
[2009/06/18 21:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\IObit
[2010/05/19 23:00:07 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/05/28 18:46:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{52669972-7D23-4EA9-AF45-0BD0FDE4D58C}.job

========== Purity Check ==========


< End of report >

Please open OTLPE -- Click None and paste this in the Custom Scans box:


Then click Run Scan. It shall launch a log. Please post it in your next reply.

OTL logfile created on: 6/2/2010 12:12:01 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 786.00 Mb Available Physical Memory | 77.00% Memory free
905.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.14% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 04:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 23:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 23:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2006/08/27 23:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< End of report >

Did the mouse and keyboard work in OTLPE?

yes - they have since the first time I booted off the disc you had me burn

Thanks
Bob

Oh I see.

So, this would have to do with Windows drivers being slightly corrupted.

Will you please tell me the maker of the keyboard and mouse.

Dell Keyboard Model: SK-8115
Dell Mouse M/N: MOA78BO







good luck

Bob R

Do you have the Dell driver's disc?

Those drivers are automatically known Windows drivers, so it may not need Dell drivers.


If not, then do you have the Windows XP disc?

I am just trying to get all the information straight, so I know if it is safe to do a couple of repairs. I don't want to do the repairs, if we do not have a safe way out.

I have a CD "Operating System" note says "Already installed on your computer"
Reinstallation CD
Windows XP professional, service pack 2
Note on CD This CD is not for reinstallation of programs or drivers



I also have a Dell Dimension resource CD pn 0628D Rev A01

OK good.

Please run OTLPE

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :files
  c:\windows\system32\config|c:\windows\repair\system /replace
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

I copied thetext as instructed - when I clicked FIX it went immediately to the reboot? window and stayed there - waited 15 min, nothing - clicked yes on reboot? window, nothing. Rebooted computer off disc - repeated process, said no to reboot? and got the report below

========== FILES ==========
File c:windowsrepairsystem not found.
========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 06082010_033807

Please open OTLPE -- Click None and paste this in the Custom Scans box:


Then click Run Scan. It shall launch a log. Please post it in your next reply.

OTL logfile created on: 6/10/2010 12:26:45 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 75.00% Memory free
905.00 Mb Paging File | 824.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.63% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========


< Code: >


< MD5 for: KEYBOARD.DRV >
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\i386\KEYBOARD.DRV
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\WINDOWS\system\KEYBOARD.DRV
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\WINDOWS\system32\dllcache\keyboard.drv
[2004/08/04 07:00:00 | 000,002,000 | ---- | M] (Microsoft Corporation) MD5=ED4BF709AAD8B665075DE06A0945B030 -- C:\WINDOWS\system32\keyboard.drv

< MD5 for: KEYBOARD.INF >
[2008/04/13 12:29:43 | 000,043,203 | ---- | M] () MD5=7BBDE91DF15EA16103A3EF5C00A1FB77 -- C:\WINDOWS\inf\keyboard.inf
[2008/04/13 12:29:43 | 000,043,203 | ---- | M] () MD5=7BBDE91DF15EA16103A3EF5C00A1FB77 -- C:\WINDOWS\ServicePackFiles\i386\keyboard.inf
[2004/08/04 07:00:00 | 000,031,254 | ---- | M] () MD5=FFEEE39C5A83FA52064BD758B897B7F7 -- C:\i386\keyboard.inf
[2004/08/04 07:00:00 | 000,031,254 | ---- | M] () MD5=FFEEE39C5A83FA52064BD758B897B7F7 -- C:\WINDOWS\$NtServicePackUninstall$\keyboard.inf

< MD5 for: KEYBOARD.SYS >
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\i386\keyboard.sys
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\ServicePackFiles\i386\keyboard.sys
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\system32\dllcache\keyboard.sys
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\system32\keyboard.sys

< MD5 for: MOUSE.DRV >
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\i386\MOUSE.DRV
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\WINDOWS\system\MOUSE.DRV
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\WINDOWS\system32\dllcache\mouse.drv
[2004/08/04 07:00:00 | 000,002,032 | ---- | M] (Microsoft Corporation) MD5=7D29780AC88BB7292CDCFF71BA67433D -- C:\WINDOWS\system32\mouse.drv
< End of report >

Please open OTLPE -- Click None and paste this in the Custom Scans box:


Then click Run Scan. It shall launch a log. Please post it in your next reply.

OTL logfile created on: 6/11/2010 5:23:58 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 736.00 Mb Available Physical Memory | 72.00% Memory free
905.00 Mb Paging File | 813.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========


< /mdstart >
Invalid Switch: mdstart

< kbdhid.sys >

< /md5stop >
Invalid Switch: md5stop


< End of report >

Try one more time. You did not get the 5 in there correctly on one of the switches.

OTL logfile created on: 6/11/2010 6:40:14 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 730.00 Mb Available Physical Memory | 71.00% Memory free
905.00 Mb Paging File | 806.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 47.01 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.75 Gb Free Space | 91.89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Custom Scans ==========



< MD5 for: KBDHID.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:kbdhid.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdhid.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdhid.sys
[2009/07/10 14:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdhid.sys
[2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=9EF487A186DEA361AA06913A75B3FA99 -- C:\WINDOWS\ServicePackFiles\i386\kbdhid.sys
[2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=9EF487A186DEA361AA06913A75B3FA99 -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2004/08/04 00:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=E182FA8E49E8EE41B4ADC53093F3C7E6 -- C:\i386\kbdhid.sys
[2004/08/04 00:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=E182FA8E49E8EE41B4ADC53093F3C7E6 -- C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys
< End of report >

Please run OTLPE

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :files
  C:\WINDOWS\system32\drivers\kbdhid.sys|C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys /replace
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

When you say "..allow it to reboot, " should it reboot on its own or do I click yes

========== FILES ==========
File C:\WINDOWS\system32\drivers\kbdhid.sys successfully replaced with C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys
========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 06112010_074705

Good.

Now, boot normally and see if the keyboard works.

no - same results as previous try


when I clicked FIX it went immediately to the reboot? window and stayed there - waited 15 min, nothing - clicked yes on reboot? window, nothing. Rebooted computer off disc - repeated process, said no to reboot? and got the report below

We will need to replace it from the Recovery Console then.

Please boot in to your Windows CD, use the R option for the Recovery Console.

Log on to the current installation.

Let me know when you have gotten this far.

I got to "Please a screen which asks "Which Windows installation would you like to log onto" and " Please select a valid installation number" (I am at the Recovery Console.

Choose option 1.

You should see a C:\ type of prompt.

thanks for your help - I need the administrator password to continue - the IT at my work used his password for the entire network at my company to set up my pc and is unable to give it to me (the company bought this PC for me so i can work from home - is ther any way around this?

Ok. We are going to fix that in OTLPE, then you should be able to run the Recovery Console without a password.

Please run OTLPE

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
  "SecurityLevel"=dword:00000001
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

great - I am at the C:\windows prompt in the recovery consol

Please type in the following command.

copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys

Once this is completed successfully, remove the CD from the computer and reboot.

See if your keyboard works.

I keyed in "copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys" and hit enter and I got:

Access is denied.

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys and press "Enter".

Type exit and press "Enter".

See if this works.

Same - Access is denied after copy command

Alright. Seems the rootkit has blocked that file from being replaced. Let's take ownership of the file, then try again. Similar process.

Type attrib -s -r c:\windows\system32\drivers\kbdhid.sys and press "Enter".

Type copy C:\i386\kbdhid.sys c:\WINDOWS\system32\drivers\kbdhid.sys and press "Enter".

Type exit and press "Enter".

See if this works.

attrib -s -r c:\windows\system32\drivers\kbdhid.sys and press "Enter". When I ran this it didn't work " unrecognized command". I then tried attrib -s-r c:\windows\system32\drivers\kbdhid.sys (no space between -s and -r) and it worked.
Still get Access denied after copy command. What do you think?

Would you be up for an in-place upgrade of Windows, a data-safe way to place a new install of Windows in to the old one's place?

In this case, Windows would be reinstalled, and hopefully restore all functionality to hardware.

http://michaelstevenstech.com/xp_in_place_upgrade.htm

Hi I'm back! Thank you for all your help. I got impatient and formated my hard drive and reinstalled windows. I have a Seagate backup so its cool. What are my best options to avoid the repeat of this virus? Can you recommend what software to get? What about good firewall?

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?