Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keyboard Failure


  • Please log in to reply
6 replies to this topic

#1 devotee

devotee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 22 December 2011 - 08:19 PM

So in the world of computers, some have devined a way to benefit from the misery of others. I would be in the second group. As a recent victim of XP internet Security 2012 (lots of fun) and partial survivor of its removal, I find myself here with a computer that has a working mouse and no keyboard function. I followed the directions on this site, step by step as listed for an XP computer. Yes, the rootkit is gone. So is keyboard function. I have switched to a known good keyboard to no avail. I may need to reset the BIOS, but do not know how to approach this task w/o a keyboard!!!

Any constructive suggestions appreciated.

tks
devotee

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 devotee

devotee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 22 December 2011 - 08:40 PM

Thanks Animal,

Known good keyboard swapped. This failure occurred in the wake of removal of XP Internet Security 2012 with the instructions on this site. I have looked around a bit before posting and have read that resetting the BIOS might do the trick. So if you know, how can this be done without a keyboard function (I have a good keyboard) the keyboard is somehow not recognized.???

I'm not sure the hardeware forum is the right place, but I'm open to suggestion.

devotee

#3 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:08 PM

Posted 23 December 2011 - 01:17 AM

I'm not sure the hardware forum is the right place ...

It's not ... I agree.

Are you using a USB mouse? Have you tried to use a PS/2 mouse?
Are you using a PS/2 connected keyboard? Have you tried using a USB connected keyboard? If you haven't tried a USB connected keyboard then please do so. Success? Does the USB keyboard work?

Please post the content of logs generated after running both:
  • TDSSKiller ... look for report in same location as TDSSKiller was run from.
  • MBAM ... open MBAM and click on the Logs tab.

Edit: "have read that resetting the BIOS might do the trick" ... I don't think so.

Edited by AustrAlien, 23 December 2011 - 01:33 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 devotee

devotee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 23 December 2011 - 04:48 AM

AustrAlien,
Many thanks for the suggestion. This had not occurred to me.

USB port returns keyboard function.

Even my Logitech wireless works.

I have always used the old PS/2 slot with an adapter as this is an older box (about from the time when Windows XP was just released IRRC)and there are only 4 usb slots total (2 in back and 2 on the front of the tower).

Other than hardware connections, is there any way to return function to the old PS/2 keyboard slot? Can it get "turned off"?

FWIW, the mouse works in either of the PS/2 slots. Keyboard does not work in either slot but both wireless and hard wired keyboards function in a USB port. I may try another USB to PS/2 adapter if I can get my hands on one.

devotee

#5 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:08 PM

Posted 23 December 2011 - 05:19 AM

Please post the content of logs generated after running both:

  • TDSSKiller ... look for report in same location as TDSSKiller was run from.
  • MBAM ... open MBAM and click on the Logs tab.

Please post the logs.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 devotee

devotee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 23 December 2011 - 08:27 AM

AustrAlien,
I think I must have cleared the TDSSKiller log. I reran and it is clear. I do have the MBAM log. Both are below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122201

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/21/2011 8:06:13 PM
mbam-log-2011-12-21 (20-06-13).txt

Scan type: Quick scan
Objects scanned: 345256
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\WINDOWS\temp\_ex-68.exe (Trojan.Dropper) -> 1612 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Trojan.Dropper) -> Value: MozillaAgent -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\admin\Local Settings\Application Data\lie.exe" -a "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\admin\Local Settings\Application Data\lie.exe" -a "firefox.exe") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\admin\Local Settings\Application Data\lie.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\temp\3E6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\5689.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\gkxrrn\setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\admin\local settings\application data\lie.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.








2011/12/23 08:17:18.0812 0484 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56
2011/12/23 08:17:25.0718 0484 ================================================================================
2011/12/23 08:17:25.0718 0484 SystemInfo:
2011/12/23 08:17:25.0718 0484
2011/12/23 08:17:25.0718 0484 OS Version: 5.1.2600 ServicePack: 3.0
2011/12/23 08:17:25.0718 0484 Product type: Workstation
2011/12/23 08:17:25.0718 0484 ComputerName: PC-1
2011/12/23 08:17:25.0718 0484 UserName: admin
2011/12/23 08:17:25.0718 0484 Windows directory: C:\WINDOWS
2011/12/23 08:17:25.0718 0484 System windows directory: C:\WINDOWS
2011/12/23 08:17:25.0718 0484 Processor architecture: Intel x86
2011/12/23 08:17:25.0718 0484 Number of processors: 1
2011/12/23 08:17:25.0718 0484 Page size: 0x1000
2011/12/23 08:17:25.0718 0484 Boot type: Normal boot
2011/12/23 08:17:25.0718 0484 ================================================================================
2011/12/23 08:17:28.0656 0484 Initialize success
2011/12/23 08:17:57.0046 3340 ================================================================================
2011/12/23 08:17:57.0046 3340 Scan started
2011/12/23 08:17:57.0046 3340 Mode: Manual;
2011/12/23 08:17:57.0046 3340 ================================================================================
2011/12/23 08:17:57.0468 3340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/12/23 08:17:57.0593 3340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/12/23 08:17:57.0687 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/12/23 08:17:57.0781 3340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2011/12/23 08:17:57.0843 3340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/12/23 08:17:58.0343 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/12/23 08:17:58.0390 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/12/23 08:17:58.0500 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/12/23 08:17:58.0593 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/12/23 08:17:58.0671 3340 basic2 (9372cc48814a17e67c28945eb4acc189) C:\WINDOWS\system32\DRIVERS\basic2.sys
2011/12/23 08:17:58.0750 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/12/23 08:17:58.0859 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/12/23 08:17:58.0921 3340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/12/23 08:17:59.0015 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/12/23 08:17:59.0062 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/12/23 08:17:59.0125 3340 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/12/23 08:17:59.0281 3340 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/12/23 08:17:59.0343 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/12/23 08:17:59.0531 3340 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/12/23 08:17:59.0890 3340 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/12/23 08:18:00.0062 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/12/23 08:18:00.0109 3340 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
2011/12/23 08:18:00.0250 3340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/12/23 08:18:00.0312 3340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/12/23 08:18:00.0375 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/12/23 08:18:00.0453 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/12/23 08:18:00.0562 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/12/23 08:18:00.0640 3340 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/12/23 08:18:00.0765 3340 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/12/23 08:18:00.0812 3340 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/12/23 08:18:00.0937 3340 Fallback (9ea76a7f28cd968f8adc709e479f23b2) C:\WINDOWS\system32\DRIVERS\fallback.sys
2011/12/23 08:18:01.0031 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/12/23 08:18:01.0125 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/12/23 08:18:01.0203 3340 FilterService (f9183d35ad38f093d5e1aa8ba072d51b) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/12/23 08:18:01.0296 3340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/12/23 08:18:01.0421 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/12/23 08:18:01.0515 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/12/23 08:18:01.0578 3340 Fsks (b7b262d0431374f3afd1349e35b368d9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
2011/12/23 08:18:01.0640 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/12/23 08:18:01.0687 3340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/12/23 08:18:01.0750 3340 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/12/23 08:18:01.0812 3340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/12/23 08:18:01.0890 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/12/23 08:18:01.0984 3340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/12/23 08:18:02.0140 3340 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/12/23 08:18:02.0218 3340 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/12/23 08:18:02.0265 3340 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/12/23 08:18:02.0343 3340 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/12/23 08:18:02.0421 3340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/12/23 08:18:02.0562 3340 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys
2011/12/23 08:18:02.0640 3340 Imapi (52fa4d5bf104c7b02adc49c414b484ed) C:\WINDOWS\system32\drivers\ImapiRox.sys
2011/12/23 08:18:02.0812 3340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/12/23 08:18:02.0875 3340 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/12/23 08:18:02.0953 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/12/23 08:18:03.0062 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/12/23 08:18:03.0156 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/12/23 08:18:03.0250 3340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/12/23 08:18:03.0421 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/12/23 08:18:03.0500 3340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/12/23 08:18:03.0593 3340 K56 (a4e3277398c8aba999483d4c658c9696) C:\WINDOWS\system32\DRIVERS\k56nt.sys
2011/12/23 08:18:03.0656 3340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/12/23 08:18:03.0718 3340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/12/23 08:18:03.0781 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/12/23 08:18:03.0843 3340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/12/23 08:18:04.0000 3340 lvpopflt (f61a8ff029614e403e9d001a6741981f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/12/23 08:18:04.0078 3340 LVRS (f01fc94eb8f39f7d6e5f5b367473381e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/12/23 08:18:04.0406 3340 LVUVC (caffd79278b3d8fe75fdfe1b66c2565f) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/12/23 08:18:04.0812 3340 LXARScan (e8d15acd2f65a2e8756768353e08a9a0) C:\WINDOWS\system32\Drivers\Lxarscan.sys
2011/12/23 08:18:04.0984 3340 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/12/23 08:18:05.0078 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/12/23 08:18:05.0171 3340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/12/23 08:18:05.0265 3340 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/12/23 08:18:05.0328 3340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/12/23 08:18:05.0390 3340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/12/23 08:18:05.0453 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/12/23 08:18:05.0500 3340 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/12/23 08:18:05.0625 3340 MpKsl16b40d1f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36D32C58-F737-40EE-8006-3A7620B410E0}\MpKsl16b40d1f.sys
2011/12/23 08:18:05.0828 3340 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/12/23 08:18:05.0921 3340 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/12/23 08:18:05.0968 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/12/23 08:18:06.0078 3340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/12/23 08:18:06.0156 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/12/23 08:18:06.0250 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/12/23 08:18:06.0343 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/12/23 08:18:06.0406 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/12/23 08:18:06.0484 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/12/23 08:18:06.0546 3340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/12/23 08:18:06.0625 3340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/12/23 08:18:06.0718 3340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/12/23 08:18:06.0812 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/12/23 08:18:06.0875 3340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/12/23 08:18:06.0937 3340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/12/23 08:18:07.0015 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/12/23 08:18:07.0046 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/12/23 08:18:07.0109 3340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/12/23 08:18:07.0171 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/12/23 08:18:07.0265 3340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/12/23 08:18:07.0437 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/12/23 08:18:07.0500 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/12/23 08:18:07.0609 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/12/23 08:18:07.0812 3340 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/12/23 08:18:08.0031 3340 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2011/12/23 08:18:08.0156 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/12/23 08:18:08.0250 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/12/23 08:18:08.0312 3340 OMCI (e1e54131462b63efefaf14aca8e4012b) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/12/23 08:18:08.0406 3340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/12/23 08:18:08.0453 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/12/23 08:18:08.0515 3340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/12/23 08:18:08.0562 3340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/12/23 08:18:08.0718 3340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/12/23 08:18:09.0093 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/12/23 08:18:09.0140 3340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/12/23 08:18:09.0234 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/12/23 08:18:09.0281 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/12/23 08:18:09.0359 3340 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
2011/12/23 08:18:09.0468 3340 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/12/23 08:18:09.0734 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/12/23 08:18:09.0796 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/12/23 08:18:09.0843 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/12/23 08:18:09.0906 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/12/23 08:18:09.0968 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/12/23 08:18:10.0109 3340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/12/23 08:18:10.0171 3340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/12/23 08:18:10.0281 3340 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/12/23 08:18:10.0359 3340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/12/23 08:18:10.0546 3340 Rksample (4c35e57300a2dc5932a8e29efa527c32) C:\WINDOWS\system32\DRIVERS\rksample.sys
2011/12/23 08:18:10.0671 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/12/23 08:18:10.0750 3340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/12/23 08:18:10.0796 3340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/12/23 08:18:11.0031 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/12/23 08:18:11.0093 3340 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2011/12/23 08:18:11.0250 3340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/12/23 08:18:11.0328 3340 SoftFax (413cfa795cad19a010889df0ec060408) C:\WINDOWS\system32\DRIVERS\faxnt.sys
2011/12/23 08:18:11.0421 3340 SpeakerPhone (c11082c80723771c1979eacf7fdde1c3) C:\WINDOWS\system32\DRIVERS\spkpnt.sys
2011/12/23 08:18:11.0468 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/12/23 08:18:11.0546 3340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/12/23 08:18:11.0640 3340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/12/23 08:18:11.0718 3340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/12/23 08:18:11.0765 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/12/23 08:18:11.0828 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/12/23 08:18:12.0062 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/12/23 08:18:12.0171 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/12/23 08:18:12.0312 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/12/23 08:18:12.0359 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/12/23 08:18:12.0437 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/12/23 08:18:12.0687 3340 Tones (e0f10a379239b4fab319c55a9cd6bc96) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
2011/12/23 08:18:12.0812 3340 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/12/23 08:18:12.0953 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/12/23 08:18:13.0062 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/12/23 08:18:13.0156 3340 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/12/23 08:18:13.0312 3340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/12/23 08:18:13.0343 3340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/12/23 08:18:13.0390 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/12/23 08:18:13.0453 3340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/12/23 08:18:13.0500 3340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/12/23 08:18:13.0531 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/12/23 08:18:13.0593 3340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/12/23 08:18:13.0687 3340 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/12/23 08:18:13.0765 3340 V124 (177b65899d418f8c8f037b20567a99d6) C:\WINDOWS\system32\DRIVERS\v124nt.sys
2011/12/23 08:18:13.0843 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/12/23 08:18:13.0921 3340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/12/23 08:18:14.0015 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/12/23 08:18:14.0109 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/12/23 08:18:14.0234 3340 winachsf (a941aa38e3951058e584c4bbddd56ed9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/12/23 08:18:14.0437 3340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/12/23 08:18:14.0546 3340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/12/23 08:18:14.0625 3340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/12/23 08:18:14.0687 3340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/12/23 08:18:14.0781 3340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/12/23 08:18:14.0906 3340 Boot (0x1200) (ad43ec8608b81779442eee8fcc8921f3) \Device\Harddisk0\DR0\Partition0
2011/12/23 08:18:14.0921 3340 ================================================================================
2011/12/23 08:18:14.0921 3340 Scan finished
2011/12/23 08:18:14.0921 3340 ================================================================================
2011/12/23 08:18:14.0953 1740 Detected object count: 0
2011/12/23 08:18:14.0953 1740 Actual detected object count: 0

#7 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:08 PM

Posted 23 December 2011 - 09:01 AM

The TDSSKiller log is useful in this instance because of what is NOT showing in it, rather than what is in it. The PS/2 keyboard/mouse driver (i8042prt.sys) is missing from the log, and I therefore assume it has been removed at some earlier time by one of the two tools that you used. It is also highly likely that the necessary registry key has also been removed.

I suggest that you follow the instructions in the
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

When you have done that, post your log in the "Virus, Trojan, Spyware, and Malware Removal Logs forum", NOT here, for assistance by the Malware Response Team experts.

Please include a description of your problem and what you have done beforehand, along with a link to this topic. A helper will check to confirm that your system is free of malware, and help you restore the PS/2 keyboard/mouse function.

Please let us know, here, if you have been able to successfully start your new topic.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users