Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keyboard Virus?


  • This topic is locked This topic is locked
3 replies to this topic

#1 canttype

canttype

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 01 May 2008 - 09:53 PM

Ok this is really strange

I have a XP set up with two user accounts. One of which works normally the other will not type the characters I'm typeing(e.g. typeing my userID yeilds "cantty-e")

Any insight would be really appreciated

here's the reports

Deckard's System Scanner v20071014.68
Run by Bill on 2008-05-01 22:36:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
53: 2008-05-02 02:36:42 UTC - RP53 - Deckard's System Scanner Restore Point
52: 2008-05-01 22:58:03 UTC - RP52 - Installed Ad-Aware 2007
51: 2008-05-01 04:06:43 UTC - RP51 - System Checkpoint
50: 2008-04-30 02:45:31 UTC - RP50 - Installed Kaspersky Anti-Virus 7.0.
49: 2008-04-30 01:47:46 UTC - RP49 - Removed TT_TRADER.


-- First Restore Point --
1: 2008-02-27 02:41:24 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Bill.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:35 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\B's Recorder GOLD8\bgsvc.exe
c:\Program Files\EIA Corporate VPN\EIA VPN client\cvpnd.exe
C:\WINDOWS\system32\etmservice.exe
C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Panasonic\WSwitch\WSwitch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Panasonic\OPDOFF\opdoff.exe
C:\Program Files\Panasonic\TouchPad\Touchpad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\temp\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bill.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Panasonic Hotkey Manager] C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: Economy Mode(ECO) Setting Utility.lnk = ?
O4 - Global Startup: Energy Information Administration EIA VPN Client.lnk = C:\Program Files\EIA Corporate VPN\EIA VPN client\vpngui.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Optical Disc Drive Power-Saving Utility.lnk = ?
O4 - Global Startup: Touch Pad utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204166960312
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: B's Recorder GOLD Service (bgsvc) - B.H.A Corporation - C:\Program Files\B's Recorder GOLD8\bgsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\EIA Corporate VPN\EIA VPN client\cvpnd.exe
O23 - Service: Intel Extended Thermal Model Service Application (ETMService) - Intel Corporation - C:\WINDOWS\system32\etmservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panasonic Opdoff Utility (OPDOFFSV) - Panasonic - C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
O23 - Service: Panasonic PC Information Viewer (PcInfoSV) - Matsubleepa Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7411 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (B.H.A Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 chgbmode (Panasonic Charge Mode Changer Driver) - c:\program files\panasonic\chgbmode\chgbmode.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic Personal Computer>
R1 MiscOPD (Panasonic Opdoff Utility) - c:\program files\panasonic\opdoff\miscopd.sys <Not Verified; Panasonic; Microsoft? Windows? Operating System>
R1 WSwitch (Panasonic PC Wireless Switch Driver) - c:\program files\panasonic\wswitch\wswitch.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic PC>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 brecal (Panasonic Battery Recalibration Driver) - c:\program files\panasonic\brecal\brecal.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic Personal Computer>
R2 BsUDF - c:\windows\system32\drivers\bsudf.sys <Not Verified; B.H.A Co.,Ltd.; UDF File System Driver (WindowsXP)>
R2 pcinfo (Panasonic PC Info. Viewer Driver) - c:\program files\panasonic\pcinfo\pcinfo.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic Personal Computer>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 SDKEY (Panasonic SD Misc. Function Driver) - c:\program files\panasonic\sdkey\sdkey.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic SD Utility>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvc (B's Recorder GOLD Service) - c:\program files\b's recorder gold8\bgsvc.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 BlackICE - c:\program files\network ice\blackice\blackd.exe <Not Verified; Internet Security Systems, Inc.; Network ICE Corporation blackd>
R2 ETMService (Intel Extended Thermal Model Service Application) - c:\windows\system32\etmservice.exe <Not Verified; Intel Corporation; Intel Extended Thermal Model>
R2 OPDOFFSV (Panasonic Opdoff Utility) - c:\program files\panasonic\opdoff\opdoffsv.exe <Not Verified; Panasonic; Optical disc drive power-saving utility>
R2 PcInfoSV (Panasonic PC Information Viewer) - c:\program files\panasonic\pcinfo\pcinfosv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; PC Information Viewer>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 19:03:54 0 d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-05-01 19:03:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 19:03:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 18:58:08 0 d-------- C:\Program Files\Lavasoft
2008-05-01 18:58:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-01 18:57:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 17:50:30 0 dr-h----- C:\Documents and Settings\Bill\Recent
2008-04-30 23:46:35 0 d-------- C:\Program Files\CCleaner
2008-04-30 23:25:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-30 23:25:07 0 d-------- C:\Program Files\Trend Micro
2008-04-30 23:00:57 0 d-------- C:\Documents and Settings\Janet\Application Data\HotSync
2008-04-30 22:59:16 0 d-------- C:\Documents and Settings\Janet\Application Data\Identities
2008-04-30 22:59:15 0 d-------- C:\Documents and Settings\Janet\Application Data\Intel
2008-04-30 22:59:15 0 d-------- C:\Documents and Settings\Janet\Application Data\InstallShield
2008-04-30 22:59:14 0 d---s---- C:\Documents and Settings\Janet\Application Data\Microsoft
2008-04-30 22:59:13 0 dr------- C:\Documents and Settings\Janet\Favorites
2008-04-30 22:59:13 0 d-------- C:\Documents and Settings\Janet\Desktop
2008-04-30 22:59:13 0 d---s---- C:\Documents and Settings\Janet\Cookies
2008-04-30 22:59:13 0 dr-h----- C:\Documents and Settings\Janet\Application Data
2008-04-30 22:59:11 0 dr-h----- C:\Documents and Settings\Janet\SendTo
2008-04-30 22:59:11 0 dr-h----- C:\Documents and Settings\Janet\Recent
2008-04-30 22:59:11 0 d--h----- C:\Documents and Settings\Janet\PrintHood
2008-04-30 22:59:11 0 d--h----- C:\Documents and Settings\Janet\NetHood
2008-04-30 22:59:11 0 dr------- C:\Documents and Settings\Janet\My Documents
2008-04-30 22:59:11 0 d--h----- C:\Documents and Settings\Janet\Local Settings
2008-04-30 22:59:10 0 d--h----- C:\Documents and Settings\Janet\Templates
2008-04-30 22:59:10 0 dr------- C:\Documents and Settings\Janet\Start Menu
2008-04-30 22:59:09 2097152 --ah----- C:\Documents and Settings\Janet\NTUSER.DAT
2008-04-29 22:46:19 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-29 22:46:19 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-29 22:45:41 9760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-29 22:45:41 1799200 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-29 22:45:41 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-29 22:45:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 21:41:39 0 d-------- C:\kav
2008-04-29 21:32:14 0 d-------- C:\Documents and Settings\Bill\Application Data\U3
2008-04-28 17:36:21 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-28 17:35:27 0 d-------- C:\tt
2008-04-21 18:01:00 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-21 18:00:58 0 d-------- C:\Program Files\Savings Bond Wizard
2008-04-17 19:22:13 0 d-------- C:\Program Files\Netflix
2008-04-06 08:01:24 0 d-------- C:\Documents and Settings\Bill\Application Data\InterVideo


-- Find3M Report ---------------------------------------------------------------

2008-05-01 18:57:33 0 d-------- C:\Program Files\Common Files
2008-04-29 22:36:36 0 d-------- C:\Program Files\Symantec
2008-04-28 17:35:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 19:18:03 0 d-------- C:\Program Files\palmOne
2008-03-31 13:55:13 0 d-------- C:\Program Files\Terminal Services Client
2008-03-20 20:25:29 0 d-------- C:\Program Files\Topo USA 4.0
2008-03-20 20:06:49 0 d-------- C:\Program Files\directx
2008-03-20 20:03:55 0 d-------- C:\Program Files\Common Files\DeLorme
2008-03-20 20:03:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-08 17:53:23 0 d-------- C:\Documents and Settings\Bill\Application Data\Macromedia
2008-03-08 17:53:22 0 d-------- C:\Documents and Settings\Bill\Application Data\Adobe
2008-03-08 07:46:09 0 d-------- C:\Documents and Settings\Bill\Application Data\Leadertech
2008-03-08 07:42:29 0 d-------- C:\Program Files\AvantGo
2008-03-08 07:41:30 162 --a------ C:\WINDOWS\nsreg.dat
2008-03-08 07:33:17 0 d-------- C:\Documents and Settings\Bill\Application Data\HotSync
2008-03-07 21:02:32 0 d-------- C:\Program Files\DeLorme
2008-03-03 16:32:51 0 d-------- C:\Program Files\Citi Virtual Account Numbers
2008-02-27 23:28:01 8 --a------ C:\WINDOWS\system32\success
2008-02-27 22:36:51 224 --a------ C:\WINDOWS\system32\tbhi.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/06/2006 08:11 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/06/2006 08:13 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [10/06/2006 08:10 AM]
"PRunOnce"="C:\util\prunonce\PRunOnce.exe" [08/06/2004 08:58 AM]
"PCinfo"="C:\Program Files\Panasonic\PCINFO\SetDiag.exe" [04/21/2006 09:55 PM]
"WSwitch"="C:\Program Files\Panasonic\WSwitch\WSwitch.exe" [09/08/2006 02:37 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/14/2004 08:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/14/2004 08:26 PM]
"Panasonic Hotkey Manager"="C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [11/30/2006 08:00 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/16/2007 04:32 PM]
"B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [01/16/2006 08:23 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/16/2007 04:26 PM]
"CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [08/12/2004 03:51 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Bill\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [9/19/2005 2:20:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 8:44:06 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31130346-1655-11dd-8691-001b7727013b}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - AAWSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-01 22:40:17 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™ Duo CPU U2400 @ 1.06GHz
CPU 1: Intel® Core™ Duo CPU U2400 @ 1.06GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 501.98 MiB / 131.79 MiB
Pagefile Memory (total/avail): 1227.02 MiB / 747.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.13 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 43.39 GiB free.

\\.\PHYSICALDRIVE0 - TOSHIBA MK6034GAX - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NetSupport Manager\\pcideply.exe"="C:\\Program Files\\NetSupport Manager\\pcideply.exe:*:Enabled:NetSupport Deploy"
"C:\\Program Files\\NetSupport Manager\\PCICTLUI.EXE"="C:\\Program Files\\NetSupport Manager\\PCICTLUI.EXE:*:Enabled:NetSupport Control"
"C:\\kav\\kav7\\setup.exe"="C:\\kav\\kav7\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bill\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BROWSENLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bill
LOGONSERVER=\\BROWSENLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bill\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bill\LOCALS~1\Temp
USERDOMAIN=BROWSENLAPTOP
USERNAME=Bill
USERPROFILE=C:\Documents and Settings\Bill
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bill (admin)
Janet (new local)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AvantGo Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP
B.H.A B's CLiP 6.41 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -l0x9
B.H.A B's Recorder GOLD8 BASIC 8.30 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A35CAAAB-5977-400C-B355-AC0A51EE2352}\setup.exe" -l0x9
Battery Recalibration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}\Setup.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Citi Virtual Account Numbers --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\CitiVAN.INF, DefaultUninstall.ntx86
DeLorme Street Atlas USA 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BBD350-F44E-47C1-9245-228AD8A9171D}\setup.exe" -l0x9 NoMode
DeLorme Street Atlas USA 2005 Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13C8D5EF-ECAB-4BF9-AB35-9774AEC00EEE}\Setup.exe" -l0x9 NoMode
DMI Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5639BE8E-33DA-402A-B414-1FBED9CC50E1}\Setup.exe" -l0x9
Economy Mode(ECO) Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C09C770-3FC9-4103-85B4-470FC78E43EB}\Setup.exe"
HDAUDIO V.92 Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10F70000\HXFSETUP.EXE -U -IPNS00005.inf
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotkey Appendix --> C:\Program Files\InstallShield Installation Information\{943622A3-F5E9-464F-A025-90D02F3B8ACE}\setup.exe -runfromtemp -l0x0009 -removeonly
Hotkey Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEEFA812-64A6-4083-BB38-87F68B6BA820}\Setup.exe"
Icon Enlarger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93994589-6A13-49BE-8AF6-12AAC9A28529}\Setup.exe"
Intel® Extended Thermal Model --> C:\WINDOWS\system32\IIF2un.exe -uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Loupe Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DAA0AF0-3B51-4EE0-83CC-47A3582DFA51}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetSupport Manager --> C:\PROGRA~1\NETSUP~1\remove.exe
Optical Disc Drive Letter-Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC040647-5CE6-4A1D-B227-287178273365}\Setup.exe" -l0x9
Optical Disc Drive Power-Saving Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{745CBEF4-9AF4-42BD-9C97-2A6B66BF55EA}\Setup.exe" -l0x9
palmOne --> MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
Panasonic Common Components --> C:\Program Files\InstallShield Installation Information\{99733131-7B00-4E5C-8991-113CD61D8E2F}\setup.exe -runfromtemp -l0x0409
PC Information Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30348D0E-37F0-41EE-869B-F0441A87FFEC}\Setup.exe" -l0x9
Savings Bond Wizard --> C:\WINDOWS\unvise32.exe C:\Program Files\Savings Bond Wizard\uninstal.log
SD Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B18C20D2-A3E9-422D-9136-99B5BDD6565D}\Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Terminal Services Client --> C:\Program Files\Terminal Services Client\setup\Setup.exe
Topo USA 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31ED608D-8826-41AA-913F-DBC45CB4DE09}\setup.exe" -l0x9 NoMode
Touch Pad Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1F3314C-888E-4DC4-8D79-4BF40BF60B74}\Setup.exe" -l0x9
USB Power Save Mode Switching Utility --> C:\Program Files\InstallShield Installation Information\{29608D7A-C860-45D4-A467-BD28A9F1809D}\setup.exe -runfromtemp -l0x0009 -removeonly
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless Switch Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69B5FDC2-60FA-4285-BA2A-C9DF3A5AAAD2}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type442 / Warning
Event Submitted/Written: 04/29/2008 08:41:01 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type440 / Warning
Event Submitted/Written: 04/29/2008 07:16:30 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\WINDOW~1.LOG [00000003]

Event Record #/Type439 / Warning
Event Submitted/Written: 04/29/2008 07:16:13 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP [00000003]

Event Record #/Type438 / Warning
Event Submitted/Written: 04/29/2008 07:16:13 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\OBJECT~1.DAT [00000003]

Event Record #/Type437 / Warning
Event Submitted/Written: 04/29/2008 07:16:13 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP [00000003]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3085 / Warning
Event Submitted/Written: 05/01/2008 00:56:10 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2907 / Error
Event Submitted/Written: 04/30/2008 11:15:50 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for ImagePath with the following error:
%%5

Event Record #/Type2879 / Error
Event Submitted/Written: 04/30/2008 10:58:08 PM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type2878 / Warning
Event Submitted/Written: 04/30/2008 10:58:07 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B7727013B. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2636 / Warning
Event Submitted/Written: 04/29/2008 08:30:22 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B7727013B. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-05-01 22:40:17 ------------

BC AdBot (Login to Remove)

 


#2 canttype

canttype
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 May 2008 - 09:44 AM

Has No one run into something like this?

The issue seems to be concentarted on the uper right section of the keyboard
The shifteded keys seem a particular problem

!@#$%^ work but &*() don't produce any responce


THe laptop is a panasonic toughbook that has number pad lined up with this region. it appears the responce are mostely mapped to this configuration.

so uiop becomes 456- even when the function key isn't depressed.

and again this only happens on one of the log on IDs

the other works normally.

Any Ideas?

Thanks!

#3 canttype

canttype
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 May 2008 - 09:50 AM

OK I'm an idiot

Turns out the number lock was on.

Unfotunatly there's no light on this model

sorry

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:12 AM

Posted 03 May 2008 - 02:31 PM

Your not an idiot. I had a keyboard that the number lock light was burnt out on. Took me a while to figure that out also.

Nice to see you sorted it out. And thanks for informing us.

If you find other problems, please start a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users