TheTechGuide Forum

General Category => Tech Clinic => Topic started by: coche on January 22, 2005, 05:23:20 PM

Title: half keyboard messed up
Post by: coche on January 22, 2005, 05:23:20 PM

hi guys

i'm currently having trouble with my keyboard, the right half of it has the keys all messed up (o is a 6, p a 7 etc etc).

at some point i thought it was the keyboard itself that was broken - my laptop is pretty destroyed - BUT it does allow me to log into the computer  which uses letters from those keys...which leads me to think it is a virus.

now, i've run ad-aware, panda online scan, symantec antivirus, and spy-sweeper and it hasnt found anything, i have also  updated the drivers for it and nothing. now im back to thinking it might be that the keyboard is just broken...

im just wondering if anyone has any ideas on this.
i greatly appreciate it

jose

Title: half keyboard messed up
Post by: guestolo on January 22, 2005, 05:38:19 PM

I would need to take a closer look

Can you Download Hijackthis 1.99
A small utility to help identify if any Hijackers, Malware, Spyware, etc.....Reside on your computer

Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Download Hijackthis from CLICK HERE (http://\"https://ssl.perfora.net/tools.radiosplace.com/HijackThis.exe\") or CLICK HERE (http://\"http://aumha.org/downloads/hijackthis.exe\")
Save it to that new folder

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

Title: half keyboard messed up
Post by: Guest on January 22, 2005, 05:42:22 PM

hi guestolo

thanks for the super quick response and thanks in advance for your help

j

heres the hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 3:55:57 PM, on 1/22/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/ (http://\"http://smbusiness.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home/us (http://\"http://online.wsj.com/home/us\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{2F353~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{2F353~1\reboot.ini  -l0x9
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~3\PSFree.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .ASP: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab (http://\"http://www.dialpad.com/applet/src/vscp.cab\")
O16 - DPF: {05A7C899-E7B7-4361-8A13-CEA2CB1D270B} - http://www.dialpad.com/rev/onflow/dponflstub.cab (http://\"http://www.dialpad.com/rev/onflow/dponflstub.cab\")
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN..._1/axofupld.cab (http://\"http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab (http://\"http://www.napster.com/client/isetup.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

Title: half keyboard messed up
Post by: guestolo on January 22, 2005, 06:57:57 PM

Is this a log from Normal mode
It looks like you ran it in safe mode

Can I see a New log after you have rebooted to Normal Mode, thanks

Title: half keyboard messed up
Post by: Guest on January 22, 2005, 07:05:29 PM

oops, youre absolutely right, i did it while on safe mode

here goes the one in normal mode:

thanks again




Logfile of HijackThis v1.99.0
Scan saved at 5:54:49 PM, on 1/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PANICW~1\POP-UP~3\PSFree.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Administrator\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/ (http://\"http://smbusiness.dellnet.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home/us (http://\"http://online.wsj.com/home/us\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~3\PSFree.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .ASP: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab (http://\"http://www.dialpad.com/applet/src/vscp.cab\")
O16 - DPF: {05A7C899-E7B7-4361-8A13-CEA2CB1D270B} - http://www.dialpad.com/rev/onflow/dponflstub.cab (http://\"http://www.dialpad.com/rev/onflow/dponflstub.cab\")
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN..._1/axofupld.cab (http://\"http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab (http://\"http://www.napster.com/client/isetup.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod

Title: half keyboard messed up
Post by: guestolo on January 22, 2005, 07:23:50 PM

I don't see anything wrong with your last log

I don't think it's viral related

You could try a Trial Version of TDS-3 and see if it catches anything
Download the trial version of tds-3 anti trojan from here:
http://www.diamondcs.com.au/tds/downloads/...s/tds3setup.exe (http://\"http://www.diamondcs.com.au/tds/downloads/tds3setup.exe\")
This is good for 30 days
Install it and Restart your computer when prompted
Don't run a scan yet

When your back in Windows it's important to update the latest RADIUS database
IMPORTANT>>>Right click the link below, select "save target as" or save link as
http://www.diamondcs.com.au/tds/radius.td3 (http://\"http://www.diamondcs.com.au/tds/radius.td3\")
Save it to the directory where you installed TDS-3
The default location should be
C:\Program Files\TDS3
Allow it to overwrite the previous radius.td3

Launch TDS-3. In the top bar of tds window click system testing> full systemscan.
Let it completely finish scanning---Even if it appears to freeze at times
Detections will appear in the lower pane of tds window after the scan is finished ( it'll take a while ) Right click the list> select save as txt.>> save this to a convienent location

After saving the scandump go ahead and right click the list of alarms again, this time select delete...only delete those with POSITIVE IDENTIFICATION

If anything found could you post the Scandump.txt

Title: half keyboard messed up
Post by: Guest on January 22, 2005, 07:34:24 PM

alright, will do guestolo

thank you very much. it might be that my keyboard is dying then...