Wireless keyboard - strange key functions

Ok, I've read the other few threads on here about similar issues to mine, and I've followed all the instructions on the READ AND RUN ME FIRST sticky, but unfortunately I'm still struggling to understand what the problem is. (PS. Please find all relevant logs attached, and further logs in second message, apart from bitdefender and pandaactivescan which would only freeze every time i tried to run them, therefore not enabling me to use their scans!)

I have an Intelligent Wireless Keyboard, using Microsoft Intellitype 6.1 software and drivers called i8042prt.sys and kbdclass.sys. The problem is that certain keys have started having very strange simultaneous functions. For example, right-shift brings up the web-browser, left-shift brings up calculator and left-alt mutes the sound-card.

Some of the keys can be programmed via the software, but not these, and the problem seemed to randomly start one day so I just can't fathom what started it.

Any help is MASSIVELY appreciated!!

 

...HijackThis log...

 

Is nobody able to help me out here?

 

Hi alpinemonkey!
Welcome to Major Geeks!

1) Please go to add/remove programs and uninstall the following:

- J2SE Runtime Environment 5.0 Update 11
- Sunbelt Counterspy <--- we're finished with this!

2) Then delete the below folders which may be left behind by the uninstall:

C:\Documents and Settings\Mike\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

3) Now REBOOT your computer!

4) After you've rebooted, please install Java Runtime Environment vs. 6.2

I'm looking at your logs for malware. This takes some time. Please be patient. This may or may not be a malware problem.
abri

 

Hi alpinemonkey!

What happened to your Internet Explorer? BitDefender and Panda can only be run with Internet Explorer which is why you couldn't run them.

Also, what of Symantec are you running?

abri

 

Hi again

After answering the questions in my prvevious post, if you do not recognize the following .exe file, please upload it to either VirusTotal or jotti and have them scan it.

The name and path of it is:
C:\Documents and Settings\Mike\Local Settings\Temp\rtdrvmon.exe

Then post the results back to me. If they don't find anything malicious or suspicious just tell me.

abri

 

Abri,

Firstly, thanks so much for getting back to me - this problem is driving me insane!!!

I've done all you instructed in your first post, and have also uploaded the suggested file to VirusTotal, who found nothing suspicious in it. After Googling about it I believe it hase something to do with the Lexmark printer I use.

With regard to Symantec, I used to have Norton anti-virus on the pc but now use AVG instead. Perhaps there are some things left over from the uninstall?

And I do have Internet Explorer, but everytime I try to run BitDefender it hangs at 72% whilst updating the virus signatures (I'm trying now again as I type this post but the same is happening). Similarly, Panda freezes on 76 seconds remaining.

So I'm still at a loss!!

 

Hi alpinemonkey!

1) The problems you're having with your keyboard don't appear to be related to malware. You have one strange file in your Temp files which we should be able to get rid of by running ATF Cleaner. I'll post the instructions for you below and will have you post a fresh ShowNew log back to me to make sure it's gone. If it's something you put in yourself, or if you know where it came from, please tell me because the below tool will remove it. It's this file:

2) You have a lot of Symantec services that need to be gotten off of your computer. It's unlikely that Symantec is causing problems with your keyboard problems but it can compromise your AVG and cause problems in your registry. Therefore it would be a good idea to stop all those Symantec services and get rid of your Norton Protection bins. Please run the following tool. Norton Removal Tool (SymNRT) If that doesn't work, we'll have to remove them manually.

3) You said the problems started randomly one day. How so randomly? Are the problems you're having consistent? Does the browser always go on now when you hit the right shift key? Or does this only happen sometimes? It's possible you've installed something that is overriding your keyboard's instructions. While a third-party keyboard can cause problems for your hotkeys, what you're describing is the effect on normal keys. Have you talked with the manufacturer yet and described the problems you're having to them? Is the keyboard still under warranty?

4) Please run ATF Cleaner after you run the Norton Removal Tool above. The instructions are:

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

5) Please run new scans for ShowNew and HijackThis (analyse.exe) and attach fresh logs

• ShowNew Log (newfiles.txt)
• HijackThis Log (hijackthis.log)

abri

 

An extra note:
If you can get a regular keyboard with a wire plugged into your computer, be sure to take the wireless one away from the area where the computer is - far enough away so they are sure not to have a connection!
abri

 

Abri,

Again, thanks for the detailed and quick response. Here's my answers/actions taken since your last advice:

1) The file you think is strange (rtdrvmon.exe) I believe has something to do with my Lexmark printer/scanner. If I Google the filename I get information about the printer's driver or other people with Lexmark printers asking about it. However, I have taken your advice anyway, just in case.

2) I followed your instructions re: the Symantec software and it seems that some of the folders/files are still hanging about. Looks like we'll have to do that one manually?

3) The problem started randomly, yes. I asked at another forum and they suggested installing different software (rather than the manufacturer's software I used Microsoft's Intellipoint) and the problem went away for a day but came back again very suddenly. The keyboard is very old, therefore not in Warranty and I've no idea who to contact about it as all the sticker says on the back is "Intelligent Wireless Keyboard". All else I know is that it came with a "Tiny" PC a while back and has been passed on to me since then.

4) I have run AFT Cleaner, as suggested

5) Please find new logs attached.

Thanks again for your help. Much appreciated.

 

Hi alpinemonkey!
Please do the following:

1) If you do not use Windows Messenger (it's NOT MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


2) Next we need to stop a service:

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Core LC
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste Symantec Core LC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

3) Now re-run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

4) Now use Windows Explorer to delete the below folders:
C:\Program Files\Norton AntiVirus
C:\Program Files\Common Files\Symantec <--- delete anything named Symantec

5) Now run Ccleaner

6) Now attach the below new log and tell me how the above steps went.

1. HijackThis.log

abri

 

Abri,

As always - great thanks.

I followed all the above steps and all went swimmingly apart from this bit:

The problem came when trying to ask HJT to delete the service. An error message did pop-up saying that it was 'System critical', therefore couldn't be deleted. I mention this as after exiting the program it DIDN'T ask me to reboot, like you predicted it would. However, I rebooted anyway after the whole process, just to be sure.

Please find the new HJT log attached - and thanks again.

PS. The problem with my keyboard is still there - do you think we're giong to solve this at all?

 

Hi alpinemonkey!

The keyboard first. Did you try anything we suggested? Something changed the programming of your keyboard. You were able to change it back briefly for one day by using a different program with it and then the problems started again suddenly. Probably the key word in all this is suddenly. There must be some programming in your computer somewhere, probably attached to another piece of software you're using, which got activated and returned your keyboard to where it thought it should be. Since this is a piece of Microsoft software running your keyboard and since Microsoft uses software which overrides other software, it's quite possible it "noticed" the keyboard had been reprogrammed and set it back into what it considers to be the "correct" state.

Some of the changes to keyboards which assign multiple functions to specific keys are done to help people who are handicapped. Please make sure the setting for your keyboard is correct by going to Start / Settings and look for the wheelchair icon which may be called accessibility options. A window will open with several tabs. Under the General tab there are several options which might have been changed and there is a timer. See if anything besides the warnings are checked on this tab.

It would still be useful to follow our suggestion to try a corded keyboard with the cordless one placed far away from the computer where it can't communicate with the computer and see if the corded one has any problem.

After this, it would help to try to get the cordless keyboard to accept the 2nd programming you gave it again. You'd probably have to deinstall and reinstall whatever you used. Then do a methodical check of which programs are running while it's working and which ones are starting and whether it is rebooting which is causing it to change or possibly rebooting.

Also, there are odd foreign language problems which can occur with keyboards. Normally there is consistency between what a local keyboard has written on the keys and what the computer interprets. However, the classic example of where this breaks down is when you use a foreign keyboard and want to type in commands in the dos prompt or when you want to make changes to the BIOS. In this case, what the keyboard says has no meaning at all. You simply have to know which button to push in accordance with original functions assigned to a key position in the original programming in the U.S.

The Symantec entries are gone except for one I missed. Please run HijackThis as per the instructions in post number 11, Step 3, but this time putting a check in the box next to the following entry and have it fix it. Make sure all your browsers are turned off when you do this.

Please post one last HijackThis log back to me and then I will have you remove all the tools we've used. Also, please report to me how your computer is running and whether you tried the above suggestions with the keyboard.

Thanks.
abri

 

I've attached the new HijackThis log, so hopefully everything there is in order.

The accessibility functions on the pc are all at their normal and default. I've tried uninstalling/reinstalling the original software but this still had no effect either.

One thing I neglected to mention, but which I presumed you'd realise, is that there are HotKeys across the top of the keyboard which are assigned certain functions. It's these functions that are also being assigned to other, random, keys as well. So perhaps it's just that the keyboard is getting old and tired?

I'll have to try and get hold of a wired keyboard to see if that helps - and perhaps it'll mean throwing this one away?

Thanks for your help again and I suppose now is the time to delete all the software we've used to clean me up?

 

Hi alpinemonkey,
Your logs are clear. I don't see anything to connect the keyboard problems you're having with malware. The best next step would be to borrow a wired keyboard and see if it is the keyboard itself which is defective. After following the instructions in the box below, please post in hardware or software and see if anyone there has heard of a problem like this. Something seems to be overriding your keyboard's programming.

Let me know how everything goes!
abri

 

Sorry for the delay in updating you about this.

I've followed all your steps and removed all necessary programmes/fixes. Can I also remove HijackThis? If so, what is the best/cleanest way?

I also have uninstalled my mouse and keyboard and borrowed a different set from the IT guys at work. This one worked fine so I figured it must have been the hardware itself. However, when I reinstalled them they are now working fine!?!

I have only installed the drivers though, and not bothered with the hotkey software, just in case it was a software conflict that was causing it in the first place.

So now I'm back in working order (for the meantime!) and I'll post back here if the problem reappears.

Thanks again for cleaning my system and being so helpful.

 

Yes, sorry. HijackThis should be in add/remove programs. Uninstall it there and then go to C:\Program Files and delete anything that's left.

Hope all goes well with the keyboard.
abri