Random keystrokes on normal mode of Windows 7

[GermanDk]

My computer has just started to act up on me for the past day. It keeps on jamming in random keystrokes and sometimes decides to shutdown. I'm not sure what the problem is with it, but I just came from the Virus/Malware section and I was told that there was nothing malicious about it there. The link to the forum is here: https://www.techspot.com/community/...s-virus-running-on-win-7.184156/#post-1218082
It is now inactive because Broni recommended me to come here to seek further help, because he believes it is not a virus/malware. The computer does not seem to be acting up in safe mode, but whenever I turn it to normal mode, it starts to act up again.Can someone please help me? I would greatly appreciate it.

 

[Bobbye]

I checked the logs from the malware thread you have. I have some questions for you, then some scans:

1. Install Date: 7/18/2012 4:30:05 PM> Is this the original install date?
If so, has the system every run correctly?
2. RP62: 8/12/2012 4:15:42 PM - Restore Operation> Is this a System Restore? Did you run the scans in the malware thread before or after the restore?
3. You have 2 antivirus programs running:

2012-08-12 20:32:57 > C:\Program Files (x86)\Norton Security Suite
2012-08-12 18:36:54 > C:\Program Files\AVAST Software
Norton Internet Security (also listed in installed programs.

4. There are errors from the Event Viewer indicating that an attempt is being made to access a secure channel on your system from a remote location. You have some processes running that might be causing this: Example:

8/7/2012 8:13:27 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Note: SChannel means secure channel.
sChannel uses TLS for security encryption

Please see the following:

Microsoft Security Bulletin MS09-007 - Important
Vulnerability in SChannel Could Allow Spoofing (960225)
http://technet.microsoft.com/en-us/security/bulletin/MS09-007

5. You are running file sharing programs:
2012-08-09 23:44:09> C:\Program Files (x86)\uTorrent
2012-08-09 23:43:43> C:\Users\Slurpee\AppData\Roaming\uTorrent
----------
2012-07-23 22:31:02> C:\Program Files (x86)\SafeConnect
Please review this: Safeconnect, Universities, P2P, Network Security and Risk: The Tangled World of "Policy Enforcement" on Other People's Computers:
https://www.eff.org/deeplinks/2011/10/safeconnect-universities-peer-peer-file-sharing.
6. There is an infected file in the Recycle Bin.

Need for Speed - Hot Pursuit offline activator.exe (RiskWare.Tool.CK)

This appears to have been used to pirate a software program.
Please empty the Recycle Bin now.

6. There is a very suspicious file on the system that I'd like to remove:
2012-07-12 22:01:216----a-w-C:\windows\silentOnce.tmp
========================================
Please address as much of the above that you can- just answers if you have them, then run the following scans:

Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

==================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
4. Continue with the directions.
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
Please paste the logs from the above in your next reply.
Am I correct that you have not programed keyboard shortcuts?
Do you still have the program you ran on the malware thread on your system?

 

[GermanDk]

For the install date question, yes, that is the original install date because I think the manufacturer master reseted the system when they gave me the computer back from repairs.

For the System Restore question, I did run a System Restore after the fact that Avast or Norton could not detect the virus, along with Malwarebytes. I kinda of paniked for a while, which was a stupid thing for me to do since I know better to not panic during these.This was done before I came to the Malware forums. But the scans in the malware section happened after the restore.

For the 2 antivirus programs running, I dont know how that happend because I used the Norton Removal tool to remove Norton Internet Security Suite, because whatever the error/virus is preventing Norton from using LiveUpdate to update its virus definitions and perform an effective scan. I installed Avast after I uninstalled Norton, but it looks like when I did the System Restore, both programs showed back up together, which is weird.

And about the SSL from a remote location, I have no idea how that happened.

Finally to conclude with the Safe Connect and utorrent speculation, SafeConnect was and still is required by my college in order to get on their network, and I don't use beside utorrent. I only use utorrent when I'm not at college, and use it sparingly.

 

[GermanDk]

I got no logs to show up.

 

[Bobbye]

Safe Mode vs Normal Mode: Since your problem does not occur in SM but does in NM, it means a driver or Service doesn't start in SM, but does in Normal Mode. If necessary, I will have someone check minidump files to determine the source.

Regarding the install date: What was the nature of the repairs you had done?

Regarding Safe Connect: I did note that it is used by many universities, but it apparently can have some 'side effects'. So I would like you to read the reference I left.

Regarding the antivirus programs: I think the problem was due to the fact that you had two Norton suites installed: Norton Security Suite and Norton Internet Security. Both of those show in the installed programs.

but it looks like when I did the System Restore, both programs showed back up together, which is weird.

No, it's not weird at all! The purpose of the System Restore was to move the system back to what it was on the restore date.

If you want to retain Avast, I can help you remove Norton.
======================================
Please tell me what the action with Cisco was>

2012-08-12 21:36 . 2012-08-12 21:36 >>> c:\program files (x86)\Cisco

Did you get remote help from them or any other online merchant that required you to get a small download?
This would have allowed the to remotely access your system and could be a part of the key movements you describe if still active.

And about the SSL from a remote location, I have no idea how that happened.

====================================
I'm waiting to see the results of the two scans I asked you to run. I will determine the next step after I review those logs. You have some processes that should be removed and some locked Registy keys that need to be opened and checked.

 

[Bobbye]

We were posting at the same time. You ran the Eset scan and it didn't find any entries, so it didn't make a log?

The CK scan will put out 2 line even if there is nothing. Please repeat.
========================================
I'd like you to temporarily disable the Daemon CD Emulator. Having that running can affect some scans:

To disable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger and save to your desktop.
2. Double-click on the DeFogger icon to start the tool.
3. When application window appears, click on the Disable button to disable your CD Emulation drivers
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
5. When the program has completed you will see a Finished! message.
6. Click on the OK button to exit the program.
7. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

===================================
When we have finished, use the following to reactivate:
To enable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger and save to your desktop.
2. Double-click on the DeFogger icon to start the tool.
3. When application window appears, click on the Enable button to enable your CD Emulation drivers
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
5. When the program has completed you will see a Finished! message.
6. Click on the OK button to exit the program.
7. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

==================================
Note: If you still have Combofix installed from the malware thread, you can update it and run a new scan. Please leave the log in your next reply.

If you have uninstalled Combofix, follow the directions below> please use the instructions if you are repeating the scan (except for download). I need to see the current entries:

• 
  Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.

 

[GermanDk]

Regarding the install date:
That had to do with accidental physical damage done to the computer and also with msconfig saying that I was using Windows 8 Consumer Preview version while I was using Windows 7.

Regarding Safe Connect:
I read the article when you first posted it up and it seemed very interesting. I never knew that about SafeConnect, even though I was abit skeptical when they brought up the requirement during my freshmen year in college.

 

[GermanDk]

I will attach what I got.

 

[GermanDk]

Regarding the antivirus programs:
I will keep Norton then, but get rid of one of the Norton.

Cisco
As far I can tell, I never knew what it was for, but if I had to guess, it would be for SafeConnect with the university because I dont Cisco products anymore that I'm with Xfinity for internet.

 

[GermanDk]

I kinda did something I wasn't suppose to do. So, yesterday, I was trying to get all the help I could of this issue and decided to call the manufacturer. I told them the problem with the computer and they recommend me to use their recovery manager, which erases everything from the C drive and make a brand new Windows, kind of like a system image. Well, I used it and thought of it as a last resort if things didn't work out. Afterwards, the problem kept on happening regardless if it was a new copy of Windows or not,which surprised me and had me think could the problem be with the hardware, even though it was working properly in safe mode. What do you think?

 

[GermanDk]

Anyways, here is the combofix.txt log file.

ComboFix 12-08-13.01 - Slurpee 08/14/2012 12:20:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4323 [GMT -4:00]
Running from: c:\users\Slurpee\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 16:23 . 2012-08-14 16:23--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-14 16:11 . 2012-08-14 16:11--------d-----w-c:\windows\SysWow64\Wat
2012-08-14 16:11 . 2012-08-14 16:11--------d-----w-c:\windows\system32\Wat
2012-08-14 15:35 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-08-14 15:26 . 2012-08-14 15:26--------d-----w-c:\program files (x86)\MSXML 4.0
2012-08-14 14:49 . 2012-08-14 14:49--------d-----w-c:\program files (x86)\Common Files\Symantec Shared
2012-08-14 14:13 . 2012-08-14 16:10--------d-----w-c:\windows\system32\drivers\NISx64\1206000.01D
2012-08-14 14:01 . 2011-07-16 05:41362496----a-w-c:\windows\system32\wow64win.dll
2012-08-14 13:57 . 2012-08-14 13:57--------d-----w-c:\program files (x86)\ESET
2012-08-14 13:55 . 2012-02-17 06:381031680----a-w-c:\windows\system32\rdpcore.dll
2012-08-14 13:55 . 2012-02-17 05:34826880----a-w-c:\windows\SysWow64\rdpcore.dll
2012-08-14 13:55 . 2012-02-17 04:5723552----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-08-14 13:53 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-08-14 13:53 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-08-14 13:53 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-08-14 13:53 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-08-14 13:53 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-08-14 13:53 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-08-14 13:53 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-08-14 13:53 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-08-14 13:53 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-08-13 21:16 . 2012-08-14 13:50--------d-----w-c:\windows\SysWow64\NV
2012-08-13 21:16 . 2012-08-14 13:50--------d-----w-c:\windows\system32\NV
2012-08-13 21:15 . 2012-08-13 21:16--------d-----w-c:\programdata\NVIDIA
2012-08-13 21:15 . 2012-08-13 21:15--------d-----w-c:\users\UpdatusUser
2012-08-13 21:15 . 2012-08-13 21:15--------d-----w-c:\programdata\NVIDIA Corporation
2012-08-13 21:13 . 2012-08-13 21:13--------d-----w-c:\programdata\Nuance
2012-08-13 21:13 . 2012-08-13 21:13--------d-----w-c:\programdata\ScanSoft
2012-08-13 21:13 . 2012-08-13 21:13--------d-----w-c:\programdata\FLEXnet
2012-08-13 21:13 . 2012-08-13 21:13--------d-----w-c:\program files (x86)\Nuance
2012-08-13 21:13 . 2012-08-13 21:13--------d-----w-c:\program files (x86)\Microsoft
2012-08-13 21:07 . 2012-08-14 16:17--------d-----w-c:\users\Slurpee
2012-08-13 21:07 . 2012-08-13 21:07--------d-----w-C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 14:13 . 2011-07-21 20:10174200----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-14 13:50 . 2010-06-24 18:3319720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-06-07 5521408]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-13 25960]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120813.001\IDSvia64.sys [2012-08-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [2011-03-22 382584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-06-07 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-13 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-12-31 138024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-22 11831400]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-14 12:25:03
ComboFix-quarantined-files.txt 2012-08-14 16:25
.
Pre-Run: 258,388,819,968 bytes free
Post-Run: 258,108,518,400 bytes free
.
- - End Of File - - F4357C3BAA94BC221D51B6605D63094E

 

[Bobbye]

What do I think? I think that if you don't stop going off and changing your system, that you will never find out what wrong with it and fix it!

On 7/18/2012, some kind of physical damage to the computer was fixed. Also at that time you had a reinstall with the correct operating system.

On 8/12/2012 4:15:42 PM, you did a System Restore
Shortly after that, you must have had a problem connecting to the wireless because in less than an hour, you had done the following:
Wireless Restore points:

1. 8/12/2012 4:45:19 PM - Installed Intel(R) WiDi.
2. 8/12/2012 5:00:34 PM - Installed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology>> This package installs the software (Wireless LAN driver and utility) to enable the following device:
   IntelR Centrino(R) Wireless BluetoothR4.0 + High Speed Adapter
3. 8/12/2012 5:07:36 PM - Removed Intel(R) WiDi.
4. 8/12/2012 5:26:47 PM - Installed Intel® PROSet/Wireless WiFi Software>> used to set up, edit and manage network profiles to connect to a network. The features and implementation vary depending on which Operating System you are using.
5. 8/12/2012 5:31:06 PM - Removed Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
6. 8/12/2012 5:36:18 PM - Installed Intel® PROSet/Wireless WiFi Software
7. 8/12/2012 5:40:19 PM - Installed Intel(R) WiDi.>> Laptop to TV with Intel® Wireless Display (WiDi)
8. 8/12/2012 6:43:19 PM - Installed Intel(R) My WiFi Dashboard

Please review: Intel® Centrino® Wi-Fi Products
Intel® wireless products and Microsoft Windows* 7>
HERE

Note: The above image is of a 64-bit version of Windows 7.
------------------------
Maybe the wireless problem was because you aren't using the following anymore:

I dont Cisco products anymore that I'm with Xfinity for internet.

You were running Smart Connect from Cisco which used a wizard to connect wirelessly "in minutes". It also had tools for managing your wireless network such as security settings, Guest Access, Parental Controls and Advanced Settings. "Cisco Connect is included with every Valet Hotspot."

But you still have the program and running processes for it.
==========================
Are you now a Comcast customer? Comcast offers the Norton Security Suite through XFinity.

So you should uninstall Avast if you haven't done it yet.
=======================================
But the reinstalls, repairs, restores and reimaging has most likely resulted in a very unstable system.
=======================================
Having done all the R functions work on software, which all failed to correct the problem, have you considered that the keyboard may have been damaged in whatever the physical damage was?

 

[GermanDk]

I don't think so because this problem would of arise a month ago because I got the computer back then and would of notice some change. Also I would expect that if the physical damage of the previous accident had an physical effect in he keyboard, I would be able to use it on safe mode.

I'm still being amaze at what safe connect is doing behind my computer, which the school or it never talks about and how it does all these processes are doing to my computer.

 

[GermanDk]

Actually when I sit down and think about it, it is possible something might be damaged physically to the keyboard by overheating or something of the nature because the error does not occur in safe mode, which only has the core of Windows with services, but acts up in normal mode, where everything is turned on. So if it is physical damage, wouldn't be a good time to contact the manufacturer and schedule a repair?

 

[Bobbye]

Try another keyboard. If it's a laptop, connect a USP keyboard, boot into Normal Mode to start, see what happens.

I don't know the nature of the damage. I don't know if there is a warranty for the manufacturer. It might be more convenient to use a local tech> I can only suggest that the problem might be hardware related instead of software.

 

[GermanDk]

I did try it with another keyboard and the same thing happen. I think the keyboard strokes from the notebook interferes with the input USB keyboard. The computer still has warranty, so I might just check with them. Thank You for helping me with all this. I am truly grateful.

 

[Bobbye]

You're welcome. I'm sorry I couldn't work it out for you. Sounds like you're having a lot of problems with that machine!

Good luck.