Im back with the same problem as last time

Unknown · January 2006

Okay i got windows re-installed on my pc but my last problem remains.
It does so my computer acts like i have pressed shift, and it disables my keyboard, so i have to reboot everytime it does it. Heres my HijackThis log (it even did it as i was typing this):
Logfile of HijackThis v1.99.1
Scan saved at 16:55:41, on 04-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\Crack.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\BitLord\BitLord.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmer\acer\eRecovery\Monitor.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MyVBApp] C:\WINDOWS\Crack.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Kør registreringsværktøjet til Nintendo Wi-Fi USB Connector.lnk = C:\Programmer\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Ca$quall · January 2006

Bump
Please help

Ca$quall · January 2006

Anyone PLEASE HELP!

Ca$quall · January 2006

Okay why isnt anyone helping I posted this topic two days ago.
This virus is getting so f**king annoying im about the throw my pc out.
I cant play any games as it might happen during one, and I keep going offline for my friends on MSN as i have to reboot A MILLION TIMES.
So please, PLEASE

Trogan · January 2006

Sorry for the delay.

Run these scans. Save a report for both and post them here please.

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Ca$quall · January 2006

Im gonna do those scans, but I did them last time with no result

Trogan · January 2006

Well, just do one and see what you get. Post a new HJT log after.

Ca$quall · January 2006

My avast keeps saying the ActiveScan Dlls are viruses/worms

Ca$quall · January 2006

I ummm took the liberty to download Ewido and did a scan with it heres a report:

ewido anti-malware - Scan report

+ Created on: 18:29:40, 07-01-2006
+ Report-Checksum: D7D3FA19

+ Scan result:

:mozilla.24:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Casper Behrndtz\Application Data\Mozilla\Firefox\Profiles\ybotcfuy.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Casper Behrndtz\Cookies\casper [email]behrndtz@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Casper Behrndtz\Cookies\casper [email]behrndtz@adtech[2].txt[/email] -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Casper Behrndtz\Cookies\casper [email]behrndtz@image.masterstats[1].txt[/email] -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Casper Behrndtz\Cookies\casper [email]behrndtz@statcounter[1].txt[/email] -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Casper Behrndtz\Cookies\casper [email]behrndtz@yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Casper Behrndtz\Lokale indstillinger\Temporary Internet Files\Content.IE5\E5SL01MF\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\Crack.exe -> Hijacker.VB.kq : Cleaned with backup

::Report End

It could sound like its that Hijacker.VB.kq but I dont know

Trogan · January 2006

Can you post a new HJT log please

Ca$quall · January 2006

Logfile of HijackThis v1.99.1
Scan saved at 18:46:19, on 07-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\BitLord\BitLord.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\WiFiConnector\NintendoWFCReg.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\acer\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Winamp\winamp.exe
C:\WINDOWS\system32\wisptis.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Kør registreringsværktøjet til Nintendo Wi-Fi USB Connector.lnk = C:\Programmer\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - 0 - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe

Trogan · January 2006

Get rid of this entry with HJT:

O18 - Protocol: msnim - 0 - (no file)
--

Your log is clean.

What problems are you currently having?

Ca$quall · January 2006

I cant tell as the problem I have been having just appears randomly, but it hasnt occured since I started the scans.
It could occur at any moment so its hard to tell.

Trogan · January 2006

Can you explain it?

Do you think its malware or virus related?

Ca$quall · January 2006

I dont know.
What it does is i cant use my keyboard, i cant press all programs in the start menu, if i click on a program on the startbar it just selects it but doesnt make it appear, i cant right click on anything or press tabs (Files, edit...so on)

Ca$quall · January 2006

Oh and on a note when i rightclick or press all programs the menu appear for an instance and dissapears

Trogan · January 2006

If you can't do the panda scan then do the BitDefender please

Go here and download then run Silent Runners.vbs. It generates a log, please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.

Ca$quall · January 2006

It isnt gone it just happened again.
Its driving me insane

Trogan · January 2006

Ca$quall wrote:

It isnt gone it just happened again.
Its driving me insane

What just happened?

Read my above post

Ca$quall · January 2006

It happened again.
And I will get Silent Runner

Ca$quall · January 2006

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"BitComet" = ""D:\BitLord\BitLord.exe"" ["www.BitLord.com"]
"Skype" = ""C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"SynTPLpr" = "C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" [file not found]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"PCMService" = ""C:\Programmer\Arcade\PCMService.exe"" ["CyberLink Corp."]
"ATIPTA" = "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Inc"]
"ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"]
"LManager" = "C:\Programmer\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]
"eRecoveryService" = "C:\Windows\System32\Check.exe" ["acer Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"WinampAgent" = "C:\Programmer\Winamp\winampa.exe" [null data]
"DAEMON Tools" = ""C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"MessengerPlus3" = ""C:\Programmer\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}
EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll" [MS]
EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "epm-po.dll" ["Acer Labs USA"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Landskab.bmp"

Enabled Screen Saver:

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\D-L\3DLONG~1.SCR" (3D Longhorn.scr) [null data]

Startup items in "Casper Behrndtz" & "All Users" startup folders:

C:\Documents and Settings\Casper Behrndtz\Menuen Start\Programmer\Start
"Adobe Gamma" -> shortcut to: "C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
"Kør registreringsværktøjet til Nintendo Wi-Fi USB Connector" -> shortcut to: "C:\Programmer\WiFiConnector\NintendoWFCReg.exe" [empty string]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

Toolbars, Explorer Bars, Extensions:

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmer\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Programmer\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
ewido security suite control, ewido security suite control, "C:\Programmer\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.

(total run time: 36 seconds, including 20 seconds for message boxes)

Trogan · January 2006

That looks clean.

This file is missing:

C:\WINDOWS\system32\igfxtray.exe

It belongs to the 810 series graphics chipset - do you have that graphics card? This maybe a separate issue but thought I'd let you know.
--

Download this tool:
http://www.downloads.subratam.org/DllCompare.exe

Run Dllcompare by clicking the "Run Locate.com" then click Compare button... when done post that log here.

Ca$quall · January 2006

I dont know about that file, havent had any problems without it.
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\nticdm~1.dll Thu 30 Dec 2004 10.20.18 A..HR 1.024 1,00 K
C:\WINDOWS\SYSTEM32\ntiembed.dll Thu 30 Dec 2004 10.20.48 A..HR 1.024 1,00 K
C:\WINDOWS\SYSTEM32\ntimpeg2.dll Thu 30 Dec 2004 10.20.18 A..HR 1.024 1,00 K
________________________________________________

1.285 items found: 1.285 files (3 H/S), 0 directories.
Total of file sizes: 271.511.425 bytes 258,93 M

Administrator Account = True

End log

Trogan · January 2006

Go here and in the box provided, paste the following one at a time. Then press SUBMIT

C:\WINDOWS\SYSTEM32\nticdm~1.dll
C:\WINDOWS\SYSTEM32\ntiembed.dll
C:\WINDOWS\SYSTEM32\ntimpeg2.dll

The files will be scanned by various Anti-Virus scanners. Please post the results here.

Ca$quall · January 2006

File: nticdm~1.dll
Status:
OK
MD5 690dabbff457541250872260ea2e3bd1
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

File: ntiembed.dll
Status:
OK
MD5 dabc864e4c9618d979bf48bc993b6160
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

File: ntimpeg2.dll
Status:
OK
MD5 3450db76e3769f8494ed9d7d1c36aad9
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

Trogan · January 2006

I'm running out of Idea's now. I'm starting to this maybe a windows problem.

Try this:
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Ca$quall · January 2006

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Casper Behrndtz\Skrivebord\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:
No folder found!

Deleting files:

Backing up files:
Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 21:28:14, on 07-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\BitLord\BitLord.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\WiFiConnector\NintendoWFCReg.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\acer\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Kør registreringsværktøjet til Nintendo Wi-Fi USB Connector.lnk = C:\Programmer\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe

I dont think its a windows error, I just reinstalled it and if you saw what it did you'd see it was something bad.
And one more thing i forgot about what the virus does when i try to open up any icons it open the setting for the program/folder

Trogan · January 2006

I'm going to ask someone to have a look because i'm out of ideas. The person is away at the moment but i'l let them know and see what they see.

Ca$quall · January 2006

Alright thanks for all your help though ^^
I appriciate it

Trogan · January 2006

Thanks Crunchie for the advice...

Do you have your install CD? If so, go to Start/Run and type in sfc /scannow

This will check the system file integrity and repair if necessary.
Good info here;

http://www.updatexp.com/scannow-sfc.html

Ca$quall · January 2006

You mean windows install CD?
I didnt get any with my labtop, only backup CDs?

Im back with the same problem as last time

Comments