Hi, For the last month my computer has been really acting up. Its seems to be really dealing with my keyboard though. Everyonce in awhile it seems like my Keyboard has its Caps Lock held down, or Tab or various other certain keys. (Makes it so I cant type or if Im surfing the web it will act strange by opening new browser instead of in same page or while Im in Firefox it will highlight the table I am clicking in). It will only last for like 10-20 mins if I close all my programs. I try Ad-aware, Spybot and use AVG virus scanner but they pick up nothing. Also I seem to be getting IE popups when this started happening (The webpages vary from ebay to ads to stop popup ads). I read at some other forums that it might be a Remote Access Trojan but I have no idea how to decect/remove it. Any helps would be great. Thanks

Cody: A couple of good online trojan scanners are at the links below. Be patient with the scans; they take a little time. PC Flank LINK Trojan Scan LINK Solarian

Both tests found nothing.

Cody Lets see whats going on: Download HijackThis from here: http://www.lurkhere.com/~nicefiles/ First one on the list. Save the file to your hdd, it comes as a zip. Unzip it to its own folder (default is hijackthis1977/hijackthis.exe) Start hijack and click "scan" Scan button changes to "save log" button. Clcik save log, save. The log file pops up in notepad; copy/paste entire results here in reply. Don't have it fix anything yet...most of what you see is safe or even essential. Also may need other specific tools to remove whatever you have going on. _____________________________________ I never give up! Windows Update

Logfile of HijackThis v1.97.7 Scan saved at 11:57:02 AM, on 3/22/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe D:\WINNT\system32\CTsvcCDA.exe D:\WINNT\System32\svchost.exe D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\WINNT\system32\nvsvc32.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\system32\stisvc.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\MsPMSPSv.exe D:\WINNT\system32\svchost.exe D:\WINNT\Explorer.exe D:\WINNT\system32\CTHELPER.exe D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe D:\Program Files\Browser MOUSE\mouse32a.exe D:\PROGRA~1\ICQ\ICQ.exe D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe D:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe D:\WINNT\system32\ctfmon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe D:\WINNT\system32\wcpsvsu.exe D:\WINNT\System32\svchost.exe D:\Program Files\Internet Explorer\IEXPLORE.exe C:\Temp\uoa-loop.exe D:\Program Files\SpywareGuard\sgmain.exe D:\Program Files\SpywareGuard\sgbhp.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Ultima Online 2D\client.exe C:\Program Files\Ultima Online 2D\client.exe D:\Program Files\TechSmith\Camtasia Studio\TSCHelp.exe D:\Program Files\TechSmith\Camtasia Studio\CamtasiaStudio.exe D:\WINNT\system32\BifPnX4n.exe D:\WINNT\system32\BifPnX4n.exe C:\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.stratics.com/php-bin/ffxi/ubbthreads.php?Cat= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.exe O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.exe /run O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [3HMR#FY45Z@343] D:\WINNT\system32\IpuFmd.exe O4 - HKLM\..\Run: [Ad-aware] "D:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] D:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.exe O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [TaskTray] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [BLMessagingIntegration] D:\Program Files\Common Files\PSD Tools\blengine.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [WINT] D:\WINNT\system32\wcpsvsu.exe O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] D:\WINNT\inf\unregmp2.exe /Fixups O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: OLWARN.BAT O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.7838425926 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Cody There are a few problems...going to take a few steps to fix. You have peper trojan (memwatcher) Go here for removal tool: http://www.memorywatcher.com/uninst.exe Its a direct download. You need to be online for the uninstaller to work. Next run this tool to remove Blmi/Osama: http://www.jayloden.com/BlmiFix.exe It's another direct downoad, simply double click it to run. Reboot when done running both those tools. Next I would like you to try a virus scan here: Disable your AVG to run the scan from RAV Rav Antivirus If any results...copy/paste the report here along with new hijackthis log. Will see what's left to fix up. Need you to check something...I think it's purityscan crapware but not sure... Go to D:\WINNT\system32\wcpsvsu.exe <--right click this file, click properties, tell me what is there under the tabs. Thanks! I never give up! Windows Update