BleepingComputer.com: My computer acts like the alt key is being held down

My bed time is coming as well

I have the three Avast logs (1st, bootup-scan, and 2nd). they are all accessible through Avast, but i can't find a text file with their contents.

the first full scan found 18 things and cleaned all but 2 of them, the boot scan found 6 things and cleaned all of them, and the most recent full scan found nothing.

I'm going to bed, but I'll check back in tomorrow. thanks again

I found the Avast logs at C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log, but they are way too big to post, especially the boot log. The two threats that were not removed by the 1st full scan are:

C:\WINDOWS\SysWOW64\bidispl32.exe
and
the same thing again.

The 6 removed by the boot time scan, which very temporarily solved the problem, are:

C:\System Volume Information\...\A0041330.dll
C:\System Volume Information\...\A0041331.exe
C:\System Volume Information\...\A0041332.exe
C:\System Volume Information\...\A0041333.exe
C:\\WINDOWS\Temp\_avast_\unp67973512.tmp
C:\\WINDOWS\Temp\_avast_\unp268177676.tmp

Status update... I used this computer this morning, about 7 or 8 hours ago, and it still had the alt problem. I disconnected the ethernet cable and went to work. I just got home, and the alt problem is gone. The computer hasn't rebooted, it's been sitting in standby mode. Also I just reconnected the ethernet cable and the problem is still gone.

For now, I don't have a problem. In fact, the google-redirect problem is also gone and I've had that for several weeks. I can live with this because my computer works, but why is the problem gone and is it coming back, and what was it in the first place? I have a feeling I'll be revisiting this thread before too long.

I assume that Avast or SuperAntiSpyware took care of it somehow, because they have been running in the background. Thanks you very much for the help and guidance Broni.

Good news

Please run couple more steps for me...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

I ran TFC and it removed 160 megs, then I installed and ran ESET, which found 15 more threats. The computer is acting normally, but it clearly still has problems.

ESET report:

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{77f1a9bf-7bb9-403c-958f-58718f2ed2cc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{77f1a9bf-7bb9-403c-958f-58718f2ed2cc}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{95af88e3-616d-44f1-a0a6-e47affb68997}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{95af88e3-616d-44f1-a0a6-e47affb68997}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{a4fb67e1-0e37-4227-b8b5-d930e03f36a4}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{cd95f0eb-b3c3-452e-95de-b0e0aa5da9bb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqvk2ml6.default\extensions\{cd95f0eb-b3c3-452e-95de-b0e0aa5da9bb}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\moebecaajhmoaofjcfgadpjmijlbndek\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD99EC72-59CA-4A0D-8A62-B062CB332D60}\RP296\A0040704.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD99EC72-59CA-4A0D-8A62-B062CB332D60}\RP298\A0042291.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD99EC72-59CA-4A0D-8A62-B062CB332D60}\RP299\A0042513.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD99EC72-59CA-4A0D-8A62-B062CB332D60}\RP299\A0042514.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD99EC72-59CA-4A0D-8A62-B062CB332D60}\RP299\A0042515.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\hlp.dat Win32/Bamital.DT trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\lr59rw5qww84d.exe a variant of Win32/Kryptik.BUQ trojan cleaned by deleting - quarantined

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.

=============================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

========================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current (including Service Pack 3 installation and updating Internet Explorer to version 8!!!)

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html