• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jath87

Mouse issues, hijack?

2 posts in this topic

Suddenly my mouse started to act on it´s own. While surfing or using the computer for other purposes the mouse pointer can suddenly run away and start clicking anywhere on the screen. It can be the start button, it can be right clicking on the desktop or close an open window or the like.

 

I have probable installed something improper but since I don´t know what it is I need help finding it.

 

Here is my Hijack log.

 

Logfile of HijackThis v1.97.7

Scan saved at 18:42:41, on 2004-07-03

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\SA3DSRV.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\CPQS\BWTOOLS\BWTRAY.EXE

C:\COMPAQ\INTERNET\CISRVR.EXE

C:\PROGRAM\ICLOGIN.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\WINDOWS\SYSTEM\IGFXTRAY.EXE

C:\WINDOWS\SYSTEM\HKCMD.EXE

C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

C:\PROGRAM\WINAMP\WINAMPA.EXE

C:\PROGRAM\GRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\SYSTEM\PWSTRAY.EXE

C:\PROGRAM\WINZIP\WZQKPICK.EXE

C:\PROGRAM\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=sve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...&s=search&i=sve

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=sve

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {426F81A5-0B8C-4948-8115-11606FD3F389} - (no file)

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\SV\MSNTB.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe

O4 - HKLM\..\Run: [service Connection] c:\cpqs\bwtools\bwtray.exe

O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe

O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN

O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [iC Login] "C:\PROGRAM\ICLOGIN.EXE"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe

O4 - HKLM\..\Run: [cupdate] C:\WINDOWS\TEMP\SFXE056.TMP\CUPDATE.exe

O4 - HKLM\..\Run: [bcray] C:\WINDOWS\TEMP\SFXE056.TMP\1002\BCRAY.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O4 - HKLM\..\Run: [winlogin] C:\WINDOWS\SYSTEM\winlogin.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [PWSTray] PwsTray.exe

O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe -I

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRAM\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8134.1881944444

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {426F81A5-0B8C-4948-8115-11606FD3F389} - http://www.serialspot.com/serials/serials.cab

O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/Live...ervice_4_EN.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab

O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} - http://www.mrketing.biz/IE_plugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/Live...ervice_5_EN.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

Thanks

Share this post


Link to post
Share on other sites

Hi

Please run hijack and place a check in the following entries.

R3 - URLSearchHook: (no name) - {426F81A5-0B8C-4948-8115-11606FD3F389} - (no file)

 

O4 - HKLM\..\Run: [cupdate] C:\WINDOWS\TEMP\SFXE056.TMP\CUPDATE.exe

O4 - HKLM\..\Run: [bcray] C:\WINDOWS\TEMP\SFXE056.TMP\1002\BCRAY.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE

 

O16 - DPF: {426F81A5-0B8C-4948-8115-11606FD3F389} - http://www.serialspot.com/serials/serials.cab

O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/Live...ervice_4_EN.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab

O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} - http://www.mrketing.biz/IE_plugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/Live...ervice_5_EN.cab

Ensure All IE. browsers and windows explorers are closed,

Then have hijackthis fix them:

 

These items below in blue can be fixed if you choose, they are unnecessary programs running at start and/or that hog resources: Having hijack fix it does not remove the program, just their start up command.

O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE

Launches common MS Office components to run in the background, hogging resources.

 

O4 - Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

Adds the system tray icon for WinZip.

 

Also these entries of My Web, is not malware but it allows and attracts malware to be installed. I would remove it.

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS

 

To unhide hidden files,

  • On desktop doubleclick My Computer and select View and click Details
  • Again select View >Folder Options
  • Under the View tab,
    • Tick show all files
    • Untick hide file extensions for all file types. Select Apply then OK]

Restart in Safe mode and open an IE and select Tools> Internet options and delete all temporary internet files and tick "delete offline content"

Then find and delete the following files

C:\ temp <--delete all possible files in this folder

C:\windows\ temp <--delete all possible files in this folder

 

Select Start-> Settings-> Control panel-> add/remove and select and remove the following programs if present:

  • -My Search Bar \MyWay Speed Bar\My Web Search Bar\Fun Web Products Easy Installer

While still in safe mode, find and delete the following files/folders if they still exist:

C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE <--delete only this file

 

Restart your system, do a free online virus scan and delete anything it finds from:

To complete your clean up, do a free online trojan scan as well and delete anything it finds from:

and repost here with a new log from hijack.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0