• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
roxana

mouse problems - MERGED 4 threads

25 posts in this topic

Could someone please help me fix my mouse it stopped working and i've tried to do a system restore and it says that a system restore cannot be performed any ideas on what it could be. I can't even get my adware, spybot or hijack this going. please someone help me. don't know what else to do. thanks for taking the time to look.

Share this post


Link to post
Share on other sites

Could you provide a little more info?

 

1. Do you get the mouse cursor on the screen?

 

2. What is your operating system? ie xp, me, 98 ect..

 

3. Does your keyboard work ok?

 

4. Does any of the mouse functions work?

 

a. left or right buttons?

b. scroll wheel?

c. can you move the cursor around?

 

5. What kind of mouse? optical? Wireless? serial? usb?

 

6. Did you recently move your computer or snag the mouse cord on something?

 

7. Small child or pet chew on the cord?

 

Your first fix is to see if your mouse is plugged into the back of the computer.

 

Physically unplug it and plug it back in.

 

Your second fix is to try another mouse on the system. It will eliminate alot of possibilities.

 

About why you cant restore, I dont know yet. Could be anything about having the right permissions to do it, to not having a restore point to use.

Share this post


Link to post
Share on other sites

1. yes i do have a cursor on the screen

2. windows xp is the operating system

3. yes my keyboard works

4. no none of the mouse functions work

5. not sure just a regular old mouse with ball inside not usb or wireless

6. I have not recently moved the computer or snagged the mouse.

7. no bite marks on cord

 

i've unplugged it left it off for a while and nothing i even tried it on another computer and the mouse does work

and i do have a restore point it just won't let me use it.

 

Thanks again for taking the time to help. roxana

Share this post


Link to post
Share on other sites

just wondering if anyone knows how to fix this problem I'm having. Any suggestions would be appreciated. thanks again roxana

Share this post


Link to post
Share on other sites

Once you unplug the mouse Computer won't see it again till you reboot....

try going into Control Panel/Accessablity Options..click on Accessility Options again..than the Mouse Tab..make sure 'Use MouseKeys' isn't checked...

other than that..try plugging into a different slot on back of coputer if you can...you might need to by an adapter.

Share this post


Link to post
Share on other sites

i tried these last suggestions and still not working. I can see the cursor on the screen but i can't make it move any other suggestions that anyone has to offer would be greatly appreciated. thanks again roxana

Share this post


Link to post
Share on other sites

It might sound stupid because you have probably done it, but have you cleaned the rollers inside it?

Share this post


Link to post
Share on other sites

but i tried the mouse on a different computer and it works there and yes i've cleaned it but still no movement. any other suggestions. i've tried to install a mcafee virus scan and i don't know how to make it start without the mouse i know how to move around without the mouse i just can't seem to make it move in that window.

Share this post


Link to post
Share on other sites

If you bought your Mouse...it should have a CD to install drivers.....

I would try that next.....if it came with your computer.....

you might try, if you can get to it....is deleting it from Devise Manager...than on reboot it should find whatever drivers are installed for that mouse.

Share this post


Link to post
Share on other sites

just fyi it wasn't the mouse i called the manufacturer of my pc and ran some more steps with them and it turned out that i needed a new motherboard so someone came by yesterday and fixed it. but i still wanted to say thanks for trying to help me out. i really appreciate it. roxana

Share this post


Link to post
Share on other sites

please tell me if i need to remove anything my computer started acting up and i think i got everything but i just want to make sure i didn't overlook anything thanks roxana

 

Logfile of HijackThis v1.97.7

Scan saved at 11:09:54 AM, on 6/11/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\QuickTime\qttask.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\scagent.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 29 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - c:\windows\sr.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [uSB] C:\WINDOWS\system32\usb.exe

O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA3C6B-E4D1-4320-9381-B88F998EC273}: NameServer = 151.164.11.201 151.164.30.104

Share this post


Link to post
Share on other sites

someone please help i can't get rid of this hijack no matter how many times i try to remove. any suggestions?

 

Logfile of HijackThis v1.97.7

Scan saved at 10:48:52 AM, on 7/13/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\monitor.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\deinst_qfe002.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\system32\system_29877.dat

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 37 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://195.225.176.5/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://195.225.176.5/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://195.225.176.5/ie

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.com/

F0 - system.ini: Shell=Explorer.exe monitor.exe

F2 - REG:system.ini: Shell=Explorer.exe monitor.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [uSB] C:\WINDOWS\system32\usb.exe

O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe

O4 - HKCU\..\Run: [monitor] monitor.exe

O13 - DefaultPrefix: http://195.225.176.5/pre.pl?

O13 - WWW Prefix: http://195.225.176.5/pre.pl?

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...373/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA3C6B-E4D1-4320-9381-B88F998EC273}: NameServer = 151.164.11.201 151.164.30.104

Share this post


Link to post
Share on other sites

Hello Roxana, welcome to SWI.

Print out these instructions so you can read them while you clean your system.

Move Hijack This to its own folder out of the temp directory.Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Move hijack this there. Hijack this makes backups of everything you fix, these backups are saved in the same folder the program is.

Now close all open windows AND browsers and check these items for HJT to fix:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://195.225.176.5/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://195.225.176.5/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://195.225.176.5/ie

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe

O13 - DefaultPrefix: http://195.225.176.5/pre.pl?

O13 - WWW Prefix: http://195.225.176.5/pre.pl?

 

Please reboot into safe mode - How do I boot into "Safe" mode?

And delete these files:

 

C:\WINDOWS\system32\deinst_qfe002.exe

C:\WINDOWS\system32\system_29877.dat

C:\WINDOWS\System32\idctup20.exe

 

You may need to show hidden files to delete them.How to show all hidden and system files

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.

* C:\Windows\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet

content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Then disable your system restore

 

1 Right-click My Computer, and then click Properties.

2 Click the System Restore tab.

3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.

4 Click Apply

5 this will delete all existing restore points. Click Yes to do this.

6 Click OK.

 

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.

Share this post


Link to post
Share on other sites

i did what you said to do but i scan another hijack this and everything is back any other suggestions? here's the new log but it looks like i never cleaned it out

 

Logfile of HijackThis v1.97.7

Scan saved at 1:21:19 PM, on 7/13/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\monitor.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\QuickTime\qttask.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\alg.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

c:\program files\mcafee.com\shared\mcinfo.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://195.225.176.5/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://195.225.176.5/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://195.225.176.5/ie

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.com/

F0 - system.ini: Shell=Explorer.exe monitor.exe

F2 - REG:system.ini: Shell=Explorer.exe monitor.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [uSB] C:\WINDOWS\system32\usb.exe

O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [monitor] monitor.exe

O13 - DefaultPrefix: http://195.225.176.5/pre.pl?

O13 - WWW Prefix: http://195.225.176.5/pre.pl?

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...373/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA3C6B-E4D1-4320-9381-B88F998EC273}: NameServer = 151.164.11.201 151.164.30.104

Share this post


Link to post
Share on other sites

Can you please browse to this file monitor.exe in the C:\WINDOWS\ directory, right click on it go to properties and post them

Share this post


Link to post
Share on other sites

Restart computer in Safe mode!

 

Open Taskmanager:

If "monitor.exe" is active, terminate the process.

 

Find and delete:

WINDOWS\monitor.exe file

 

In hijackthis fix checked(all browsers and windows closed):

 

*All- R1/R0/F0/F2/ lines

except this one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.com/

*O4 - HKCU\..\Run: [monitor] Explorer.exe monitor.exe

*All-O13 - lines

 

Reboot to normal mode, run hijackthis again and

compare to the pointed entries, fix checked any that turned up again.

Run and post new log!

Edited by mmxx66

Share this post


Link to post
Share on other sites

i think removing the monitor.exe finally helped it looks like i have a clean log if you could though just take another minute to look it over i'd really appreciate it. thank you sooo much for taking the time to help me. I'm glad there's people like willing to help people like me. thanks again. roxana

 

here's my log again.

 

Logfile of HijackThis v1.97.7

Scan saved at 2:48:21 PM, on 7/13/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\QuickTime\qttask.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [uSB] C:\WINDOWS\system32\usb.exe

O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...373/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA3C6B-E4D1-4320-9381-B88F998EC273}: NameServer = 151.164.11.201 151.164.30.104

Share this post


Link to post
Share on other sites

Good job!

Your log looks clean now, but it´s very important that you update your windows, In the Internet Explorer go to Tools then click on Windows Update and download all the critical updates. it´s very important.

 

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

 

Glad we can help :D:D:D

Share this post


Link to post
Share on other sites

i've tried doing the windows updates but for some reason it won't let me update now. it just keeps asking me to update i've even tried going to microsoft.com and still no help if you have any suggestions i'd really appreciate it. thanks again for all your help. roxana

Share this post


Link to post
Share on other sites

could someone take a look at my log my computer has started to slow down any help would be greatly appreciated

 

Logfile of HijackThis v1.97.7

Scan saved at 12:18:44 PM, on 9/29/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\DOCUME~1\Roxy\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.houstonchronicle.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095888471566

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...AB?38183.584375

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hi roxana

Sorry it took so long to reply.

 

You're using an old version of HijackThis. Download the latest version (1.98.2) from either Site 1 or Site 2.

 

Then delete the old version.

 

Lets move Hijack This into a folder of Its own.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Failure to do so may mean needed backups will not be available.

 

Download the new Ad-Aware SE version, and follow the instructions on how to do a full scan: http://www.spywareinfoforum.com/index.php?showtopic=11150

-reboot after using Ad-Aware SE. Also while there get the VX2 plugin.

 

Please run Hijack This again, copy the log and post it here, in this string, using the Add Reply function, so I will be notified of your post.

Share this post


Link to post
Share on other sites

thanks for taking the time to look at my log i just kinda figured it got lost in the shuffle. i did what you said and here is the fresh copy of my log. let me know what you think. roxana

 

Logfile of HijackThis v1.98.2

Scan saved at 3:11:10 PM, on 11/1/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\xoh.exe

C:\PROGRA~1\mcafee.com\PERSON~1\MpfAgent.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\wscntfy.exe

C:\hijack this\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4DF6607C-B04F-0EB7-D654-65550BA72F6F} - C:\WINDOWS\System32\znq.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [uSB] C:\WINDOWS\system32\usb.exe

O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Windows Streams Server] localsrv.exe

O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe

O4 - HKCU\..\Run: [Czctt] C:\WINDOWS\System32\xoh.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?321

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...380/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C909D434-A1CA-46D3-90FC-64E1EE9DE55D}: NameServer = 151.164.11.201 151.164.30.104

Share this post


Link to post
Share on other sites

Hi roxana

 

Well, maybe it was lost in the shuffle, but that's where I hang out.8>)

 

Actually, I did have quite a lot of difficulty finding your post, when I went back to have another look, I could not find it. Seems it is still mixed up in some posts it was split from this past summer. Which brings me to notice you have had quite a lot of difficulty keeping bad things off your system.

I am going to give you a good many programs to download. Do yourself a big favor and get them all on your system as soon as possible and use them weekly, at a minimum. That alone will save you a lot of grief.

Sorry I did not notice the problems you had in the recent past until after I had worked up a fix, or I'd just have had you do the scans etc before posting a Hijack This log.

 

First, Id like you to get some online scans and a Trojan Hunter and use them even before you do anything with Hijack This.

 

Choose one of these, they are online virus scanners,

run one of them and have them fix anything they find.

 

Panda

<a href='http://www.pandasoftware.com/activescan/com/activescan_principal.htm' target='_blank'>http://www.pandasoftware.com/activescan/co...n_principal.htm</a>

 

Trend Micro

<a href='http://housecall.trendmicro.com/housecall/start_corp.asp' target='_blank'>http://housecall.trendmicro.com/housecall/start_corp.asp</a>

 

And, here's the link to McAfee AVERT Stinger and instructions for use.

 

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.

 

And here is a free trial of Trojan Hunter. Use it now, please.

 

Trial Version of Trojan Hunter.

http://www.misec.net/trojanhunter/

 

 

Please let us know what the results are.

 

Scanning in Spybot Search and Destroy:

 

1. Download and Install Spybot S&D, accepting the Default Settings

 

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

 

3. Close ALL windows except Spybot S&D

 

4. Click the button to ‘Search for Updates’ then download and install the Updates.

 

5. Next click the button ‘Check for Problems’

 

6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

 

7. Make certain there is a check mark beside all of the RED entries ONLY.

 

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

 

9.REBOOT to complete the scan and clear memory.

 

Scanning With Ad-Aware SE :

 

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

 

2.Close ALL windows except Ad-Aware SE

 

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

 

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

 

1) In the ‘General’ window make sure the following are selected in green:

*Automatically save log-file

*Automatically quarantine objects prior to removal

*Safe Mode (always request confirmation)

 

Under Definitions:

*Prompt to udate outdated definitions - set the number of days

 

 

2) Click on the ‘Scanning’ button on the left and select in green :

 

Under Driver, Folders & Files:

*Scan Within Archives

 

Under Select drives & folders to scan -

*choose all hard drives

 

Under Memory & Registry: all green

*Scan Active Processes

*Scan Registry

*Deep Scan Registry

*Scan my IE favorites for banned URL’s

*Scan my Hosts file

 

 

3) Click on the ‘Advanced’ button on the left and select in green:

 

Under Shell Integration:

*Move deleted files to recycle bin

 

Under Logfile Detail Level: (all green)

*include addtional object information

*DESELECT - include negligible objects information

*include environment information

 

Under Alternate Data Streams:

*Don't log streams smaller than 0 bytes

*Don't log ADS with the following names: CA_INOCULATEIT

 

 

4) Click the ‘Tweak’ button and select in green:

 

Under the ‘Scanning Engine’:

*Unload recognized processes during scanning

*Scan registry for all users instead of current user only

 

 

Under the ‘Cleaning Engine’:

*Let Windows remove files in use at next reboot

 

 

Under the Log Files:

*Include basic Ad-aware SE settings in logfile

*Include additional Ad-aware SE settings in logfile

*Please do not check or make green: Include Module list in logfile

 

 

5. Click on ‘Proceed’ to save the settings.

 

6. Click ‘Start’

 

*Choose:'Perform Full System Scan'

*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

 

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

 

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

 

9. Save the log file when it asks and then click ‘finish’

 

10. REBOOT to complete the removal of what Ad-Aware SE found

 

Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Do not attempt to fix anything in HijackThis yourself!

 

 

 

Please print out the following instructions so you can read them while you clean your system. A printout also makes a good check list for Hijack This, to avoid making errors.

 

 

Please run Hijack This again and place check marks next to the following entries.

 

O2 - BHO: (no name) - {4DF6607C-B04F-0EB7-D654-65550BA72F6F} - C:\WINDOWS\System32\znq.dll

 

O4 - HKCU\..\Run: [Windows Streams Server] localsrv.exe

 

O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe

 

O4 - HKCU\..\Run: [Czctt] C:\WINDOWS\System32\xoh.exe

 

 

Close all other windows and browsers, then click on "Fix Checked.

Then please REBOOT and post a fresh Hijack This log here, in this string, so I will be notified.

 

 

And after you have done all the above, please download the following. These things will keep a lot of Junk off your computer.

 

For your Protection - It is suggested that you download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally to check for updates.

 

And also see

So how did I get infected in the first place?

Edited by Piatan

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0