Ohhh HELP! Screen+IE FREEZE; How Did Spyware Affect My Mouse??

Discussion in 'adware, spyware & hijack cleaning' started by Princess.Monkey, May 4, 2004.

Thread Status:
Not open for further replies.
  1. Princess.Monkey

    Princess.Monkey Registered Member

    Joined:
    May 4, 2004
    Posts:
    4
    Location:
    Chicago
    Ohhh HELP! Screen+IE FREEZE; How Did Spyware Affect My Mouse??

    :D Hi, over there. Agh... My computer is acting much too crazy and illogical for me to handle it by myself, which is why I desperately seek your help and advice! :doubt: o_O

    I will tremendously appreciate any attempts to help me to calm these unwarranted and UNWELCOME events!

    I have had a variety of spyware problems on my PC for the past two weeks. My Mac, on the same network, is fine. Just when I believe that I have cleaned up all of the spyware, just by reading this forum, it REAPPEARS! I have seen way too many odd .dlls, .exes, and other nasty programs recurrently emerge as problems of late.

    And that's not all! :eek:
    In addition to the spyware, my computer is continuously freezing up, at seemingly random times. Moreover, my mouse goes berserk: it either 1.) acts as if I have performed a "right-click", and opens the appropriate right-click menu on my desktop/in the application I am using, AND/OR 2.) the mouse completely disappears and, if I am lucky, reappears off from the corners of the visible screen of my monitor.

    And there is a 3.) When I am unlucky, the mouse simply freezes and/or my computer has decided to freeze as well.

    Tip for Columbo: Very often I am utilizing IE browser windows when these freezes occur.

    Here is a list of what I use to TRY to clean things up: Ad-aware 6.0, HijackThis, CWShredder, CodeStuff Starter, SpyBot - Search & Destroy, and SpywareBlaster. I don't know if I am working under firewall protection anymore as I have a new router now (my old Belkin one had ZoneAlarm installed while it worked). I clean out Temp files and use Disk Cleanup, and dispose of old cookies, history, files etc. quite regularly, and I use ScanDisk and defragment my drives about every other month.

    As requested for a proper post, I have copied+pasted my most current HijackThis scan for those of you who understand how to decipher it. May it be useful to you!

    :oops: PLEASE help me... I'm quick and ready to learn! I would appreciate any advice that you can take the time to type out for me.

    Waiting for your reply!
    --Princess.Monkey

    -- :ninja: -- :ninja: -- :ninja: --
    Logfile of HijackThis v1.97.7
    Scan saved at 6:10:00 PM, on 5/4/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\HPZTSB06.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\VIRUS_HANDLE\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\VIRUS_HANDLE\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38085.8830092593
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
     
  2. Princess.Monkey

    Princess.Monkey Registered Member

    Joined:
    May 4, 2004
    Posts:
    4
    Location:
    Chicago
    Help me please!!!

    Oh no! No replies?

    Does anyone reading this thread understand what's going on with my computer? Even part of the answer would be good!

    I desperately need your advice! :( Please write...

    Thanks,
    Sophie
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: Help me please!!!

    I can't see any obvious signs in the log, but if you have cleaned them we wouldn't BUT

    I don't see any running antivirus, that is a bit like standing in downtown Baghdad stark naked with a bulls eye on your chest waving an American Flag. Definitely not recommended

    Download and install & run an antivirus immediately

    lists here
    http://www.wilders.org/anti_viruses.htm

    one free one that many users of this forum use successfully is
    AVG from http://www.grisoft.com/us/us_dwnl_free.php

    and do this
    Run an online antivirus check from at least one and preferably 2 of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www3.ca.com/virusinfo/
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.