Ohhh HELP! Screen+IE FREEZE; How Did Spyware Affect My Mouse??

Discussion in 'adware, spyware & hijack cleaning' started by Princess.Monkey, May 4, 2004.

Thread Status:
Not open for further replies.
  1. Princess.Monkey

    Princess.Monkey Registered Member

    Joined:
    May 4, 2004
    Posts:
    4
    Location:
    Chicago
    Ohhh HELP! Screen+IE FREEZE; How Did Spyware Affect My Mouse??

    :D Hi, over there. Agh... My computer is acting much too crazy and illogical for me to handle it by myself, which is why I desperately seek your help and advice! :doubt: o_O

    I will tremendously appreciate any attempts to help me to calm these unwarranted and UNWELCOME events!

    I have had a variety of spyware problems on my PC for the past two weeks. My Mac, on the same network, is fine. Just when I believe that I have cleaned up all of the spyware, just by reading this forum, it REAPPEARS! I have seen way too many odd .dlls, .exes, and other nasty programs recurrently emerge as problems of late.

    And that's not all! :eek:
    In addition to the spyware, my computer is continuously freezing up, at seemingly random times. Moreover, my mouse goes berserk: it either 1.) acts as if I have performed a "right-click", and opens the appropriate right-click menu on my desktop/in the application I am using, AND/OR 2.) the mouse completely disappears and, if I am lucky, reappears off from the corners of the visible screen of my monitor.

    And there is a 3.) When I am unlucky, the mouse simply freezes and/or my computer has decided to freeze as well.

    Tip for Columbo: Very often I am utilizing IE browser windows when these freezes occur.

    Here is a list of what I use to TRY to clean things up: Ad-aware 6.0, HijackThis, CWShredder, CodeStuff Starter, SpyBot - Search & Destroy, and SpywareBlaster. I don't know if I am working under firewall protection anymore as I have a new router now (my old Belkin one had ZoneAlarm installed while it worked). I clean out Temp files and use Disk Cleanup, and dispose of old cookies, history, files etc. quite regularly, and I use ScanDisk and defragment my drives about every other month.

    As requested for a proper post, I have copied+pasted my most current HijackThis scan for those of you who understand how to decipher it. May it be useful to you!

    :oops: PLEASE help me... I'm quick and ready to learn! I would appreciate any advice that you can take the time to type out for me.

    Waiting for your reply!
    --Princess.Monkey

    -- :ninja: -- :ninja: -- :ninja: --
    Logfile of HijackThis v1.97.7
    Scan saved at 6:10:00 PM, on 5/4/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\HPZTSB06.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\VIRUS_HANDLE\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\VIRUS_HANDLE\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38085.8830092593
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
     
  2. Princess.Monkey

    Princess.Monkey Registered Member

    Joined:
    May 4, 2004
    Posts:
    4
    Location:
    Chicago
    Help me please!!!

    Oh no! No replies?

    Does anyone reading this thread understand what's going on with my computer? Even part of the answer would be good!

    I desperately need your advice! :( Please write...

    Thanks,
    Sophie
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: Help me please!!!

    I can't see any obvious signs in the log, but if you have cleaned them we wouldn't BUT

    I don't see any running antivirus, that is a bit like standing in downtown Baghdad stark naked with a bulls eye on your chest waving an American Flag. Definitely not recommended

    Download and install & run an antivirus immediately

    lists here
    http://www.wilders.org/anti_viruses.htm

    one free one that many users of this forum use successfully is
    AVG from http://www.grisoft.com/us/us_dwnl_free.php

    and do this
    Run an online antivirus check from at least one and preferably 2 of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www3.ca.com/virusinfo/
     
Thread Status:
Not open for further replies.