Mouse and Keyboard lock up

The reason for this is because of the nature of one of the infections you have, that I'm aware of. Figured I may as well get this out of the way now too. Will you please post the scan logs from both Spybot and Ad-aware. I need to see what elements, if any, were removed already. The logs for Ad-aware are located at C:\Program Files\Lavasoft\Ad-aware6\logs. It's a text file and will open with notepad. Just select all, copy and paste here. For Spybot, open the program, click the tools button on the left side, then view report from the list. Now above the window, click 'view previous log'. A box will open up. Click the drop down arrow at the top where it says Look in: Logs. You will now see the path to where the logs are stored. Navigate to them, open the log, select all, copy and paste it here. You will most likely need to do them in separate posts, as they are usually quite lengthy.

 

Chris11224,

Where ya at? We aren't done!!

 

Sorry about the delay i havent been on the computer for a long time due to different things. Here is the new HJT log after i folowed all the instructions in your post that starts with "Please wait to see if any of our other forum members have anything to add or otherwise suggest."

Logfile of HijackThis v1.97.7
Scan saved at 9:01:15 PM, on 6/17/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPUSERVE 7.0\WCS2000.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Dell Home (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://business.dellnet.com/
O16 - DPF: Yahoo! Backgammon - http://download.yahoo.com/games/clients/y/ar0_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/07c5a86709a2b2034423/netzip/RdxIE.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://forumchat.compuserve.com/applets/RTCChat.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2815bb74e4987006f916/netzip/RdxIE601.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (uRoam Host Control) - https://gabrobins1.clnt.virtela.net/vdesk/terminal/urxhost.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (URDialer Class) - https://gabrobins1.clnt.virtela.net/vdesk/terminal/urxvpn.cab#version=2003,4,16,1
O16 - DPF: {AB597AB1-8CCC-48bf-BC0D-F4E3F808EA24} (UTerminalX9x Class) - https://gabrobins1.clnt.virtela.net/vdesk/terminal/urTermProxy9x.cab#version=2003,4,16,1
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://uspsy13m/iNotes.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37930.6283217593
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

About the gabrobins files you told me to fix, gabrobins is the name of my fathers company who he works for and im not sure what they are but if they arnt hurting anything i think they should stay. Just tell me what you think and ill do whatever you say im just questioning. Also i have a nuber of logs for adaware and spybot i do not know if u want them all or the latest or whatever.

 

Looks good to me. Unless there are some problems you havent mentioned ?
Hows the "Mouse and Keyboard lock up " problems ?


Any idea where the R1 - ~~ ProxyOverride , came from ?

It doesnt look like you took our advice and got a free online anti virus check up ? thats always a good idea when we use a popular av program like norton, or mcaffee, get regular second opinions when things get wierd.

If anything comes up in the near future post back in this same thread with another log, be sure to read our Pinned topics(stickys) in the
Security / Virus / Spyware section

Regards

 

Well i did take your advice but i need internet explorer to run it and i havent checked it lately but when i run internet explorer i get massive pop ups and all these programs start runing and i have to go into the start up selection and get rid of all the new programs. So as of now ill just use my norton antivirus, Unless you think its imperitive. i havent been on my computer in a long time so i do not know why there is any new things on my comp. well i havent had the problem yet ill keep in touch and tell you if it occurs again.

 

What do you mean by "the start up selection "

Msconfig ?

You shouldnt have any problems with ie now that we have fixed some things if you do, dont be disablings things(we need to see them) and make/post a new log.

Yes I thinks its very nessesary to get second opinions !!!

 

Heyy!!!! awsome my ie is working but it says there is an eror on the page, i just recently installed an ie upgradfe i think i have ie4. Yes i do meen msconfig

 

Hi Chris11224. I've been watching this thread, and wondering if you ever got this fully resolved?

Lonny Jones had suggested a new log. I take it you're all back and running?

 

As of now i havent had the problem since i fixed it up so i think i should be good, hopefully we got it. Thanks for the help everyone.

 

And thank you for taking the time to post back and let us know!

 

Hi Chris11224,

Do you have Spybot Version 1.3? If not, download it from my signature and install. Allow it to load SD Helper. Open it up and click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update.
Then download and install IESpyads.

That will give you an added layer of protection against unwanted parasites.

The Google Toolbar does a pretty goog job of blocking those popups.

Good to hear all is working well.