1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Not sure but know it's not right!

Discussion in 'Virus & Other Malware Removal' started by Sheair, Sep 28, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    Here is my question, Why is my computer all of a sudden keeping everything i type? and i mean EVERYTHING! right down to my passwords? it just started after i DL a few things and had searchalot added to my taskbar, Im not sure what is going on or how to find it or even IF there is something else added or even where it look as you can see i need help bad!!PS as an example I was in a chat room today for the first time in 2 weeks!! and happened to click on the arrow to delete what i had just typed and POW EVERYTHING that i had typed in there 2 weeks ago popped up !!!!!! what is going on with my machine?????
     
  2. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
    For a start see this link :

    http://www.tomcoyote.org/hjt/

    Download > Run > hit Scan > hit Savelogfile > Copy / Paste the log file in another post in this thread for someone to take a look at. Do not make any changes at this stage.

    Its also likely you will need Spybot Search & Destroy to eliminate spyware on your system - get it here :

    http://security.kolla.de/

    If you get no further replies then you can also hit 'Report' at the top of your post and ask a Moderator to move your post to the Security Forum.
     
  3. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    Logfile of HijackThis v1.97.2
    Scan saved at 6:58:50 PM, on 9/28/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\WINDOWS\SYSTEM\HPZTSB07.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PALTALK\PNETAWARE.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\VBVNHIQO\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.lycos.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    O1 - Hosts: 64.14.40.138 www.searchscout.com
    O1 - Hosts: 64.14.40.138 www.letssearch.com
    O1 - Hosts: 64.14.40.138 www.searchex.com
    O1 - Hosts: 64.14.40.138 srch.lop.com
    O1 - Hosts: 64.14.40.138 www.searchresult.net
    O1 - Hosts: 64.14.40.138 www.xupiter.com
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
    O9 - Extra button: Searchalot (HKCU)
    O9 - Extra button: Downloads (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.2759606481
    O16 - DPF: {058025FC-4416-436B-ACFD-03E6224C901C} (FileInfo Class) - http://diagnostics.support.hp.com/motivedocs/ces/aw/ipgaxctrl.cab


    Hope this tells you something, Also I already have spybot, have run it and have take things off with it , but this is still happing
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    O1 - Hosts: 64.14.40.138 www.searchscout.com
    O1 - Hosts: 64.14.40.138 www.letssearch.com
    O1 - Hosts: 64.14.40.138 www.searchex.com
    O1 - Hosts: 64.14.40.138 srch.lop.com
    O1 - Hosts: 64.14.40.138 www.searchresult.net
    O1 - Hosts: 64.14.40.138 www.xupiter.com


    Those can all be fixed. There may be more, and I'm sure someone else will have more suggestions. You also have quite a bit running at startup that don't need to start each time Windows loads, so you might take a look at those and slim them down.
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Fix with hijackthis everything miss Candy lists and you should be clean.

    ;)
     
  6. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    Do I just Delete all them that you list or what?
     
  7. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Yup , just close all browser windows , put checks in the entries , hit ''Fix Checked'' then Reboot your computer
     
  8. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    Thank You, Thank You, Thank You!!! will try that just as soon as i get home from work
     
  9. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Your welcome;)
     
  10. normmork

    normmork

    Joined:
    Oct 4, 2002
    Messages:
    76
  11. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    Ok went to hijackthis ran it and checked everything you said to , Will now go to that Ad-aware and see what happens, also is there a place that i can go to that would tell me what is safe to turn off on the start up? I have no idea so just let it all start:)
     
  12. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    oh yeah also WHAT on earth WAS all that stuff i got rid of? and HOW did it get on my computer?
     
  13. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    systray, scanreg and the load power profiles are the basics on the startups.....you can always recheck anything that you miss dearly :)
     
  14. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
  15. Sheair

    Sheair Thread Starter

    Joined:
    Dec 13, 2002
    Messages:
    45
    Thanks for all your help!!!!!!!!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168114

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice