Question

  • Creator
    Topic
  • #2165708

    Help think I’ve been hyjacked

    Locked

    by maineearle ·

    When I bootup my mouse move’s over the desktop by it self and then it is hard to use after that. There is a 10 entry in my hyjack log that looks to be a factor. Tryed to delete will not. Can anyone help?

    System Information report written at: 02/08/09 13:14:33
    System Name: VALUED-65BAD02C
    [System Summary (C:\DOCUME~1\Ron\Desktop\SYSTEM~1.NFO)]

    Item Value
    OS Name Microsoft Windows XP Home Edition
    Version 5.1.2600 Service Pack 2 Build 2600
    OS Manufacturer Microsoft Corporation
    System Name VALUED-65BAD02C
    System Manufacturer Sony Corporation
    System Model PCG-FRV37(UC)
    System Type X86-based PC
    Processor x86 Family 15 Model 2 Stepping 9 GenuineIntel ~2791 Mhz
    BIOS Version/Date Phoenix Technologies LTD R0108K7, 8/13/2003
    SMBIOS Version 2.3
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume2
    Locale United States
    Hardware Abstraction Layer Version = “5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)”
    User Name VALUED-65BAD02C\Ron
    Time Zone Eastern Standard Time
    Total Physical Memory 512.00 MB
    Available Physical Memory 107.67 MB
    Total Virtual Memory 2.00 GB
    Available Virtual Memory 1.96 GB
    Page File Space 1.03 GB
    Page File C:\pagefile.sys

    [Hardware Resources]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:11:29 PM, on 2/8/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HP Optical 4 Button USB Mouse\KMaestro.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 – BHO: (no name) – {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} – (no file)
    O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 – HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 – HKLM\..\Run: [ZTgServerSwitch] “c:\program files\support.com\client\bin\tgcmd.exe” /server
    O4 – HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
    O4 – HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 – HKLM\..\Run: [CARPService] carpserv.exe
    O4 – HKLM\..\Run: [BtcMouseMaestro] “C:\Program Files\HP Optical 4 Button USB Mouse\KMaestro.exe”
    O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [AOL Fast Start] “C:\Program Files\America Online 9.0\AOL.EXE” -b
    O4 – Startup: Apoint.exe
    O8 – Extra context menu item: &AOL Toolbar search – res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\system32\Shdocvw.dll
    O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
    O9 – Extra ‘Tools’ menuitem: Spybot – Search && Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 – DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) – http://esupport.sony.com/VaioInfo.CAB
    O16 – DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 – DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) – http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225323876092
    O16 – DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225324009634
    O16 – DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) – https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 – Service: AOL Connectivity Service (AOL ACS) – America Online – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 – Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) – America Online, Inc – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
    O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


    End of file – 7105 bytes

All Answers

  • Author
    Replies
    • #2767089

      Clarifications

      by maineearle ·

      In reply to Help think I’ve been hyjacked

      Clarifications

    • #2767085

      Have you cleaned your mouse?

      by seanferd ·

      In reply to Help think I’ve been hyjacked

      I’m not seeing anything in there. You might want to remove
      O2 – BHO: (no name) – {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} – (no file)

      This shows up as a Microsoft entry, but since there is no file, it should be safe to delete. Back it up if you are worried about it.

      What type of mouse do you have? Can you try a different mouse?

    • #2767060

      Do you own a CAT ?…

      by older mycroft ·

      In reply to Help think I’ve been hyjacked

      If you do, and you happen to have a LED mouse, check up under the mouse where the little refractor lens is.

      Cat hairs are notoriously thin and have a habit of drifting into the lens of MY own mouse, causing all manner of on-screen mayhem to occur. Have a look, better still blast it with some compressed air.

      I assume DOG hairs might also be culprits but I couldn’t say with any certainty because I don’t like dogs, never have, and wouldn’t have one in my residence even if you paid me! :^0

      • #2767052

        Yep

        by seanferd ·

        In reply to Do you own a CAT ?…

        any kind of fuzz will do it. Optical or ball-type. Even those wonky trackball mice will collect junk over time.

    • #2767049

      You could uninstall

      by rob miners ·

      In reply to Help think I’ve been hyjacked

      the mouse drivers and let windows use the defaults.

      O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

      Client Service for Netware

      It is not needed if you are not using Netware and the IPX/SPX protocol is not installed on your computer.

      http://www.pchell.com/support/nwprovau_dll_file.shtml

Viewing 3 reply threads