Solve : Check this out?

1.	Solve : Check this out?
Answer» Can one of you check this out please Past couple of days it seems that the computer has a mind of its own Whilst viewing pages on the internet the pages just drop down and the text size changes to largest then it goes back a page Windows xp home browser IE I have used spybot,adware,avg,and have shown up nothing except the usual cookies etc, I wasn't able to scan in safe mode as you recommend because i cant get into safe mode when start up and press F8 all goes well but i cant move the up and down keys to safe mode. is there anything in here that shouldn't be thank you Logfile of HijackThis v1.99.1 Scan saved at 20:25:35, on 15/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\system32\keyhook.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\SiteAdvisor\6021\SiteAdv.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Tesco internet phone\TescoIP.exe C:\Program Files\PCPal\PalAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\SiteAdvisor\6021\SAService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe" O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GooO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4963/mcfscan.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing) skyblue..... What kind of keyboard and mouse are you using ? Quote when start up and press f8 all goes well but i cant move the up and down keys to safe mode. If using something other than a PS/2 its possible there arent any drivers available in safe mode. dl65 dl165 Quote What kind of keyboard and mouse are you using ? Wireless with mouse,drivers did come with it but instructions said "not required for xp" not sure who made it one of these made in china [ HID Keyboard Device ] Keyboard Properties: Keyboard Name HID Keyboard Device Keyboard Type IBM enhanced (101- or 102-key) keyboard Keyboard Layout United Kingdom ANSI Code Page 1252 - Western European (Windows) OEM Code Page 437 Repeat Delay 1 Repeat Rate 27 [ HID-compliant mouse ] Mouse Properties: Mouse Name HID-compliant mouse Mouse Buttons 5 Mouse Hand Right Pointer Speed 1 Double-Click Time 690 msec X/Y Threshold 6 / 10 Wheel Scroll Lines -1 Mouse Features: Active Window Tracking Disabled ClickLock Disabled Hide Pointer While Typing Enabled Mouse Wheel Present Move Pointer To Default Button Disabled Pointer Trails Disabled Sonar DisabledI 'm thinking that in safe mode the required drivers for the wireless keyboard isnt being loaded ...hence you cant use the up /down arrow keys to load in safe mode....... try going into safe mode using a ps/2 keyboard ......... dl65 Quote try going into safe mode using a ps/2 keyboard ......... Thanks for that i will have to borrow one Why is it so important to scan in safe mode and why don't the company's who produce anti virus software also advise this??.so in other words normal scanning is useless!!!!!!!!! unless scanning is done in safe mode Does the hijack log file LOOK ok?? SkyblueHi skyblue I recommend you print this out to help you follow the advice. Your HJT folder is in a temporary location. The program makes automatic backups and there is a danger those backups will be lost. Please go to the HJT folder here .... C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe ....and move it the C: drive for safety. ********** These entries in your log ... C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe" .... may indicate the presence of the CRYPTER.A Trojan. Please go here ... http://www.virustotal.com/en/indexf.html Browse to the file ... C:\Program Files\Multimedia Combo Set\MouseDrv.exe Upload it to Virustotal ... scan it for malware .... post back the results here. ******** Boot to safe mode ... open HJT again ... click on scan ... put tick/checkmarks next to the following entries IF they are still present ... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O18 - Filter: text/html - (no CLSID) - (no file) Close ALL open windows - including this one - before you click on "Fix Checked" at the foot of the HJT window. ******** Reboot to normal mode, scan again with HJT and post back the results of the Virustotal scans and the fresh HJT logfile. [NOTES >> I see you have Limewire. I don't recommend it as it's a potential source of malware infections but that's your choice. Your java is a little out of date. You should update to to version 6 and uninstall/remove all older versions via Add/Remove Programs.] OJOJ Did as you advised Logfile of HijackThis v1.99.1 Scan saved at 08:41:40, on 17/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\system32\keyhook.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\SiteAdvisor\6021\SiteAdv.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Tesco internet phone\TescoIP.exe C:\Program Files\PCPal\PalAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe C:\Program Files\LimeWire\LimeWire.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\SiteAdvisor\6021\SAService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\msiexec.exe C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe" O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tesco internet phone] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart O4 - HKCU\..\Run: [PCPal] "C:\Program Files\PCPal\PalAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4963/mcfscan.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing) And heres the scan STATUS: FINISHED Complete scanning result of "MouseDrv.exe", received in VirusTotal at 02.16.2007, 17:40:56 (CET). Antivirus Version Update Result AntiVir 7.3.1.37 02.16.2007 no virus found Authentium 4.93.8 02.15.2007 no virus found Avast 4.7.936.0 02.16.2007 no virus found AVG 386 02.16.2007 no virus found BitDefender 7.2 02.16.2007 no virus found CAT-QuickHeal 9.00 02.16.2007 no virus found ClamAV devel-20060426 02.16.2007 no virus found DrWeb 4.33 02.16.2007 no virus found eSafe 7.0.14.0 02.16.2007 no virus found eTrust-Vet 30.4.3405 02.16.2007 no virus found Ewido 4.0 02.16.2007 no virus found Fortinet 2.85.0.0 02.16.2007 no virus found F-Prot 4.2.1.29 02.15.2007 no virus found F-Secure 6.70.13030.0 02.16.2007 no virus found Ikarus T3.1.0.31 02.16.2007 no virus found Kaspersky 4.0.2.24 02.16.2007 no virus found McAfee 4964 02.15.2007 no virus found Microsoft 1.2204 02.16.2007 no virus found NOD32v2 2066 02.16.2007 no virus found Norman 5.80.02 02.16.2007 no virus found Panda 9.0.0.4 02.16.2007 no virus found Prevx1 V2 02.16.2007 no virus found Sophos 4.14.0 02.16.2007 no virus found Sunbelt 2.2.907.0 02.15.2007 no virus found Symantec 10 02.16.2007 no virus found TheHacker 6.1.6.059 02.16.2007 no virus found UNA 1.83 02.14.2007 no virus found VBA32 3.11.2 02.16.2007 no virus found VirusBuster 4.3.19:9 02.16.2007 no virus found Aditional Information File size: 503808 bytes MD5: 89dd130712f2b1b8507d83f3c405c3df SHA1: cb6671c8112c90dcb7fc2a2db024a51c4deabd9 d Hi The log looks better (apart from Limewire, IMO) but you haven’t successfully moved the HJT folder to a permanent place. All you have done is move it to another "temporary" location. Can you go to the HJT folder .... left click on it ... hold the mouse button then "drag & drop” the folder directly on to your C: drive? That should do the trick. How is your computer behaving now? Can you boot to safe mode? How's your web browsing experience? Still wrong or OK now? OJQuote How is your computer behaving now? Can you boot to safe mode? How's your web browsing experience? Still wrong or OK now? Thanks for your help Seems to be ok ,but i still cant get into safe mode, the up and down keys still don't function,btw up and down keys work in normal mode Quote try going into safe mode using a ps/2 keyboard ......... O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" is the above a ps/2 keyboard Skyblue PS Why!!!!!! Quote Why is it so important to scan in safe mode and why don't the company's who produce anti virus software also advise this??.so in other words normal scanning is useless!!!!!!!!! unless scanning is done in safe mode Hi again Can't get to safe mode .... First thing you need to check is if the keyboard is fully functional. If you can get in to BIOS - F1, F2, Del, F10, depending on the configuration of your machine, if you can access this, and your arrow keys DON'T work, then your keyboard has had it. If they do, its a software problem and you'll need to reinstall Windows. For a long shot, try a PS2 keyboard attached, see if that helps. [credit for this tip .... Kevin Gibson, ST&T member] try going into safe mode using a ps/2 keyboard .........** You ask "why". Often when a user is working with a wireless or USB device something...well... just screws up. A ps/2 connected device is lighter on resources, uses simpler drivers etc. Sometimes, when a wireless or USB device doesn't work fully, a ps/2 device will work. It's always worth trying. Why is it so important to scan in safe mode and why don't the company's who produce anti virus software also advise this??.so in other words normal scanning is useless!!!!!!!!! unless scanning is done in safe mode The simple reason is that much malware won't run unless the computer is fully booted up. Booting to safe mode stops such malware running and makes it inactive. That makes it easier for malware detection programs to detect their presence and do something about it. Most protection programs will also run in normal mode (some perhaps will ONLY run in normal mode) and I suspect the manufacturers feel that the average user won't understand an instruction to "boot to safe mode before scanning with (our product)". They feel a uesr WOULD much rather just scan in normal mode for simplicity. Also it depends on what type of malware the progam is scanning for. Some are just as easy to fix in normal mode as safe mode. My advice ... always scan in safe mode unless the program bring used specifically instructs scanning in normal mode only. Please post back again and let us know how you are geting on booting to safe mode etc. OJOJ Firstly thanks for your lengthy explanation why we have to scan in safe mode, makes sense i suppose(just like to now why we have to do things a certain way) Now back to the problem F2 got me in bios and the up and down keys worked perfectly I also tried my old keyboard and that also works in bios and safe mode in your opinion is it the new wireless keyboard that is or is it a reinstall, if its the latter i think i will leave things as they are since all the functions seem to work OK in normal mode, and if i need to go in safe mode its just a case of plugging in my old keyboard SkyblueSo long as everything ELSE is working as it should I think you can assume the trouble is indeed with that keyboard. Yes, you can do what you suggest, and only use the other keyboard if you need to go to safe mode, but I would also try uninstalling then reinstalling the malfunctioning keyboard first. Also run a full system scan with AVG Anti Spyware to give it a good spring clean out. Good Luck. Safe surfing. Post back if you've further questions. OJ

Answer»

Can one of you check this out please
Past couple of days it seems that the computer has a mind of its own
Whilst viewing pages on the internet the pages just drop down and the text size
changes to largest then it goes back a page
Windows xp home
browser IE
I have used spybot,adware,avg,and have shown up nothing except the usual cookies etc,
I wasn't able to scan in safe mode as you recommend because i cant get into safe mode
when start up and press F8 all goes well but i cant move the up and down keys to safe mode.
is there anything in here that shouldn't be
thank you

Logfile of HijackThis v1.99.1
Scan saved at 20:25:35, on 15/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Tesco internet phone\TescoIP.exe
C:\Program Files\PCPal\PalAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe"
O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GooO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4963/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
skyblue..... What kind of keyboard and mouse are you using ?
Quote

when start up and press f8 all goes well but i cant move the up and down keys to safe mode.

If using something other than a PS/2 its possible there arent any drivers available in safe mode.

dl65 dl165
Quote

What kind of keyboard and mouse are you using ?

Wireless with mouse,drivers did come with it but instructions said "not required for xp"
not sure who made it one of these made in china
[ HID Keyboard Device ]

Keyboard Properties:
Keyboard Name HID Keyboard Device
Keyboard Type IBM enhanced (101- or 102-key) keyboard
Keyboard Layout United Kingdom
ANSI Code Page 1252 - Western European (Windows)
OEM Code Page 437
Repeat Delay 1
Repeat Rate 27

[ HID-compliant mouse ]

Mouse Properties:
Mouse Name HID-compliant mouse
Mouse Buttons 5
Mouse Hand Right
Pointer Speed 1
Double-Click Time 690 msec
X/Y Threshold 6 / 10
Wheel Scroll Lines -1

Mouse Features:
Active Window Tracking Disabled
ClickLock Disabled
Hide Pointer While Typing Enabled
Mouse Wheel Present
Move Pointer To Default Button Disabled
Pointer Trails Disabled
Sonar DisabledI 'm thinking that in safe mode the required drivers for the wireless keyboard isnt being loaded ...hence you cant use the up /down arrow keys to load in safe mode....... try going into safe mode using a ps/2 keyboard .........

dl65 Quote

try going into safe mode using a ps/2 keyboard .........

Thanks for that i will have to borrow one
Why is it so important to scan in safe mode and why don't the company's who
produce anti virus software also advise this??.so in other words normal scanning is useless!!!!!!!!! unless scanning is done in safe mode
Does the hijack log file LOOK ok??
SkyblueHi skyblue

I recommend you print this out to help you follow the advice.

Your HJT folder is in a temporary location. The program makes automatic backups and there is a danger those backups will be lost. Please go to the HJT folder here ....

C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

....and move it the C: drive for safety.

************

These entries in your log ...

C:\Program Files\Multimedia Combo Set\MouseDrv.exe

O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe"

.... may indicate the presence of the CRYPTER.A Trojan.

Please go here ...

http://www.virustotal.com/en/indexf.html

Browse to the file ...

C:\Program Files\Multimedia Combo Set\MouseDrv.exe

Upload it to Virustotal ... scan it for malware .... post back the results here.

************

Boot to safe mode ... open HJT again ... click on scan ... put tick/checkmarks next to the following entries IF they are still present ...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O18 - Filter: text/html - (no CLSID) - (no file)

Close ALL open windows - including this one - before you click on "Fix Checked" at the foot of the HJT window.

************

Reboot to normal mode, scan again with HJT and post back the results of the Virustotal scans and the fresh HJT logfile.

[NOTES >> I see you have Limewire. I don't recommend it as it's a potential source of malware infections but that's your choice.

Your java is a little out of date. You should update to to version 6 and uninstall/remove all older versions via Add/Remove Programs.]

OJOJ
Did as you advised
Logfile of HijackThis v1.99.1
Scan saved at 08:41:40, on 17/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Tesco internet phone\TescoIP.exe
C:\Program Files\PCPal\PalAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe"
O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tesco internet phone] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart
O4 - HKCU\..\Run: [PCPal] "C:\Program Files\PCPal\PalAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4963/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

And heres the scan
STATUS: FINISHED
Complete scanning result of "MouseDrv.exe", received in VirusTotal at 02.16.2007, 17:40:56 (CET).
Antivirus Version Update Result
AntiVir 7.3.1.37 02.16.2007 no virus found
Authentium 4.93.8 02.15.2007 no virus found
Avast 4.7.936.0 02.16.2007 no virus found
AVG 386 02.16.2007 no virus found
BitDefender 7.2 02.16.2007 no virus found
CAT-QuickHeal 9.00 02.16.2007 no virus found
ClamAV devel-20060426 02.16.2007 no virus found
DrWeb 4.33 02.16.2007 no virus found
eSafe 7.0.14.0 02.16.2007 no virus found
eTrust-Vet 30.4.3405 02.16.2007 no virus found
Ewido 4.0 02.16.2007 no virus found
Fortinet 2.85.0.0 02.16.2007 no virus found
F-Prot 4.2.1.29 02.15.2007 no virus found
F-Secure 6.70.13030.0 02.16.2007 no virus found
Ikarus T3.1.0.31 02.16.2007 no virus found
Kaspersky 4.0.2.24 02.16.2007 no virus found
McAfee 4964 02.15.2007 no virus found
Microsoft 1.2204 02.16.2007 no virus found
NOD32v2 2066 02.16.2007 no virus found
Norman 5.80.02 02.16.2007 no virus found
Panda 9.0.0.4 02.16.2007 no virus found
Prevx1 V2 02.16.2007 no virus found
Sophos 4.14.0 02.16.2007 no virus found
Sunbelt 2.2.907.0 02.15.2007 no virus found
Symantec 10 02.16.2007 no virus found
TheHacker 6.1.6.059 02.16.2007 no virus found
UNA 1.83 02.14.2007 no virus found
VBA32 3.11.2 02.16.2007 no virus found
VirusBuster 4.3.19:9 02.16.2007 no virus found
Aditional Information
File size: 503808 bytes
MD5: 89dd130712f2b1b8507d83f3c405c3df
SHA1: cb6671c8112c90dcb7fc2a2db024a51c4deabd9 d
Hi

The log looks better (apart from Limewire, IMO) but you haven’t successfully moved the HJT folder to a permanent place. All you have done is move it to another "temporary" location.

Can you go to the HJT folder .... left click on it ... hold the mouse button then "drag & drop” the folder directly on to your C: drive? That should do the trick.

How is your computer behaving now? Can you boot to safe mode? How's your web browsing experience? Still wrong or OK now?

OJQuote

How is your computer behaving now? Can you boot to safe mode? How's your web browsing experience? Still wrong or OK now?

Thanks for your help Seems to be ok ,but i still cant get into safe mode, the up and down keys still don't function,btw up and down keys work in normal mode

Quote

try going into safe mode using a ps/2 keyboard .........

O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe"
is the above a ps/2 keyboard
Skyblue
PS
Why!!!!!!
Quote

Why is it so important to scan in safe mode and why don't the company's who
produce anti virus software also advise this??.so in other words normal scanning is useless!!!!!!!!! unless scanning is done in safe mode

Hi again

Can't get to safe mode ....

First thing you need to check is if the keyboard is fully functional.

If you can get in to BIOS - F1, F2, Del, F10, depending on the configuration of your machine, if you can access this, and your arrow keys DON'T work, then your keyboard has had it. If they do, its a software problem and you'll need to reinstall Windows.

For a long shot, try a PS2 keyboard attached, see if that helps.

[credit for this tip .... Kevin Gibson, ST&T member]

try going into safe mode using a ps/2 keyboard .........

You ask "why".

Often when a user is working with a wireless or USB device something...well... just screws up. A ps/2 connected device is lighter on resources, uses simpler drivers etc. Sometimes, when a wireless or USB device doesn't work fully, a ps/2 device will work. It's always worth trying.

Why is it so important to scan in safe mode and why don't the company's who
produce anti virus software also advise this??.so in other words normal scanning is useless!!!!!!!!! unless scanning is done in safe mode

The simple reason is that much malware won't run unless the computer is fully booted up. Booting to safe mode stops such malware running and makes it inactive. That makes it easier for malware detection programs to detect their presence and do something about it.

Most protection programs will also run in normal mode (some perhaps will ONLY run in normal mode) and I suspect the manufacturers feel that the average user won't understand an instruction to "boot to safe mode before scanning with (our product)". They feel a uesr WOULD much rather just scan in normal mode for simplicity.

Also it depends on what type of malware the progam is scanning for. Some are just as easy to fix in normal mode as safe mode.

My advice ... always scan in safe mode unless the program bring used specifically instructs scanning in normal mode only.

Please post back again and let us know how you are geting on booting to safe mode etc.

OJOJ
Firstly thanks for your lengthy explanation why we have to scan in safe mode, makes sense i suppose(just like to now why we have to do things a certain way)
Now back to the problem
F2 got me in bios and the up and down keys worked perfectly
I also tried my old keyboard and that also works in bios and safe mode
in your opinion is it the new wireless keyboard that is or is it a reinstall, if its the latter i think i will leave things as they are since all the functions seem to work OK in normal mode, and if i need to go in safe mode its just a case of plugging in my old keyboard
SkyblueSo long as everything ELSE is working as it should I think you can assume the trouble is indeed with that keyboard. Yes, you can do what you suggest, and only use the other keyboard if you need to go to safe mode, but I would also try uninstalling then reinstalling the malfunctioning keyboard first.

Also run a full system scan with AVG Anti Spyware to give it a good spring clean out.

Good Luck. Safe surfing.

Post back if you've further questions.

OJ

Solve : Check this out?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment