need help please

Bumping does you more harm than good. We start with the oldest threads first because they have waited the longest. We work our way to the newest ones

Since Halo was working with you on this problem I was going to let him continue. I will see what the status is, hang in there a few.

 

hate to disagree but , throughout all this and before i came here the BetterInet has been there all along or seemed to have been.

sorry 'bout the bumps

 

dogginbox,

I would like you do a few things for me. This will answer a few questions and also lead me to the next step.

Also, can you provide me with EXACTLY what Ad-Aware is finding?

First, download the Generic Detection Tool - NT/2000/XP

NOW:

Unzip the Generic Detection Tool to a safe folder of your choice and run "find.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

The tool should generate a long text file. Attach this log as an attachment to your post along with a fresh HJT log.

 

k, i ran the adaware plugin, the thing is i didnt know i was supposed to select it, i thought it ran automatically. before i realized this i ran a "full scan" and it found 12 negligable objects. unfortunately not knowing i was going to need the info, i deleted what it found.

while i dont remember exactly what was found, i do remember it was MRU LIST

then after that is when i realized the plug in needed to be run seperately, but after i ran it it was clean.

is there a way to find a history of adaware has found recently? also i deleted everything in the quarentine

 

Just procede with my previous post, those MRU entries are just "Most Recently Used" items, nothing serious.

 

alright, not sure if this is what youre looking for, that generic detection tool was weird. it brought up the command prompt and said it was searching, so i walked away and next thing i knew this text log was there.

 

Thats what I was looking for, good job!

I dont see any problems, post one last HJT log.

Are you still getting the popup about the infection? Also, what problems other than the mouse are you having?

 

here's another hjt log.

im not getting any popups of anykind, just this moving cursor

 

Are you familiar with these entries above?

Also, about this cursor problem, exactly when did this issue start?

 

im not familiar w/ that, then again the only entries in the hjt logs that i recongnize or know anything about are the ones that include: espn,yahoo,messenger, spy sweeper, verizon, etc.

everything else is computer terminology that i know nothing about.

the cursor problem occurs randomly, its not consistent. it could happen when im typing, opening a page, opening my favorites, happens when im not even using the mouse.

like i stated before though, all this stuff you guys have had me do seems to have helped somewhat as it doesnt happen as frequently or as often.

i've only noticed it occur once off line and that was actually when you guys had me go into safe mode.

 

Those entries are related to Verizon, so they are safe.

Lets try a few more things before I give this back to Halo.

Download the following programs:

Microsoft® Windows AntiSpyware

Ad-Aware SE Personal 1.05

Spy Sweeper 3.5.0.199


After you install, make sure you get ALL available updates. They will be some updates as they were released today.

After you get these updates, reboot into SAFE MODE.

Now, once in Safe Mode be sure ALL browsers are closed. Now run a full scan with all three programs removing anything detected.

Afterwards, REBOOT and post your results if anything was found.

 

i already had adaware downloaded, it found nothing

microsoft anti spy found:

IBIS Toolbar(adaware)
iMesh(software bundle)
Kazoom(adaware)
ebates,MoeMoneyMaker(adaware)

spysweeper found:

WebSearch Toolbar
CWS_NS3

along w/ 7 traces attatched to them

 

i got a question, could not having a lot of space on my hard drive cause my cursor to act this way?

or possibly needing more memory do the same?

 

I have never heard of this before and wouldnt think so. Did you remove those found infections?

Also, one last thing, download and run the below utility.

CWShredder 2.15

Click FIX instead of scan, afterwards reboot and let me know how things are running.

 

yup. i removed those infections.

CWShredder found nothing.

 

Ok, is everything running fine except for this mouse cursor?

Also, do you have the Service Pack 2 CD?

 

everything on my pc has been ok except for the cursor, which i still have

service pack 2 cd? what's that?

 

Okay you probably dont have it then, did you download Service Pack 2?

 

uhh not sure, if its a windows update, i update my pc everytime there is one

 

Okay! If you downloaded it then I'm not going to request you remove it. Just to see if that would fix the cursor problem.

First, lets try a little something I usually dont request but it may help.

Download RegSupreme Pro 1.1

Install this program, after you install you will be prompted to "defrag" you registry for best performance. You can go ahead and click YES, should take but a minute or so.

After this completes at the top, click the REGISTRY CLEANER tab. Then click on "Aggressive" and let it scan. Afterwards you will see the total of invalid entries found. Once its complete, select ALL entries and select FIX. The program will then fix the ones that are fixable, the ones that are not will be removed. Type in a backup filename and save to an easy location just in case.

Let me know the results! After you do this reboot and see if your running any better.

 

hey thanks guys. i'd obviously like to get rid of this problem asap. but yet again things have come up, to be more precise a damn tree fell on my truck last night!!(ya know how freakin' difficult it is to get a tree removal person to show up on the day that ya call?!!??)

so i might not be able to get a chance to tackle this stuff till next week, or at least not sure yet.

as for my computer its a desktop.

i tried coming here earlier, but ended up getting some calls. which actually brings me to an interesting question.

if i was hacked, could they forward my calls to another number through my computer?

im pretty sure someone hit a button on my phone but i figured id ask

 

I've never heard of anything like this. Sorry to hear about your truck though, I hope everyone is ok.

 

ok bj, i dl'd regsupreme. it didnt ask me to defrag so i didnt, plus i forgot all about it anyway. i didnt reboot yet either(no printer so im doing most of this by memory.

ill reboot now, but i have spyware blaster and zone alarm questions. ok 1st off spyware blaster has an option to disable java ads or something to that effect, my question is could these ads cause the problem im having?

i still have the cursor problem but it seems to happen much less now since i clicked that option in spwareblaster. i honestly dont know if the 2 have any corolation or not so figured id ask

next question, i dl'd zonealarm and im not exactly sure when i get alert what im supposed to allow and what im not. when i got through installing it, i got an alert immediately something called "DIGIStream" tried to connect which i allowed because it seemed like it was needed and seemed safe, and ive recognized that before.

but then ive had like 5 or 6 alerts that dont have a name and its just numbers that look like an ip address.

and those alerts have come when i was just browsing a site that i normally go to, not clicking on anything. and these really arent bad sites and never had problems w/ in the past. one is actually a msg board i go to

when those alerts happend like that i blocked em, but another question what if im at that msg board and someone sends me a pm, would zonealarm try blocking it? and maybe thats why i got the alert?

 

i rebooted, guess im back to wait and see if i still have it

 

Unless you recognize the program I would deny access.

Did you run Reg Supreme? How many items did it detect?

 

this morning i ran panda again(this was before i dl'd zonealarm).

and BetterInet was still found there. and surprisingly it found another trojan, surprising because i havent used my computer much since the tree falling on my truck. i turn on my pc as soon as i get up in the morn and go to normal sites that have never caused me any problems in the past.

the trojan was called Lowzones.gg, panda removed it. this is what got me to dl zonealarm.

after i followed your steps w/ regsystem i ran another scan w/ panda and no sign of BetterInet or any virus for that matter was found.

so far no problem but like i said its a "wait and see". the true test will be when my screensaver kicks on. the moving cursor tends to disable the screensaver

 

unfortunately i dont remember exactly how many, but it was something like 1367

 

also, zonealarm says 53 intrusions have been blocked 3 of those are high rated. what does it mean by high rated? and is there a way to see what sort of things are being blocked, like maybe a log of what its blocking?

just for curiosity purposes

 

man 'o man, im watching this zonealarm status screen and im not even doing anything and since my last post the blocked intrusions is up to 61. are these intrusions from hackers or what? whats the deal?

 

i just dl'd avast virus scan and it found a virus/worm called: Win32:Kuang2

but as far as the moving cursor nothing yet, looking good

 

Damn! I run it on every computer I work on in my office and the most I have ever seen was 700. My experience with registry cleaners, if they find over 500 things the best thing to do to prevent future problems is a clean install.

High rated as in critical block, like its a good thing it was blocked. lol!

You should be able to select "Alerts & Logs" and view it there.


I have just completed a little reading on this little worm you have mentioned. Well this is a lot..no..this could be your main problem. Im curious to know why nothing has detected this yet? Anyway, to avoid confusion I will post another fresh post for you to follow as your explorer.exe process could be infected.

 

Download Kaspersky Anti-Virus Personal 5.0 as it cleans this thoroughly + much of the crap that comes with it!! This version is a 30 day trial.

You should print this out for reference!

You must disable any AntiVirus programs you have installed

Now install KAV 5.0

When Installing, do the following as you come to them:

Uncheck the Operate According to Recommended Settings Box

Uncheck the Use Real-time Protection against Network Attacks Box

Uncheck the Use The iStreams Technology Box

Now, allow KAV 5.0 to download and install Updates. Then, look under Settings > Configure Updater and select Extended Database > OK > Check for Updates and allow those to install.

Then, Click Settings > Configure On-Demand Scan Settings and Set Scan Level to Maximum > Perform Recommended Action > OK

NOW, Close ALL Programs (including KAV 5.0) and Browsers!

Physically Disconnect from the Internet - Pull the Cable!!

Boot into SAFE MODE

OPEN KAV 5.0 BUT DO NOT RUN IT YET!!!

Open Task Manager (Ctrl-Alt-Del) and RightClick explorer.exe and END IT! Don't be alarmed when all of your desktop items disappear. That is normal.

Everything will go blank except for KAV 5.0 and Task Manager. DO NOT CLOSE THEM!!

Now : Start a FULL SYSTEM SCAN. Click the Protection Tab and select Scan My Computer .


This process may take HOURS . . . . LET IT RUN!

When the Scan and Cleanup are done, go to Task Manager and select File / New Task and type explorer.

Close KAV 5.0 and TaskManager and reboot to Normal Windows and get a fresh HijackThis Log and let us know how things look!

 

wow, the most you found was 700!??!!? thats a little discouraging on my end. considering mine was in 1000's

anyway i read your other post about "Kaspersky Anti virus", which leads me to a few questions.

k, since ive downloaded all these programs my computer seems to be a little slower and i checked and i have about 5.6 GB's of space left on my hard drive.

so, before i dl this next program. do i have enough space on my hard drive? and how do i disable Mcafee from my start up? seeing as i dont have it anymore and the subscription has run out and w/ the new virus scan all these other protection programs it takes forever for my pc to start up.

another question, when you said "clean install", what did you mean exactly? what you said in your next post? or completely wiping out my hard drive and starting over?

also, i probably wont be able to get a chance to do all that today as im on my way to a BBQ

 

i find it pretty interesting myself, the only problem ive had is this moving cursor and i have all these virus' on my computer.

which btw i think the moving cursor is gone, havent seen it move and it hasnt disabled my screensaver

 

well, scratch that, just experienced the moving cursor

 

If its out of date I would uninstall it, I recommend AVG AntiVirus for a AV.

Yes, thats correct, a format reinstall will wipe everything but would fix this issue. Remember this is always the LAST option.

You need to run the KAV ASAP so this worm doesnt mutate and get worse!