Jump to content

Vanishing Mouse

DSTM
 Share

Recommended Posts

DSTM Newbie

DSTM

Posted
  • Author
Posted

Sorry Seth I was posting,when you posted.SAS is updated all the time,the guard is on all the time.I have 2 sticks of Ram equalling 2 GIG.2 weeks ago changed.

I have only been doing Quick scans as I understood Complete Scans are only necessary once a month. SAS has let nothing past up to date.

I know how it happened.

Confidence, is the feeling I get, moments before I stuff something up.

 

  • Replies 47
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Goku Newbie

Goku

Posted
Posted
Sorry Seth I was posting,when you posted.SAS is updated all the time,the guard is on all the time.I have 2 sticks of Ram equalling 2 GIG.2 weeks ago changed.

I have only been doing Quick scans as I understood Complete Scans are only necessary once a month. SAS has let nothing past up to date.

I know how it happened.

Incidentally, did the problem first occur after you had changed the RAM sticks? Or did you change the RAM sticks because you were experiencing the problems?

 

-- Goku

Seth Newbie

Seth

Posted
Posted

Did the problem begin before you got b3d Projector?

 

I don't agree with only running a full scan once a month. In fact I'm going to post on the SAS forum about it. I suggest using only complete scans. Reason being is that on infected systems, I've found the typical scanner will find about 30% more with the complete scans.

 

Also keep in mind that a program may be detected by a scanner, but you might have to manually put a check on it for it to be removed. That's because it's "gray area" malware and the company could be sued if it was automatically checked off.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

DSTM Newbie

DSTM

Posted
  • Author
Posted

Hi Goku.Occassionally it would freeze up since the new Ram sticks were put in,but its only the last 3 days that this problem is becoming more often.

And Seth it did occur before this program was installed.Had a look with both Revo uninstaller and Add and remove and cant find.Only place it shows up is in start ups.Dont know if it went when I Uninstalled Radar sync and its just an old entry in startups.Wasnt there 3 days ago when I checked start ups but there now. I am confused.Where can I check if it is still on my system.?:o

Cant find b3d projector.

Confidence, is the feeling I get, moments before I stuff something up.

 

Goku Newbie

Goku

Posted
Posted
Hi Goku.Occassionally it would freeze up since the new Ram sticks were put in,but its only the last 3 days that this problem is becoming more often.

And Seth it did occur before this program was installed.Had a look with both Revo uninstaller and Add and remove and cant find.Only place it shows up is in start ups.Dont know if it went when I Uninstalled Radar sync and its just an old entry in startups.Wasnt there 3 days ago when I checked start ups but there now. I am confused.Where can I check if it is still on my system.?:o

Cant find b3d projector.

From what I have read, this program can be uninstalled through the Add / Remove Programs. Perform the following steps and see if you can get rid of it or not.

 

1) Uninstall it via Start -> Settings -> Control Panel -> Add / Remove Programs.

2) Remove the BDEsecureinstall.exe if still present in C:\Windows\System.

3) Disable and ideally delete it from the registry.

4) Remove the BDE directory and all its contents.

 

Also, from what I have read, B3D Projector can also be detected and removed by Spybot Search & Destroy. This needs further input from Seth as Malwarebytes and SUPERAntispyware should have detected it too then. Anyways, run a full scan with Avira, Malwarebytes and SUPERAntispyware and post back their respective logs so that Seth can confirm any chance of infection. :)

 

Note: First update all the three programs with the latest virus / spyware definitions before proceeding with the scans.

 

-- Goku

Seth Newbie

Seth

Posted
Posted

Did you check ram compatability before purchasing?

 

Might want to try one stick at a time and/or run a memory test. Let me know if you need instructions for a memory test.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

DSTM Newbie

DSTM

Posted
  • Author
Posted

I did run a memory test Seth.It said 2 Gigs was quite acceptable,so I went out and bought 2X1 Gig DDR400'S.Sticks.

Just doing full scans with SAS Pro,AntiVir,Malwarebytes and will post HJT Log.

Will post ASAP.Thanks for staying with this headache.:)

Confidence, is the feeling I get, moments before I stuff something up.

 

Seth Newbie

Seth

Posted
Posted
I did run a memory test Seth.It said 2 Gigs was quite acceptable,so I went out and bought 2X1 Gig DDR400'S.Sticks.

Just doing full scans with SAS Pro,AntiVir,Malwarebytes and will post HJT Log.

Will post ASAP.Thanks for staying with this headache.:)

 

When you say "memory test", do you mean you went to Memory upgrades, flash media, and usb storage at Crucial.com to check if the ram was compatible with your motherboard?

 

Go ahead and post the HT log, but my money is now on the ram.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

DSTM Newbie

DSTM

Posted
  • Author
Posted (edited)

Here is the test.

Ran scans and saved incl LOG. Do you still want them posted Seth.

Quarantined trogans so do you need another or both HJT Logs.Before and after HJT Logs.and scans? Thanks.

 

http://i26.tinypic.com/20b1h8k.png

Edited by DSTM

Confidence, is the feeling I get, moments before I stuff something up.

 

Seth Newbie

Seth

Posted
Posted
Yes, I wouldn't mind seeing the mb and sas log, as well as the ht log done after the scans.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

DSTM Newbie

DSTM

Posted
  • Author
Posted

SUPERAntiSpyware Scan Log

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

 

Generated 06/12/2008 at 05:48 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3480

Trace Rules Database Version: 1471

 

Scan type : Complete Scan

Total Scan Time : 00:37:11

 

Memory items scanned : 428

Memory threats detected : 1

Registry items scanned : 5772

Registry threats detected : 0

File items scanned : 24058

File threats detected : 8

 

Trojan.FakeAlert-Gen/Variant

C:\PROGRAM FILES\GOOGLE\GOOGLE TALK\MSIMG32.DLL

C:\PROGRAM FILES\GOOGLE\GOOGLE TALK\MSIMG32.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\Doug\Cookies\doug@overture[1].txt

C:\Documents and Settings\Doug\Cookies\doug@adtech[1].txt

C:\Documents and Settings\Doug\Cookies\doug@revsci[2].txt

C:\Documents and Settings\Doug\Cookies\doug@serving-sys[2].txt

C:\Documents and Settings\Doug\Cookies\doug@atdmt[2].txt

C:\Documents and Settings\Doug\Cookies\doug@doubleclick[1].txt

C:\Documents and Settings\Doug\Cookies\doug@bs.serving-sys[2].txt

----------------------------------------------------------------------

 

Malwarebytes' Anti-Malware 1.17

Database version: 849

 

6:19:00 PM 12/06/2008

mbam-log-6-12-2008 (18-18-52).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 98361

Time elapsed: 29 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\Doug\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.

C:\System Volume Information\_restore{91157461-30D4-4D86-AA63-828465043A7B}\RP89\A0013911.exe (Spyware.OnlineGames) -> No action taken.

I know nothing about Ebay or where it came from.

-----------------------------------------------------------------

Zupdate.exe is still showing.Seth.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:24:03 PM, on 12/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Qlock\qlock.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe

C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe

C:\Program Files\Opera 9\Opera.exe

C:\Documents and Settings\Doug\My Documents\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ZUpdate] C:\Program Files\Zaazu\zupdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207311354031

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

--

End of file - 7035 bytes

Confidence, is the feeling I get, moments before I stuff something up.

 

Seth Newbie

Seth

Posted
Posted
The log is fine other than the zupdate. Did you follow Goku's instructions to remove it, as that is not what it's named as in Add/Remove programs.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

Seth Newbie

Seth

Posted
Posted

You're welcome.

 

If that doesn't clear up the freezing, then we can move on to the ram.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

Seth Newbie

Seth

Posted
Posted

Maynard pointed out to me that I missed the fact that the MB log says "No action taken". In other words, it didn't remove the malware as you didn't request it to.

 

When the mb scan is complete, you have to choose the option to view what mb has found. Once you do that, click on "Remove Selected".

 

Thanks Maynard:)

 

(No more 3:38 AM posts for me)

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

DSTM Newbie

DSTM

Posted
  • Author
Posted (edited)
I normally do, but in this case I didn't, because I thought you may want to see what it was. Get some sleep,mate. Edited by DSTM

Confidence, is the feeling I get, moments before I stuff something up.

 

Dalo Harkin Newbie

Dalo Harkin

Posted
Posted

When the PC freezes does it ever recover?

do you have an HDD activity light on your tower?

when it freezes is the light solid or flickering?

 

It could be the HDD sticking

Intel Q6600 @ 4Ghz (Watercooled)

Asus P5K premium black pearl

4GB OCZ Reaper 8500

260GTX

 

Join Free PC Help - Register here

 

Donations are welcome - here

 

PC Build

 

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

DSTM Newbie

DSTM

Posted
  • Author
Posted

Hi Dalo,no it doesn't recover.Hard shutoff,then on restart, no problems,till the next time.No,I havent checked the light, on the Tower.Will take notice in future.I may be paranoid, but never felt good about this Hard Drive.Allways files stuck way along the window,and couldnt get that file or files to pack after Defrag.I have a second Hard Drive installed doing nothing.You are the Expert, and would know if it.s OK to have a File isolated from the rest.

JK Defrag,whick I tried yesterday, is the first defragger to move this file.Waiting to see if it appears in that position again.This Hard Drive is fairly audible,growls a lot,but thought it's normal.

Confidence, is the feeling I get, moments before I stuff something up.

 

DSTM Newbie

DSTM

Posted
  • Author
Posted

UPDATE.

Having now tested this PC, for 40+ Hrs,it hasn't frozen once, to date.

Just like to say what a great job, you Guys did, in helping me with this Problem.

Only one place to go,if one wants Expert Help Quickly,and that's FreePC Help.

Thanks Guys.:)

Confidence, is the feeling I get, moments before I stuff something up.

 

Seth Newbie

Seth

Posted
Posted

That's great news Doug.

 

So the scanners cleared up the problem?

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

DSTM Newbie

DSTM

Posted
  • Author
Posted

Hi Seth,Your Instructions, to reset 1E7 back to default,plus running all Scans as Full, instead of Quick,picked up problems that failed to show up, with Quick Scans.Having SAS Pro is a Bonus,also.IMO.

No more Quick Scans for me.And of course all the other Members who gave me Instructions,also.Much appreciated.:)

I can't really see the benefit of Quick scans,Seth,if Full Scans pick up more.

Confidence, is the feeling I get, moments before I stuff something up.

 

Seth Newbie

Seth

Posted
Posted
Nor can I mate.

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...