Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mouse and system failure


  • This topic is locked This topic is locked
9 replies to this topic

#1 efrum

efrum

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 10 December 2004 - 03:32 PM

I've been talking with JEservices in the Windows 95/98*Grinler forum about system performance issues. S/he suggested that I post a HJT log here as there may be a problem interfereing with my system.

Here's my log:

____________________________________
Logfile of HijackThis v1.98.0
Scan saved at 1:36:02 PM, on 12/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\Run: [ftpqueue] "C:\PROGRAM FILES\WS_FTP PRO\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ftpqueue] C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab

_____________________________________

Any help would be greatly appreciated! Thanks in advance,

-efrum
Kalispell, MT

BC AdBot (Login to Remove)

 


#2 efrum

efrum
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 10 December 2004 - 05:26 PM

bump

#3 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:51 PM

Posted 10 December 2004 - 08:39 PM

nothing wrong in your log :thumbsup:

Although your HJT is an old version and you have no anti-virus.

Go here to download the free version of Grisoft's AVG AntiVirus program.

Install the program, check for updates and scan your system allowing it to remove whatever it finds.
--------------------------------
You can update HJT and post a new log if you like,but like i said its clean.

Download Hijackthis:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

http://computercops.biz/downloads-cat-14.html

If you cannot reach either site it is available from my signature.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 10 December 2004 - 08:50 PM

Hi efrum,

Your log is clean.

That doesn't necessarily mean that you don't have any malware issues--HijackThis desn't see everything. Since you don't seem to be running any antivirus or firewall you could well have an intruder.

First let me say that JEServices pmed me to have a look and I also looked at your thread here:
http://www.bleepingcomputer.com/forums/ind...wtopic=6402&hl=

Sounds like an issue with resources, but I don't like your description of how the mouse is behaving. Normally I would strongly suggest that you install a free antivirus solution first and do a full system scan or run a free online scanner or two. And then install a firewall and check the logs for any unauthorized traffic. But I hesitate to recommend that with the way your PC is shutting down so often--if it's resources I'm aftraid your PC would shutdown before scans are complete. These security products are fairly resource intensive.

But let's try this any way.

Download the free AVG:
http://free.grisoft.com/freeweb.php/doc/2/

If you can't get the download to complete, see if you can get a friend to download it for you and burn it to a CD.

Then boot into Safe Mode. Only basic processes are loaded in safe mode and you will have a better chance of completing a full system scan and AVG has a fairly small "footprint".

When in Safe mode install AVG.

Run a full system scan. Allow AVG to clean all it can and let me know what can't be cleaned and if there is any improvement at all in performance.

Reboot into normal mode, scan again with HijackThis and post your new log here.

Probably you've got a bad mouse or driver, but let's see what avg can find. And let us know if you have any problems.

The thing about people

is they change

when they walk away.--Mipso


#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 10 December 2004 - 10:00 PM

Sorry bout that raw, didn't see you post. Funny how we had just about the same instructions. :thumbsup:

Any questions efrum?

The thing about people

is they change

when they walk away.--Mipso


#6 efrum

efrum
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 10 December 2004 - 11:23 PM

Sorry for taking so long, I had to step out for a while. Thank you both for your help. I'm following your instructions now and will post what you've requested as soon as I complete them.

No questions for now, but I may have some if this doesn't fix the problem.

Thanks again,

-efrum

#7 efrum

efrum
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 11 December 2004 - 09:49 PM

Okay, I finally got everything you asked done. AVG did find a virus with 13 infected files. It 'healed' all of them.

I downloaded the latest HJT version and ran it. Here is my log:

__________________

Logfile of HijackThis v1.98.2
Scan saved at 7:50:44 PM, on 12/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WS_FTP PRO\FTPQUEUE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\Run: [ftpqueue] "C:\PROGRAM FILES\WS_FTP PRO\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ftpqueue] C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
__________________


It does seem to have helped with the overall speed of things, but not with the mouse problem. It still takes over and just goes crazy. But I find if I don't use the mouse and do everything through the keyboard I don't have any problems. Since you mentioned it could be a mouse issue, I'm wondering if the mouse or driver could be bad as you indicated.

Thanks for all of your help. I haven't had a complete lock-up since I ran the virus scan. Not sure if this is because I quit using the mouse or because of the virus elimination. But I really need the mouse functionality in order to do graphics work. How would I go about replacing the driver for the mouse, if that may be the trouble?

Thanks again,

efrum
Kalispell, MT

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 12 December 2004 - 02:05 AM

How's big sky country? :inlove:

Well, your log is clean again. :) Keep AVG updated and run it at least once a week--twice would be better. Remember to keep your security software up to date. Keeping up with updates can be done easily by visiting Calendar of Updates frequently. See the link in my sig.

You should also get a second opinion from free online virus scans. Here are two good ones.
TrendMicro's HouseCall
ActiveScan

Here's the canned speech I give everyone:

If you are satisfied that you are clean I recommend these simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update: <-- EVERYONE NEEDS TO DO THIS!!
Make sure that you have all the Critical Updates recommended for your Operating System and Internet Explorer. The first defense against infection is a properly patched OS.

Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
Or, with Internet Explorer open, click Tools>Windows Update.


2. Adjust your security settings for ActiveX:

Go to Internet Options>Security tab.
Now press "Custom Level."
In the ActiveX section, set the first option, 'Download signed ActiveX controls', to 'Prompt;
set the second option, 'Download unsigned ActiveX controls', to 'Disable';
and finally, set 'Initialize and Script ActiveX controls not marked as safe' to 'Disable'.

These recommendations are based on veteran spyware fighter Tony Klein's now classic article, So how did I get infected in the first place? Check it out for even more information.


I also highly recommend the information in Bleepingcomputer's own Simple steps to keep your computer secure!

As far as your mouse--you might want to check with Jason for exact steps for 98, but here's what I did. My emachines mouse was defective and acted a lot like what you describe--slowed down to a crawl but didn't click on anything. Replacing it fixed the problem but I played around with reinstalling the drivers a little later and it seemed to run even better.

1. To check if the mouse is bad. Buy a standard backup mouse or borrow one from a friend. If a different mouse works, then you know yours is bad.

2. Reinstall the basic drivers. If the mouse you have has any enhanced funtions that require it to have its own software, uninstall the software and see how it runs with the basic drivers that come with Windows. If still no joy, uninstall the basic drivers and let Windows find and reinstall when you reboot. Here are the basic instructions I followed to do that that I stole from another forum.:flowers:

:idea: Boot your computer into Safe Mode.
:bike: Right click My Computer and chose Properites.
:thumbsup: Click the Harware tab then Device Manager.
:cool: Right click the mouse you have installed and choose uninstall.
:trumpet: Reboot and allow Windows to reinstall the drivers and you should have basic functionality. You may have to use the arrow keys to enable the reboot while in safe mode but I didn't have to with XP--besides you're getting good at that, right?

Hope that helps.

The thing about people

is they change

when they walk away.--Mipso


#9 efrum

efrum
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 20 December 2004 - 10:34 AM

Sorry for taking so long to report back on this situation. First, thanks to all who offered advice here! I really appreciate it!

Papakid, Big Sky country is wonderful! you sound as if you've been here before. It's a great place to live. Went skiing on Big Mountain on Saturday, Glacier National Park is about twenty minutes from my front door, and there's all the fishing, backpacking, hunting and mountain climbing you could want! There're high mountain lakes everywhere, and Flathead lake is the largest freshwater lake in the US other then the Great Lakes. If you haven't been here, you should make it a point to visit! Drop me a line before you come, and I'll give you some pointers.

On to business: I followed all of the things everyone said to do (Except re-formatting my hard drive, and I haven't been able to get the RAM upgraded yet.). AVG found a virus and got rid of it. Actually 13 files were 'healed' by it. That solved the speed issue. Everything kicked into gear after that. But the mouse problem was still ongoing. I did as you suggested and tried re-loading the driver, but that did no good. So I went down to Target and bought a $6 mouse, installed it, and problem solved! Everything works great now!

As soon as I get the time I'll be installing a firewall, as it appears that is the last thing I need to do for a secure system.

Thanks again for saving the day, as I doubt I would have been able to do the project I'm currently working on without your help!

Sincerely,

-efrum

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 20 December 2004 - 09:56 PM

Really glad we could help you out there, efrum. Help is what we're here for.

Good luck with your website. You do nice work. :flowers: Hope you'll stick around. You might be able to help me one of these days. :trumpet:
http://www.bleepingcomputer.com/forums/f/37/graphics-design-and-photo-editing/

Yeah, I've been to Montana, but it's been a while. I think we cut across the southwest corner on our way from Yellowstone to Idaho. I can't be certain it was Montana, but we saw some Dall sheep on that trip. Glad you enjoy where you live. So many people take that for granted. I wanted to live in Montana or somewhere in the Rockies for a long time but it never happened. Having been raised in the flatlands--Mississippi and Arkansas river valleys--I really appreciated the big mountains. But one thing I find kind of funny. Montana may be big sky country, but there is no better place to see a sunset or sunrise than the flatlands. Hardly any trees and nothing but sky when you look up.

But I guess Montana is big sky country because you can see sky when you look down.
:thumbsup:
Like I said, stick around, efrum. I'd like to continue this conversation, but we need to close these HJT forum threads for various reasons. You can always chat here:
http://www.bleepingcomputer.com/forums/forum-cat2.html

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users