Tech Support Forum - View Single Post - New to site-problems with Spyware, please help

skate_punk_21 · 07-11-2005, 07:47 AM

And We're Back!

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Notes
Few things to take care of here...

Downloads
The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! and install it. DO NOT RUN IT YET

Download EliteBar Removal Tool . DO NOT RUN IT YET

Download Killbox

View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Stop NT Service

Part1

* Click Start>Run, type services.msc into the Open editbox and click the Ok button.
* Locate the " Mouse Hardware Sync (mousehs) " service and double-click on it to open the Properties dialog.
* Click the Stop button.
* In the Startup type dropdown select Disabled.
* Click the Apply button and then the Ok button.
* Close the Services window

Part 2

* Click Start>Run, type cmd into the Open editbox and click the Ok button.
* Copy/paste the line below into the Command Prompt window and press the Enter key:
* sc delete mousehs
* Close the Command Prompt window

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\windows\System32\mssetup32.exe
C:\windows\system32\1.tmp
c:\windows\system32\temp532.exe
C:\windows\System32\iexplore.exe
c:\windows\system32\elitezhy32.exe
C:\WINDOWS\System32\mousehs.exe

Boot Into Safe Mode
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
EliteToolBar

Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Microsoft Auto Update Setup 32] mssetup32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\windows\system32\1.tmp
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezhy32.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\windows\System32\iexplore.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [Microsoft Gaming Updater 32] msgame32.exe
O4 - HKLM\..\RunServices: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKLM\..\RunServices: [Microsoft Auto Update Setup 32] mssetup32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Wind0ws Sharing] ssprotecter.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...Bridge-c139.cab
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe

Please remember to close all other windows, including browsers then click Fix checked.

Run Downloaded Programs
Extract the EliteBar Removal Tool zip file into the suggested folder and run the file ETRemover_V130.exe. Click "Kill Elite Toobar" button.

File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\windows\EliteToolBar\

These need to be searched for via Start|Search..

winssh.exe
msgame32.exe
phqghume.exe
ssprotecter.exe
msconfig32.exe <--Be sure to get this one, and not msconfig.exe

Run CleanUp! Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot your system in Normal Mode.

Further Scanning
Please run a Scan at any 2 of the Following sites
Symantec/Norton
Trend Micro
BitDefender On-Line Virus Scan
Panda ActiveScan
F-Secure
Kaspersky

Make sure that you choose the "fix" or "clean" option when available

Please post a fresh Hijack This log so that we can check if your system is clean.

07-11-2005, 07:47 AM	#4 (permalink)
skate_punk_21 1337 C0D3R Join Date: Mar 2005 Location: Canada Posts: 1,457 OS: Server 2K3/XP Pro/XP MCE/Win 98/Ubuntu Linux/BackTrack 2 My System	And We're Back! Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Notes Few things to take care of here... Downloads The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! and install it. DO NOT RUN IT YET Download EliteBar Removal Tool . DO NOT RUN IT YET Download Killbox View Hidden Files and Folders Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Stop NT Service Part1 * Click Start>Run, type services.msc into the Open editbox and click the Ok button. * Locate the " Mouse Hardware Sync (mousehs) " service and double-click on it to open the Properties dialog. * Click the Stop button. * In the Startup type dropdown select Disabled. * Click the Apply button and then the Ok button. * Close the Services window Part 2 * Click Start>Run, type cmd into the Open editbox and click the Ok button. * Copy/paste the line below into the Command Prompt window and press the Enter key: * sc delete mousehs * Close the Command Prompt window Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\windows\System32\mssetup32.exe C:\windows\system32\1.tmp c:\windows\system32\temp532.exe C:\windows\System32\iexplore.exe c:\windows\system32\elitezhy32.exe C:\WINDOWS\System32\mousehs.exe Boot Into Safe Mode Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Potential Uninstallations Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: EliteToolBar Start HijackThis Fix Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [Microsoft Auto Update Setup 32] mssetup32.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\windows\system32\1.tmp O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezhy32.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\windows\System32\iexplore.exe O4 - HKLM\..\RunServices: [Network Access] winssh.exe O4 - HKLM\..\RunServices: [Microsoft Gaming Updater 32] msgame32.exe O4 - HKLM\..\RunServices: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe O4 - HKLM\..\RunServices: [Microsoft Auto Update Setup 32] mssetup32.exe O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe O4 - HKLM\..\RunServices: [Wind0ws Sharing] ssprotecter.exe O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...Bridge-c139.cab O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe *Please remember to close all other windows, including browsers then click Fix checked.* Run Downloaded Programs Extract the EliteBar Removal Tool zip file into the suggested folder and run the file ETRemover_V130.exe. Click "Kill Elite Toobar" button. File/Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\windows\EliteToolBar\ *These need to be searched for via Start\|Search..* winssh.exe msgame32.exe phqghume.exe ssprotecter.exe msconfig32.exe <--Be sure to get this one, and not msconfig.exe Run CleanUp! Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. Reboot your system in Normal Mode. Further Scanning Please run a Scan at any 2 of the Following sites Symantec/Norton Trend Micro BitDefender On-Line Virus Scan Panda ActiveScan F-Secure Kaspersky Make sure that you choose the "fix" or "clean" option when available Please post a fresh Hijack This log so that we can check if your system is clean. __________________ Have I Helped you? Please Consider a Donation to TechSupportForums