Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange Block-like Text Cursor in *most* text prompts

Started by bigjimthechief , Jan 08 2008 11:37 PM

  • Please log in to reply

#1
bigjimthechief
Posted 08 January 2008 - 11:37 PM

bigjimthechief

    New Member

  • Member
  • Pip
  • 5 posts
I have a strange thing happening to my text cursor. Instead of a line (which would be normal), whenever I am entering text, my cursor is a big black almost square box. It is similar to what computers used to do in the old days when you pushed the "insert" key. I've tried pushing the "insert" key, but to no avail.

The square block cursor shows up in most text entering places (i.e. address bar, google box, notepad, run command prompt, internet explorer) but not in MS Word or Firefox, the latter I installed just yesterday. The cursor in Word and Firefox is a normal thin blinking line.

I suspect some sort of spy-ware or mal-ware. But it seems to be a strange symptom. The worst trouble is that I can't be sure where my cursor is when editing because the block takes up several letters at a time.

I have followed the steps suggested in "the must read this" post.

Below are HighJackThis and Activescan results

(1) HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:09 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.221.10:8080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PxToolbarHelper Class - {21276F44-27FC-440E-A99E-A72324740419} - C:\Program Files\eGrabber\eGrabber ResumeFinder 2008\PxRFToolbarHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: ResumeFinder - {8A2B3DEC-D8A5-4199-BB0F-1180993826FF} - C:\Program Files\eGrabber\eGrabber ResumeFinder 2008\ResumeFinder.dll
O3 - Toolbar: eGrabber - {9E7E32DD-9584-4265-B223-43AA0D6E4E8C} - C:\Program Files\eGrabber\ResumeGrabber Pro 2008\PxInternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169628721418
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198171041697
O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare4c.netop...t_4.2.1.316.cab
O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare4c.netop.../ECareAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.co...upldr-2k-xp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8870 bytes



(2) Activescan

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Virus:W97M/Groov.C Disinfected Working Folders\Deleted Items\Contacts\Mary Lou Smith\Raytheon Systems Company Exempt & International Exempt Job Postings 1/18/99\RISCOCOV.doc
Virus:W97M/Class.D Disinfected Working Folders\Deleted Items\Contacts\Ken Bradley\Resume\WALKER, RANDY - Bradley & Assoc..doc
Virus:W97M/Marker.AO Disinfected Working Folders\Inbox\Candidates Sent\Ref.RON86442\RESUME.DOC
Virus:W97M/Melissa.A Disinfected Working Folders\Inbox\Mortgage\Job # : EVR1202 - Commercial Mortgage Loan Underwriter\nbncovletter.doc
Virus:W97M/Melissa.A Disinfected Working Folders\Inbox\Mortgage\Job # : EVR1202 - Commercial Mortgage Loan Underwriter\max'sresume.doc
Virus:W97M/Myna.C Disinfected Working Folders\Inbox\Mortgage\(no subject)\BRIAN3.doc
Virus:W97M/Titch.A Disinfected Working Folders\Inbox\Mortgage\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Titch.A Disinfected Working Folders\Inbox\GMAC Mortgage\GMAC Mortgage II\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Titch.A Disinfected Working Folders\Inbox\GMAC Mortgage\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Groov.C Disinfected Working Folders\Contacts\Mary Lou Smith\Raytheon Systems Company Exempt & International Exempt Job Postings 1/18/99\RISCOCOV.doc
Virus:W97M/Class.D Disinfected Working Folders\Contacts\Ken Bradley\Resume\WALKER, RANDY - Bradley & Assoc..doc
Spyware:Spyware/Virtumonde Not disinfected Working Folders\MailFrontier Junk Mail\Campaign Report
Virus:W97M/Marker.AO Disinfected Personal Folders\Inbox\Candidates Sent\Ref.RON86442\RESUME.DOC
Virus:W97M/Melissa.A Disinfected Personal Folders\Inbox\Mortgage\Job # : EVR1202 - Commercial Mortgage Loan Underwriter\nbncovletter.doc
Virus:W97M/Melissa.A Disinfected Personal Folders\Inbox\Mortgage\Job # : EVR1202 - Commercial Mortgage Loan Underwriter\max'sresume.doc
Virus:W97M/Myna.C Disinfected Personal Folders\Inbox\Mortgage\(no subject)\BRIAN3.doc
Virus:W97M/Titch.A Disinfected Personal Folders\Inbox\Mortgage\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Titch.A Disinfected Personal Folders\Inbox\GMAC Mortgage\GMAC Mortgage II\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Titch.A Disinfected Personal Folders\Inbox\GMAC Mortgage\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Groov.C Disinfected Personal Folders\Contacts\Mary Lou Smith\Raytheon Systems Company Exempt & International Exempt Job Postings 1/18/99\RISCOCOV.doc
Virus:W97M/Class.D Disinfected Personal Folders\Contacts\Ken Bradley\Resume\WALKER, RANDY - Bradley & Assoc..doc
Virus:Trj/SpamtaLoad.BP Disinfected Personal Folders\Junk E-mail\Mail server report.\Update-KB5343-x86.zip[Update-KB5343-x86.exe]
Virus:Trj/SpamtaLoad.BP Disinfected Personal Folders\Junk E-mail\Status\text.txt.cmd
Virus:W32/Spamta.OL.worm Disinfected Personal Folders\Junk E-mail\Mail server report.\Update-KB8550-x86.zip[Update-KB8550-x86.exe]
Virus:W32/Spamta.OL.worm Disinfected Personal Folders\Junk E-mail\hello\doc.txt.scr
Virus:W97M/Marker.AO Disinfected Personal Folders\Inbox\Candidates Sent\Ref.RON86442\RESUME.DOC
Virus:W97M/Melissa.A Disinfected Personal Folders\Inbox\Mortgage\Job # : EVR1202 - Commercial Mortgage Loan Underwriter\nbncovletter.doc
Virus:W97M/Melissa.A Disinfected Personal Folders\Inbox\Mortgage\Job # : EVR1202 - Commercial Mortgage Loan Underwriter\max'sresume.doc
Virus:W97M/Myna.C Disinfected Personal Folders\Inbox\Mortgage\(no subject)\BRIAN3.doc
Virus:W97M/Titch.A Disinfected Personal Folders\Inbox\Mortgage\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Titch.A Disinfected Personal Folders\Inbox\GMAC Mortgage\GMAC Mortgage II\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Titch.A Disinfected Personal Folders\Inbox\GMAC Mortgage\Joseph H. Adams, Jr.-Candidate for VP Client Relations\resume addendum.doc
Virus:W97M/Groov.C Disinfected Personal Folders\Contacts\Mary Lou Smith\Raytheon Systems Company Exempt & International Exempt Job Postings 1/18/99\RISCOCOV.doc
Virus:W97M/Class.D Disinfected Personal Folders\Contacts\Ken Bradley\Resume\WALKER, RANDY - Bradley & Assoc..doc
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMySrWB.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp



Any suggestions?



Thanks,
Jimbo
  • 0

Advertisements

#2
bigjimthechief
Posted 09 January 2008 - 09:54 PM

bigjimthechief

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Can anyone help me?

Any suggestions as to what is going on with my computer!?

Jimbo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP