Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Cursor Is Going Crazy!


  • Please log in to reply
3 replies to this topic

#1 teknitis

teknitis

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 03 May 2004 - 10:18 AM

I was just wondering, my cursor has lately been going nuts... It will be working fine, all of a sudden it starts jumping all over the place, appearing from one side of the screen to the other, than back and forth, than it starts opening programs and window after window on its own, than it stops...Back to normal. Couple of minutes after, again. Has anybody had this problem before, if you have please let me know if there is a solution to the problem. I have windows xp.

    Advertisements

Register to Remove


#2 Archon_Wing

Archon_Wing

    Authentic Member

  • Authentic Member
  • PipPip
  • 96 posts

Posted 03 May 2004 - 12:53 PM

Let's start with the basics first.

A malicous program could be installed and someone could be remotely controlling your computer

- Get a virus scan. A free online one can be found at http://housecan.trendmicro.com If you have a virus scanner, make sure it's updated

- Download Spybot Search and destroy found at http://safer-networking.org Run it and fix all it finds in red

- Go to http://windowsupdate.microsoft.com Install all critical updates. See if there are driver updates

- Have you cleaned your mouse lately?

If none of that works,
Let's have a look at a HijackThis Log.

Download Hijackthis from http://tomcoyote.org/hjt/ and create a log. If you are on Windows 9x, make sure you have a Unzipping utility like Winzip (www.winzip.com). Extract, and Press Scan. Then please save the log and Post that log onto this topic. DO NOT Delete or modify anything yet, as some of it is needed to keep your system healthy!

#3 teknitis

teknitis

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 04 May 2004 - 02:15 AM

I tried all the above... Nothing worked. Here is the log. I appreciate the help...

Logfile of HijackThis v1.97.7
Scan saved at 11:53:11 AM, on 5/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Palm\Hotsync.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ceasar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teoma.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iHatePopups.exe] C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
O4 - HKLM\..\Run: [system32] C:\WINDOWS\System32\system32.exe
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\My Shared Folder\Games (1).exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Icon Phile] C:\Documents and Settings\All Users\Desktop\Iphile.exe -trans
O4 - HKCU\..\Run: [Active Tray] C:\Program Files\Active Tray\atray.exe
O4 - HKCU\..\Run: [QuickenBillminder] C:\Program Files\Quicken\Billmind.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\allowsite.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\denysite.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: iHatePopups (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups (HKCU)
O16 - DPF: {11111111-1111-1111-1111-111111111147} - file://C:\Program Files\Internet Explorer\1189.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab

#4 Archon_Wing

Archon_Wing

    Authentic Member

  • Authentic Member
  • PipPip
  • 96 posts

Posted 04 May 2004 - 03:00 AM

You can select the following entries listed below in Hijack This. Then, close all other windows besides Hijack This and click fix checked

Note: If something goes wrong you can undo the changes done by Hijack This. Go to the bottom right hand corner of Hijack This and click on config. Then choose backups There you can reverse any changes you made.

O4 - HKLM\..\Run: [system32] C:\WINDOWS\System32\system32.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users