Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mouse Cursor Mind Of It's Own


  • Please log in to reply
1 reply to this topic

#1 vinster

vinster

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 23 October 2007 - 08:52 PM

Nice people of bleeping....

I ran spyware blaster, spybot and ad-ware 2007. Here is hijackyhis log and combofix log.
Please help. The mouse cursor seems to have a mind of it's own. It jumps all around the screen and I am unable to control it most of the time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:33 PM, on 10/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS1\explorer.exe
C:\My Downloads\gettygo.exe (aka hijackthis)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189036737712
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189036713627
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

combofix:
ComboFix 07-10-23.1 - Vinny 2007-10-23 20:33:22.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.28 [GMT -5:00]
Running from: C:\Documents and Settings\Vinny\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt

.
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.

2007-10-23 19:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-18 20:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-28 20:28 <DIR> d-------- C:\Documents and Settings\Vinny\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-20 03:08 --------- d-----w C:\Program Files\Common Files\Nullsoft
2017-05-20 03:06 --------- d-----w C:\Program Files\Real
2017-05-20 03:06 --------- d-----w C:\Program Files\Common Files\Real
2017-05-20 03:02 --------- d-----w C:\Program Files\Common Files\AOL
2017-04-18 00:54 --------- d-----w C:\Program Files\Norton SystemWorks
2017-04-18 00:53 --------- d-----w C:\Program Files\Symantec
2017-04-18 00:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2017-04-18 00:49 --------- d-----w C:\Program Files\Microsoft Plus!
2017-04-18 00:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2017-04-18 00:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2017-04-17 23:12 32,768 --sh--w C:\VIDEOROM.BIN
2017-04-17 23:09 266 --sh--w C:\Program Files\desktop.ini
2017-04-17 23:09 11,079 ----a-w C:\Program Files\folder.htt
2007-09-02 22:28 --------- d-----w C:\Program Files\Common Files\Java
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS1\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS1\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS1\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS1\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS1\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS1\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS1\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS1\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS1\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS1\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS1\system32\wups.dll
2007-07-31 00:18 207,736 ----a-w C:\WINDOWS1\system32\muweb.dll
2004-10-28 00:58 17,296 ----a-w C:\Documents and Settings\Vinny\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2007-09-02_180720.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-20 05:47:24 109,056 ----a-w C:\WINDOWS1\catchme.exe
+ 2007-10-20 11:03:32 136,192 ----a-w C:\WINDOWS1\catchme.exe
+ 2007-03-13 15:57:12 163,328 ----a-w C:\WINDOWS1\erdnt\subs\F3M\ERDNT.EXE
+ 2007-09-29 01:25:58 25,214 ----a-r C:\WINDOWS1\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe
+ 2007-10-24 00:47:16 1,038,336 ----a-r C:\WINDOWS1\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-10-24 00:47:18 178,688 ----a-r C:\WINDOWS1\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-10-24 00:47:18 171,008 ----a-r C:\WINDOWS1\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2007-10-24 00:47:18 8,704 ----a-r C:\WINDOWS1\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2003-03-19 02:05:50 89,088 ----a-r C:\WINDOWS1\system32\atl71.dll
+ 2003-03-19 03:14:52 499,712 ----a-r C:\WINDOWS1\system32\msvcp71.dll
+ 2003-02-21 09:42:22 348,160 ----a-r C:\WINDOWS1\system32\msvcr71.dll
+ 2007-07-31 00:19:36 549,720 ----a-w C:\WINDOWS1\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
+ 2007-07-31 00:18:40 33,624 ----a-w C:\WINDOWS1\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-31 00:19:12 43,352 ----a-w C:\WINDOWS1\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-07-22 23:39:28 279,552 ----a-w C:\WINDOWS1\system32\swreg.exe
+ 2007-04-02 19:21:28 139,776 ----a-w C:\WINDOWS1\system32\swreg.exe
+ 2007-10-24 00:53:00 16,384 ----a-w C:\WINDOWS1\temp\Perflib_Perfdata_774.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 01:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS1\System32\Drivers\NPDRIVER.SYS

*Newly Created Service* - AAWSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 01:36:02 C:\WINDOWS1\Tasks\Symantec NetDetect.job"
"2007-10-19 22:30:02 C:\WINDOWS1\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-10-20 01:00:02 C:\WINDOWS1\Tasks\Norton AntiVirus - Scan my computer.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 20:35:39
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 20:36:20
C:\ComboFix3.txt ... 2007-09-02 18:09
C:\ComboFix-quarantined-files.txt ... 2007-09-04 18:50
C:\ComboFix2.txt ... 2007-09-04 18:50
.
--- E O F ---

Thanks,
Vinny

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 PM

Posted 13 November 2007 - 10:35 AM

Sorry for the delayed response but the Hijackthis forum has been extremely busy as of late and we are all volunteers.

Your log looks clean.

While researching, I get conflicting info on this file: GDIPFONTCACHEV1.DAT which is located in the C:\Documents and Settings\Vinny\Application Data\ folder.

Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of GDIPFONTCACHEV1.DAT and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.

When did this problem first begin? Are you using a wireless mouse?

Have you confirmed that the mouse works on another machine? It is possible the mouse could be defective. Have you checked for low batteries which can result in weak or mixed signals that can affect the functionality of your mouse? Have you tried using a another mouse on your machine or a PS2 adapter on your USB mouse?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users