Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mouse Crazy


  • This topic is locked This topic is locked
7 replies to this topic

#1 Psychonaut

Psychonaut

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 19 July 2004 - 01:07 AM

There's a problem with my computer. Every now and then, my mouse goes (on its own) to the top right corner and closes the window by itself.

It tries to do this every half an hour or so. Can see that it goes there and repeatedly clicks till it closes the maximized windows.

Right now I've not maximised any windows, but it still tries to go there and click them.

I've run Ad-aware 6, Spybot S&D, Trojan Remover, Pest Patrol, and they all haven't found anything.

Here's my Hijack This log. Nothing suspicious there either.

Logfile of HijackThis v1.98.0
Scan saved at 10:04:46 AM, on 7/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\WINNT\system32\CfgSrvc.exe
C:\Program Files\Connected\CBlaunch.exe
C:\WINNT\etlisrv.exe
C:\WINNT\system32\CfgSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\USBMonit.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\WINNT\system32\etlitr50.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\etdsvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\AcroRd32.exe
c:\Program Files\PestPatrol\PPMemCheck.exe
c:\Program Files\PestPatrol\ppcontrol.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\ddavid3.MEA\Start Menu\Programs\Accessories\System Tools\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hub.slb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hub.slb.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "c:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\PestPatrol\ppclean.exe" clean ts:20040718100231547 suite 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hub.slb.com/
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://imhub.nam.slb.com/sametime/STMeetin...STJNILoader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.dubai.oilfield.slb.com/viewer/a...tivexviewer.cab
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mea.slb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mea.slb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mea.slb.com
O18 - Protocol: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\Common Files\SAP Shared\System\SAPHTMLP.DLL
O18 - Protocol: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\Common Files\SAP Shared\System\SAPHTMLP.DLL


I'm also going to try a new mouse. Maybe that's the problem. Will let you know if it works. Till then, please let me know if there's anything else I can try..

:thumbsup:

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:24 AM

Posted 19 July 2004 - 10:03 AM

That sound strange that you would see something like that. It actually sounds like someone is connected to your machine and controlling your computer.

Do you know what the below program is?

O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe

#3 Psychonaut

Psychonaut
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 19 July 2004 - 11:52 PM

Yeah, it's an encryption package.

I've tried everything, and noticed others have had similar situations. No solution yet tho..

http://www.computercops.biz/postp225083.html

http://forums.thetechguys.com/archive/index.php/t-4530.html

http://www.webuser.co.uk/cgi-bin/forums/sh...b=5&o=93&part=1

http://www.nerdhelp.com/forums/index.php?a...t=0&#entry15785

Any answers would be appreciated. It's a major pain when youre working on excel and the cursor goes there and shuts it down..

Aaaaaarrrrrrgggggggghhhhh!!!

:thumbsup:

#4 Psychonaut

Psychonaut
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 19 July 2004 - 11:55 PM

One more..

http://www.ntcompatible.com/thread26057-1.html

#5 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:05:24 AM

Posted 20 July 2004 - 12:23 AM

I've read your posts & links...can certainly understand the emoticon you used...
the hours I've spent tracking information have brought to my mind unfamiliar emotions.
BTW
  • I can only sympathize with you...I have no answer.
  • (I'm seeking help here, not qualified to give advice to you)
  • your assembling the links and presenting them is remarkably resourceful, IMHO
I hope for a resolution to the problem and will say no more so you can get on with it.
patiently patrolling, plenty of persisant pests n' problems ...

#6 Psychonaut

Psychonaut
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 20 July 2004 - 03:38 AM

Nope.. New mouse didnt work either..

It doesn't look like it is being controlled. It moves too fast for that..

Sam

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:24 AM

Posted 20 July 2004 - 09:12 AM

Well if it is being controlled we should be able to see it as there will be a strange programming listening on a port on your computer. Please do the following:

Download this file:

http://www.bleepingcomputer.com/files/forensics/Fport.exe

Save it to the c:\ drive.

Then click on start, run, and type cmd and press the ok button.

At the cmd prompt, type the following:

cd \ and press enter

fport > fport.txt and press enter.

notepad fport.txt and press enter.

Copy and paste the contents of the notepad to a reply to this message.

#8 Psychonaut

Psychonaut
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 23 July 2004 - 11:47 PM

:thumbsup:

Ok guys, I found the problem.. It was my mouse. After Pestscan, Spybot, Ad Aware, and a host of other utilities did not find anything on my computer, I tried using another mouse.

And it works. I'm not sure why the problem didn't go away when I tried using another mouse the first time. But anyways, it has now gone and I have control of my computer again.

Thank you all for all your help and for your patience.

Sam




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users