need help please

hello all, im new here and i got problems. hope im in the right place, sorry if im not.

ok ive got this problem my cursor is moving around by itself, i know ive got a virus or viruses on my pc. i doubt this problem has anything to do w/ the functionality of my mouse. i can only assume this is virus related or maybe hacked, not sure.

i dont have a virus scanner i use panda, also have tons of spyware removal software, also use Asquare malware scanner . none of them seem to find anything wrong(actually dl'd an update for this and it did find stuff but still have problems).

im on windows XP, checked hijackthis and see one thing in the log that looks suspicous. but i know if you dont know what youre doing you could make things worse and not delete the entire virus or whatever.

also there are things in my history that i absoloutely can not delete.

if anyone can help me id apreciate it. thank you

 

anyone? anyone?

 

hello? anyone there? please help

 

Okay, from what I know, functionality of the mouse wouldn't have a heck of alot to do with a virus. But it might, depending on what virus it is.
Hmm, well, usually when I find something suspicious I just delete it, but try the malicious software removal tool and see if that doesn't help.

Well, does anything bring up the name of the virus/problem? Because if that is the case, tell me what its name is, and I'll go about finding you some tool to get rid of it.

Sorry for the wait too

 

i tried it, and it says nothing was found.

the charecteristics of my cursor imo dont seem to be a problem w/ my mouse, the cursor will mysteriously jump off screen while im typing or not even using the mouse.

thanks for replying, understand you guys are all probably busy dealing w/ other ppls' problems and.... ohh uhh yeah your lives.

ive run quite a few virus scans and while some found problems, i still have this damn cursor problem.

and cant seem to find a person who can read a hijackthis log.

 

Maybe its a problem with your mouse software/driver?
There are people around here that can read a hijackthis log. Jus' because I can't... But I am learning.

Sorry that thing didn't work... >.< I suggest http://housecall.trendmicro.com/ its a really effective online virus scanner, I have a friend who swears by it, and he's smart, so

Or, you could take this problem to the hardware section, might well be your mouse.

Computers is my life!!!

 

tried housecall, didnt find anything.

 

Well, I'm learning how to read a hijackthis log now.
http://www.hijackthis.de/en Paste your logfile in here or upload it, then click analyze. See what it comes up with.

 

ok here's the hijackthis log. thanks for your help

edit by bjgarrick: Inline, out of date HJT log removed!

 

your logfile

Says you need a firewall, and antivirus software.

 

ok, sorry i didnt know about all that stuff.

ill try to follow your instructions the best i can but my computer knowledge isnt the best so forgive me if i dont understand everything. thanks

 

;_; *lesigh* I suppose its stupid to think I actully did any good. I'll rack off now...

 

alright cool, thanks for attempting to help me flames.

if you guys will remain patient w/ me im trying to eat supper and do all this at the same time.

 

i didnt leave just doing more virus scans using the tools from the Readme section

 

Okay! After you have completed all of the scans and steps listed in the READ ME, procede with attaching a current HJT log from normal mode and we will go from there.

 

just an update on how far ive gotten. i ran all the tests from ReadMe and still need to boot into safe mode.

some other things have popped up this weekend that require my attention, i hope no one is waiting on me, i just hope when i get the chance to comeback that i be able to get your assistance, if not dont worry 'bout it, i understand and thank everyone for their time.

 

ok, im back.

before i tell ya the results from safe mode. when i dl'd the stuff from ReadMe i thought i was supposed to run them as i was going along, i didnt know i was supposed to dl them then run them in safe mode.

 

The reason its best to run them in Safe Mode is because less programs are running and most of the infections will not be running making it easier to remove them.

As long as you run them and remove all found infections you will be ok.

After you complete all of the steps in the READ ME, go ahead and post your HJT log as an attachment to your post.

 

ok, im back.

before i tell ya the results from safe mode. when i dl'd the stuff from ReadMe i thought i was supposed to run them as i was going along, i didnt know i was supposed to dl them then run them in safe mode.

k, 1st off, following the README:

network security service - didnt have that, only thing i found was "NT LM Security Support"

workstation netlogon service - just says workstation

Remote Procedure Call - i have Remote Procedure Call Locator

hsremove (again didnt know i was supposed to run in safemode) anyway it changed my homepage, i have spysweeper securing my homepage and continued to allow it .

aboutbuster wouldnt let me download.

Safe Mode results:

adaware found 2 negligible objects

:MRU List list of recently opened documents
:MRU List HKEY_USERS :s-1-5-21-3864016736-5166(this number was too long to copy)

deleted and quarentined both

spybot found nothing but when immunizing it said "749 bad products blocked" "1614 additional protections possible"

CWShredder didnt find anything


initially when i dl'd the programs(not in safe mode) from README however, adaware and spybot did find somethings and unfortunately i dont remember everything it found

adaware found 8 objects, something called IBIS

spybot found some things but i dont remember what they were

mind you, programs like adaware, spybot , cwshredder i ran before i came to majorgeeks(some werent as updated as yours at the time)

and dont kill me but i forgot to run "stinger" in safemode, which im going to do right now.

 

dogginbox,

Since you have completed the READ ME go ahead and attach a current HJT log from normal mode


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

i tried saving my log in notepad, and it wouldnt save it. probably due to the fact that im doing something wrong.

unless you want to tell me how to save it to notepad, id prefer to just cut and paste it here.

 

nevermind i got it(that was weird).

here's the log

 

Before we start this fix you must relocate your HJT.

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.


After you have completed the above, procede with the fix below!


Please look in Add or Remove Programs for the following and Uninstall them if found:

Viewpoint

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

ViewMgr.exe

SpySweeper.exe <-- Shut down SpySweeper temporarily as it may block some of steps listed in this fix.

Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete ALL of the above, your log will be clean! Restart your computer and let me know if you have any further problems.

 

ok, try this

 

Okay! Now procede with the fix.

 

alright, i followed the steps

the line:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

wasnt in the hijackthis log after i removed viewpoint manager from add/remove programs.

thus far the cursor problem has not occured but its difficult to say weather i still have the problem as its not consistent, sometimes it occurs and sometimes it doesnt.

so i guess its a wait and see

 

Sounds good, if it does it again it will be a Software problem so post it in a new thread there.

As far as malware goes your clean, to stay this way follow all of the steps in the thread below.

How to Protect yourself from malware!

 

i still have the moving cursor.

i seriously doubt its a software thing, but if you insist it is, ok youre the experienced one but, the cursor moves so eratically. i dont understand how it could be a software problem, unless the software has a virus?

this cursor moves by it self, not just when im moving it. i could be typing and it will be moving around like crazy.

that being said though, everything you guys had me do seems to have minimized it and doesnt seem to happen as frequently.

could it be a hacker or keylogger?

 

Just to see if anything is hiding!

Please download "StartDreck", from here: http://www.niksoft.at/php/dl.php?f=startdreck.zip

Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Please attach the log in this thread.

 

hope i did this right.

 

i have a program called easy cleaner, that lists everything in the registry, and when i did the virus scan from panda it said there was a virus or spyware located in the windows registry.

unfortunately i dont know what im looking for. is that startdeck program the same kinda program?

 

...also, another question i had. whenever i seem to open multiple windows, a folder named "Links" appears in my favorites, is this normal?

 

No, it just shows startup locations. I dont see any problems in this log either.

Run these online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

Yes!

 

if trendmicro is the same as housecall i already ran that, along w/ bitdefender, the other two not sure if i already did

 

tried RAV and trojan scan, nothing was found

 

no my computer is a sony vaio along w/ the mouse.

as far as SP2, no idea on both questions.

ill try the mouse pointer options, havent done that yet because like i said it really doesnt seem like it would have anything to do w/ that.

panda came up w/ no viruses but it was spyware and there free scan doesnt remove spyware.

one was WinTools found in the windows registry and the other was BetterInet, i forget where it was found.

and i believe there was another found but my spyware tools i think removed them and it was called ByteVerify

 

didnt see any option for "pointer precision".

one thing i did notice though, under the pointer options tab, there is a section called visiblity w/ 3 options:

-display pointer trails

-hide pointer while typing

-show location of pointer when i press ctrl key

the option "hide pointer while typing" was checked and the thing is my cursor doesnt hide when im typing, but ever since i started having this problem sometimes the cursor will disappear when im typing, and it does it when im not typing also.

the only thing that is consistent w/ this problem is, the cursor always seems to end up moving to the right of the screen, completely off screen.

 

bump

 

just for the hell of it i did another scan w/ panda, and it found one spyware, BetterInet

 

i got aboutblaster to download from this site, this is it what it found and i still have the moving cursor

 

bump

 

bump

 

bump

 

whats with the bumps?

 

i dont know, trying to keep this thread at the top of the forum, so i can continue to get help