There's A Poltergeist In My Computer! Or Is There?

[Peregrin Toker]

For the last two days, I have experienced a quite strange phenomenon. What happens is that suddenly, the mouse cursor starts jumping randomly around and clicking various things without me having the slightest control over it - often opening random directories in the process and at its worst obstructing whatever I was doing. It's almost as if the computer has got a will of its own which occassionally manifests itself.

And I don't have a clue what it is! Despite the title, I will leave the rather silly explanation of supernatural involvement until nothing else is left.

I've scanned the computer for viruses with AVAST! and though it found and deleted several infected files, the "computer poltergeist" (as I've nicknamed the phenomenon) didn't go away - though its activity became a lot less annoying and less severe in its extent.

Another explanation is that my mouse is quite worn out, and since I'm buying a new computer next week or so (irrespective of these strange occurences), I won't have to endure the "computer poltergeist" for much more time.


Anyway - do you have any clues to what can be wrong with it?

[Darth Wong]

No idea what's causing that. Therefore, God created the universe.

[Peregrin Toker]

I don't actually believe it to be a poltergeist, it's just a nickname I've given it.

[Darth Wong]

I don't actually believe it to be a poltergeist, it's just a nickname I've given it.

Doesn't matter. You can't explain it, therefore God created the universe. Praise!

[Einhander Sn0m4n]

0.0





Umm, get Hijackthis and run it. Then post a log. Do you have SpybotSD btw?

[Peregrin Toker]

Umm, get Hijackthis and run it. Then post a log. Do you have SpybotSD btw?

I've just downloaded Hijackthis.

And no, I don't have SpybotSD but I do have SpywareNuker.

[SirNitram]

Looks like Mike has finished reading the Book of Mormom..


Anyway. I'd suggest running another antivirus. Sometimes you need to tag-team the little bastards.

[Einhander Sn0m4n]

Umm, get Hijackthis and run it. Then post a log. Do you have SpybotSD btw?

I've just downloaded Hijackthis.

And no, I don't have SpybotSD but I do have SpywareNuker.

SpywareNuker is CRAP! Uninstall the piece of shit. You want SpybotSD!

[Peregrin Toker]

Anyway. I'd suggest running another antivirus. Sometimes you need to tag-team the little bastards.

Another scan with AVAST!, or another antivirus program?

[SirNitram]

Anyway. I'd suggest running another antivirus. Sometimes you need to tag-team the little bastards.

Another scan with AVAST!, or another antivirus program?

Seperate program, to see if there's some AVAST doesn't know about.

[Peregrin Toker]

Which antivirus programs do you recommend, Nitram?


Anyway, Einy, here's the HijackThis log:


Logfile of HijackThis v1.97.7
Scan saved at 20:06:37, on 25-07-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmer\Alwil Software\Avast4\ashServ.exe
D:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
D:\Programmer\Winamp\Winampa.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
D:\Programmer\QuickTime\qttask.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Microsoft Office\Office\OSA.EXE
D:\Programmer\Microsoft Office\Office\FINDFAST.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\taskmgr.exe
D:\WINDOWS\explorer.exe
E:\Simon\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/Default.asp?Ath=f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] D:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updater] D:\Programmer\Common files\updater\wupdater.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office-start.lnk = D:\Programmer\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Hurtig søgning.lnk = D:\Programmer\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: D:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product/cam ... taller.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/ ... mv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5373148148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

[Einhander Sn0m4n]

R3 - Default URLSearchHook is missing <== Fix it
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL <== Remove it
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL <== Remove it
O4 - HKLM\..\Run: [TkBellExe] D:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot <== Your choice, but I recommend remove
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime <== Your choice, but I recommend remove
O4 - HKLM\..\Run: [updater] D:\Programmer\Common files\updater\wupdater.exe <== KILL THIS PLEASE: This is probly the source of your problems
O4 - Global Startup: Microsoft Office-start.lnk = D:\Programmer\Microsoft Office\Office\OSA.EXE <== Your choice, but I recommend remove
O4 - Global Startup: Microsoft Hurtig søgning.lnk = D:\Programmer\Microsoft Office\Office\FINDFAST.EXE <== KILL WITH PREJUDICE! ITS RESOURCE HOG FROM HELL WITH NO BENEFIT!
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product/cam ... taller.exe <== Remove

[Peregrin Toker]

Thanks Einy,

[Peregrin Toker]

Okay, I've done what Einy told me to, and I still had those problems. However, this morning I've replaced my computer's mouse with a new one and I haven't experienced these poltergeist-like phenomena yet.

[Einhander Sn0m4n]

So it was a maus problem? Glad you fixed it.

Any time, Toker.

[admiral_danielsben]

I don't actually believe it to be a poltergeist, it's just a nickname I've given it.

Doesn't matter. You can't explain it, therefore God created the universe. Praise!

Either you are channeling your Mormon evil (or good, it's all POV) twin Ike Wong, or you're criticizing the use of religious words for non-religious situtations with obtuse sarcasm.

[Peregrin Toker]

So it was a maus problem? Glad you fixed it.

Any time, Toker.

Yep, it was indeed the MAUS.

[phongn]

Alright, this is enough. Question answered....