My computer cursor goes CRAZY, taking a life of its own as my computer opens up a ton of folders a few times a day. I've run checks for viruses and ad-ware but nothing is showing. Here is my Hi-Jack log:

===============================================
Logfile of HijackThis v1.99.1
Scan saved at 6:58:52 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Utilities\Audigy 2 programs\Surround Mixer\CTSysVol.exe
E:\Program Files\Utilities\MouseWare\system\em_exec.exe
E:\Program Files\Utilities\Audigy 2 programs\DVDAudio\CTDVDDet.EXE
E:\Program Files\Utilities\Multimedia keyboard utility\1.3\KbdAp32A.exe
E:\Program Files\Utilities\Daemon Tools\daemon.exe
E:\Program Files\Utilities\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
E:\Program Files\Utilities\ZoneAlarm\zlclient.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Utilities\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Utilities\Multimedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Utilities\Audigy 2 programs\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Utilities\Audigy 2 programs\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\Utilities\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Picasa Media Detector] E:\Program Files\Utilities\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Utilities\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - Startup: restart_vs.lnk = J:\viewsonic.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - E:\Program Files\Utilities\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - E:\Program Files\Utilities\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099987518343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145182069499
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\Utilities\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\Utilities\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\Utilities\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

===============================================

Thank you in advance for any assistance!

Hmmm, maybe I forgot something to get a helpful response?

Anyone? Please?

Did I do something wrong? Should I start a new thread?

hi arredondo,

you didnt do anything wrong. sometimes logs without apparent malware showing up get passed over.

i dont see anything in the log as far as trojans go. i suggest you download, install, update and scan with one of these: (not both)see if they can dig up anything

superantispyware:
http://www.superantispyware.com/

avg antispyware:
http://free.grisoft.com/freeweb.php/doc/20/lng/us/tpl/v5

shelf life

Firstly, thank you for the response.

I ran the first program and it didn't find anything. The "take over" sequence happened twice today, but I notice it stops the second I turn off my broadband cable modem. There is definitely something wrong; it was working fine for two years. I'm not sure what to do. :sad:

hi arredondo,

the first thing i thought of was some kind of trojan. but i dont see anything in the log and spybot and avg came up clean.

your thinking someone is accessing your computer?

nobody can hack into your computer without some inside help.

the inside help can be a trojan or virus or a unpatched operating system, browser or other software that can be exploited.

you look up to date with xp and malware scans etc come up clean.
see if this helps:
http://logitech-en-amr.custhelp.com/cgi-bin/logitech_en_amr.cfg/php/enduser/std_adp.php?p_faqid=35&p_created=1083791127&p_sid=MC83*iDi&p_accessibility=0&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTc3JnBfcHJvZHM9ODQ0LDg0NiZwX2NhdHM9JnBfcHY9Mi44NDYmcF9jdj0mcF9zZWFyY2hfdHlwZT1hbnN3ZXJzLnNlYXJjaF9ubCZwX3BhZ2U9MQ**&p_li=&p_topview=1

shelf life

I tried and no luck there. I've had the latest drivers and the problems described are not intense enough for what I'm experiencing.

It is happening more frequently now. Once an hour almost. It opens up firefox and tries to find files through Firefox on my computer (even if I don't have FF on). It looked for 'kfvdqoql.lnk', but FF said file can't be found. Then it opened up a bunch of menus and folders, looking for

C:/Documents&Settings/Allusers/startmenu/programs/accesories/calculator.lnk

..but it couldn't be found. This always lasts about 5-7 seconds then stops. Is there any other way I can find out what's going on?

hi arredondo,

bizzaro world. i thought of "joke" programs that someone could put on a computer but iam sure spybot and avg would flag it. does "it" always look for a file with a .ink extension?
do you have or could you borrow another mouse to try on your computer? if problem continues with different mouse, then try another keyboard.

have you ever had malware removed from the computer? i see you have zone alarm any strange or new processes asking for a outbound?
--------------------------------
we can also do a online scan for another opinion for malware here:

F-secure scan:
http://support.f-secure.com/enu/home/ols.shtml

click on the "start scanning button"
after the ActiveX applet installs--,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy&Paste the entire report in your next reply along with a current HijackThis log.
-----------------------------------------------
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab

shelf life

This topic has been archived due to lack of a response.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.