Weird Randomness

This has been on going for a while, and I finally got smart and thought to ask you guys here.
I bought mycomputer second hand, but practically new.
HP, running XP.
Soon after I got on the net, I started having issues with my computer randomly opening and closeing programs, and the mouse screaming across the screen, even when I wasn't touching it.
Or the mouse would freeze, and you couldn't even turn it off by the start button.
It did this while I was sleeping one afternoon, (working 3rd shift), and my daughter kept plugging, and unplugging the computer, and burnt out the harddrive.. everything got wiped, and I needed to get a new hard drive.
Soon after getting the new drive, the same thing started happening.
Once in a while, running adaware, I'll get some kind of spy ware, but even clearing these out does nothing. Anti Virals pick up nothing.
I started running mozilla, because I can open two tabs, and that keeps the net window from shutting on me.
I have downloaded these things Mozilla, the latest Yahoo Mesenger, and the latest WMP.
I also downloaded something called SUPER, and FLVplayer, and some codecs a while back, but I had already been experiencing these problems before I got the codecs, which I may or may not have installed, I honestly don't remember, but they were clean.
This is driving me crazy, every 5-10minutes, I have to ctrl/alt/delete to get the mouse to stop going crazy, and shut down any windows or programs that might have opened, cancel anthing that say do you want to.. and then I might have 5 minutes before it happens again.
Today, I tried sys restoring to my earliest resore point, but the restoration didn't go through, and I had to go to a slightly younger point.. BUT it is still happening.
Any clues as to what is going on, and what I can do to try to fix it?

Download the following "FREE" "LEGAL" programs:

adaware se
Spybot search and distroy
ccleaner
Zonealarm-firewall
M$ defender

Also make sure you have all the M$ updates for your version of windows.

I hope this helps-if not, post results.

Yeah, seems like an intruder is remotely using your computer through the network. Clean it with a good anti-virus. Install a firewall.

If you feel like it, I suggest you install Ethereal for Windows, preferably on a different computer than the infected one. With the network card in promiscusous mode plugged into a hub or in the monitoring port of a switch you should see any suspicious packets traveling from the infected computer. Then you are able to try analysing the packets to find out who is breaking into your computer, what files he's transferring, etc.

Download Autoruns, originaly from Sysinternals, now from Microsoft.

It will show you all things that are loaded on start-up.

If you find anything from an unknown company or if there is no company name you can get more information about it by right-clicking it and choosing "search on-line", or something like that.

You can just uncheck the files from the list, and if everything is OK then you can go back and delete the unchecked items.

This is what SpyBot picked up.
None of which Adaware even blipped on. I have adaware.. I thought I said so, but I guess not, lol.
Removed them all but the Microsoft stuff.. I don't know that I need them or not, what say you?
Interesting is that as soon as I came on here to report my progress, the random screaming mouse, programs opening and closing happened again..
OK, on to the next program.

AdRevolver 16
Advertising.com 5
Avenue A. Inc 2
Bearshare 2
Bfast 2
CasaleMedia 6
Coremetrics 1
DoubleClick 1
FastClick 9
HitBox 10
MediaPlex 2
Microsoft.WindowsSecurityCenter.AntivirusDisableNotify 1
Microsoft.WindowsSecurityCenter.FirewallDisableNotify 1
SpywareBOT 8
Statcounter 35
TargetNet 1
Tradedoubler 1
WebTrends live 1
Zedo 3


I am up to ZoneAlarmnow, and even after installing it, I have the weird randomness.
The thing it, it doesn't look as though anyone is trying to open anything.
What happens is that the mouse starts screaming across the screen, like if a child were playing with it.
The wondow I am in usually tries to close, the start menu opens, and sometimes random programs on the start menu opens, The fewer programs I have on it, the few programs that try to open.

I guess it is time to look for M$..
You do realize I have no idea what M$ is, right? Or how to be sure that I have them updated.
I would love to try the ethereal, just in case, but here is the thing, I have but the one computer. And I have no idea what else you said.. Promiscusous?!! Who what what??
And then I guess I will go to autoruns.

You know, I blame XP.
Some years ago, I swear, I downloaded anywhere from 50-100 things a DAY off Kaaza of all things, and I never picked up a single thing, nothing ever happened to the puter which was running 95/98 (I SAID some years ago).. XP has given me issues from day one it seems.
OK time for M$ whatever that is, and autorun.. I will return.. I hope.
Zone Alarm gave me some issues getting back on, even though on start up, I said that Mozilla was OK.
Things were even worse before mozilla. or is it firefox? I dunno, my brain is dying on me.

[edit on 11/20/2006 by FalseParadigm]

Microsoft.WindowsSecurityCenter.AntivirusDisableNotify 1
Microsoft.WindowsSecurityCenter.FirewallDisableNotify 1


Should both have a dword value of "0"

By default Win XP w/SP2 will notify you if/when there is no antivirus or firewall detected Or if they are off or disabled. By having those values set to "1" this notification has been turned off, therefore the user is never made aware if/when their firewall and/or antivirus have been disabled.


To remedy:
Start --> Run --> type "regedit" --> click ok

Goto:
HKEY_Local Machine >> Software >> Microsoft >> Security Center

Click once on "Security Center" to highlight it. Now, on the right hand side, double click on "AntivirusDisableNotify" and change the value data to "0", then click ok.

Repeat the same for "FirewallDisableNotify".

Close the registry editor. Restart windows.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some of these nasty lil' bastaads go a step further and seek out/disable your security software [i.e. mcafee, norton, etc]. With those turned off, and without the notification you would normally receive, there's a lot that could be taking place without you even being aware. [i.e. network shares, tcp proxy servers, etc]


It certainly wouldn't hurt to do a HouseCall on your PC. It's free and may very well find things the other programs are missing.

Hey!!
Thanks!!
You know what is scary? I am the one that is the tech person in my family .. I am talking about my whole family, mother, brother, sister, aunts, cousins, all of them, except for two uncles.

I also found something called registry boost, or something like that, tried it, did something, and then uninstalled it, cause it was a very limited trial version.
Then I restarted, and SO FAR, I am not having any weird randomness..
SO FAR.
Sometimes the computer does play nice, and will not act up for a couple days, even a couple weeks at a time.
BUT now I have some weapons against the randomness.

Opps, belay that, weird randomness started again.. Closed the browser down when I pulled the run..
OK am going to go regedit now.


I am having coniptions.. been up all night playing with this.
You know, if I had it like him, I would shoot this thing the way Elvis shot TVs..


OK, been there done that, and I also found that this "FirstRunDisabled" was at 1 also.
You want I should change that? Or be it good?

[edit on 11/20/2006 by FalseParadigm]

Yes. Set it back to "0".

Also, go to the Windows folder and look for a file called "disable.reg". If it's there delete it. If not, nevermind.

Don't forget the HouseCall.

What Windows where?
I did a file search for it, but it came up empty.. Please tell me that is a good thing, lol.
A friend of mine have me housecall a couple days ago, and I ran it , and I showed clean.. Running it again, JIK.
I am still being random..
Not as random as before, but random none the less.

Ahhh, NOW I remember..
That was the AVG. Then, as before, the HouseCall did nothing.. it just ran and ran and ran and rand, and never stopped running..
I figgered it was broked.
If, it is still broked.
Maybe it is me, maybe it is the puter.. I dunno. It is still being random though.

[edit on 11/20/2006 by FalseParadigm]

M$ is short for Microsoft so just check windows update to see if you are missing any updates. If it is a rootkit then most Anti Virus software suites won't find them, they can hide themselves from any and all detection. Go to rootkit.com and look them up, they have made some programs to help find traces of them. They also have developed rootkits so read the descriptions before you download anything from the website. They also have a really excellent book which you could pick up at borders if you find them interesting.

When you installed windows on the new hard drive did you use the hp recover CD? Maybe try get a clean version without all the HP junk on it and see if the problem goes away. If it was a person messing around it would be easy to tell, just random nonsense is most likely software issues. You could contact HP and see if anyone else has had the same problems.

I am not so sure it is sasser, so that site is bad just to say lsass.exe is sasser, when all the other sites say look for avserve.exe in the registry under current version/run...
and that lsass.exe is what is effected..

Ahhh.. That is updated all the time. So I should be good on that. I didn't install anything on the new drive, I took the puter to the shop, and I really don't know what he did, or how he did it. The old one was fried, he said, no way to get or recover anyhting off it, which burnt me, cause I has all my music )Legal, thank you) and all my pics on it..

Off to go find out about rootkits...l I think I have learned too many new things today... Where is the brain exploding icon?

AdRevolver 16
Advertising.com 5
Avenue A. Inc 2
Bearshare 2
Bfast 2
CasaleMedia 6
Coremetrics 1
DoubleClick 1
FastClick 9
HitBox 10
MediaPlex 2
Microsoft.WindowsSecurityCenter.AntivirusDisableNotify 1
Microsoft.WindowsSecurityCenter.FirewallDisableNotify 1
SpywareBOT 8
Statcounter 35
TargetNet 1
Tradedoubler 1
WebTrends live 1
Zedo 3

everyone of those are spywares running the background via the 4th one down. Bearshare, illegal p2p software buddy. When u install bearshare, kazaa, limewire, any of those softwares, they install a crapload of spyware on your system. I get to clean bout 40 rigs a week clean from that crap software.

I recommend going to www.ewido.com and clik free online scanner on the left hand side. Anything it finds, Let it DELETE it. then goto www.lavasoft.com and download adware personal se. If you have the cash i would suggest paying for adware pro with adwatch. Excellent piece of software i have used for years and it works wonders on keeping your system clean and letting you know if anything is modifying your registry. adwatch shows you old data, and new data being changed to, and asks you if you would like to allow or deny it. Just my 2cents on your prob bud.

I don't recall having any p2p on this, though I did breifly download EMule, and then immediately uninstalled, because the puter went bazako as soon as it was installed..
I do remember my cousin letting some friends on the computer, and I know that they downloaded something though they deleted it, because when I went on my puter, my home page as well as a few other settings were changed, and he doesn't have a clue as to what they might have been doing on the puter.

Ran S[yBot again, and a few of these were back on.. was back...

Microsoft.WindowsSecurityCenter.AntivirusDisableNotify 1
Microsoft.WindowsSecurityCenter.FirewallDisableNotify 1

When back and put them on 0 again, but I find that discontenting, and I guess I'll have to go and check out that site, because I am unconfortable with anything that is disabiling or changing things in the registry..
Not cool at all..
BUT either SOMETHING has been cleared out, or whatever was causing the randomness is giving me a break, because I haven't had it in a couple days..

About the Microsoft.WindowsSecurityCenter.AntivirusDisableNotify 1

See the below link for some info.

forums.spybot.info...

The way I read it is: If you already have antivirus installed, Windows does not need to notify you about a lack of antivirus, so this "notification" is disabled. However, spybot is letting you know that it is disabled, just in case you dont have antivirus installed.

The same is probably true of the firewall notification. The XP "firewall disabled notification" is turned off, probably because you have the firewall turned on. Why would you want to be notified that the firewall is disabled if it is actually on?

It is just spybot letting you know that these features are turned off, so that you are aware, just in case a bug has disabled it. It is not absolutely telling you that you have a problem.

Thats the way I read it anyway.

Just because you uninstalled emule and whatever software your friends put on, does not remove the multitude of spyware that gets installed with them. They have to be removed individually and sometimes are harder to get off than a booger on ur finger. LOL sorry thats the only thing i could think of thats hard to get off.

I figgered that w/ emule, and cousin's friends.. mine would have never dowloaded something on my puter.
I ran adaware, and knocked a lot of stuff out, but there were a few things I had to track down and clear when this happened. I am not surprised if I missed a few things, though.

I would like to point out that emule does not contain spyware.

Format C is the quickest method of getting rid of your problem.

I am going to tell you all something that may well make you fall out of your seats laughing..

My weird randomness problem looks to have been solved...

By buying a new mouse.

*ducking*


Thanks everyone for all the help you gave me, I appreciate it very much.

oh man!

Thats a beautiful thing.
It's great that you found it.
And also great that you admitted it!

I'm always reminding my IT guys....Including myself.. "don't forget the simple stuff" Sometimes we forget, and bark up the wrong tree for hours..

Way to go..!