help! i have an ibm thinkpad 600x, running windows 2000 professional. a few days ago, my trackpoint thingamajig in the middle of the keyboard all of a sudden could not control the cursor on the screen. the cursor goes crazy -- it drifts without warning, it darts across the screen at the slightest touch, it resists my efforts to direct it with the trackpoint. i started using an external mouse, but it struggles to regain control of the cursor from the evil forces. it will be working and then all of a sudden something will seize the cursor and make it start drifting and darting again.

i suspect a spyware/malware problem, because i run spybot and it detects something called "DSO Exploit" each time. each time i eliminate this "DSO Exploit," it always returns.

can someone, for the love of mercy, please help me?

Download Adaware Personal http://www.lavasoft.de/support/download/
Install it, update it, close browser and scan with it, remove all it finds.
Download HJT here (http://www.subratam.org/?page=removal) , extract it to it's own folder (not the desktop), and scan, create log and post the results back in this thread.

It might be a driver/hardware problem.
FYI Spybot bug may give false DSO Exploit indication. You DO have all the Windows Update critical updates loaded I hope.

And Welcome to the PC Guide Forums!

thanks for the suggestions. i'm actually not sure if i have all done the critical updates. i will download adaware personal now. in the meantime, here is my hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 7:40:18 PM, on 8/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\etlisrv.exe
C:\LDCLIENT\LOCALSCH.EXE
C:\WINNT\system32\cba\pds.exe
C:\LDCLIENT\QIPCLNT.EXE
C:\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\System Manager\BSA Client\bsa.exe
C:\Program Files\LANDesk\System Manager\BIN\iids.exe
C:\Program Files\LANDesk\System Manager\BIN\ssm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\LANDesk\System Manager\BIN\modemview.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\LDClient\wuser32.exe
C:\LDCLIENT\SDISTHK.EXE
C:\LDCLIENT\SOFTMON.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\program files\quick time\qttask.exe
C:\WINNT\system32\tp4serv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINNT\system32\etlitr50.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
D:\Program Files\Mobile Connection Manager\Wnex7DO.exe
C:\Program Files\LANDesk\System Manager\BIN\USM.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Microsoft Office\Office\WINWORD.EXE
D:\WinZip\winzip32.exe
C:\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\LDCLIE NT\SDISTHK.EXE,C:\LDCLIENT\SOFTMON.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iamapp] "D:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TaskComp] C:\LDClient\amclient.exe /tcs /s
O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s /bw=WAN
O4 - HKLM\..\Run: [VulScan] c:\ldclient\Vulscan.exe
O4 - HKLM\..\Run: [Inventory] C:\LDClient\LDISCN32.EXE /NTT=LANDESK1:5007 /S="LANDESK1" /I=HTTP://LANDESK1/ldlogon/ldappl3.ldz /NOUI /W=300
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quick time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKCU\..\Run: [key] C:\WINNT\system32\winxp.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINNT\system32\WINdirect.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Entrust Login.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Mobile Connection Manager-WatchDog.lnk = D:\Program Files\Mobile Connection Manager\Wnex7DO.exe
O4 - Global Startup: shamin~1.exe
O4 - Global Startup: USM.lnk = C:\Program Files\LANDesk\System Manager\BIN\USM.exe
O4 - Global Startup: work.bat
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.7745949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F104C1-86B6-40B9-B4E6-D9FBB63EAE43}: NameServer = 205.188.146.146

Your HJT version is old, try new one from here (http://www.subratam.org/?page=removal)

ok. here's what the new version of hijackthis came up with...
thanks again...


Logfile of HijackThis v1.98.1
Scan saved at 8:02:54 PM, on 8/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\etlisrv.exe
C:\LDCLIENT\LOCALSCH.EXE
C:\WINNT\system32\cba\pds.exe
C:\LDCLIENT\QIPCLNT.EXE
C:\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\System Manager\BSA Client\bsa.exe
C:\Program Files\LANDesk\System Manager\BIN\iids.exe
C:\Program Files\LANDesk\System Manager\BIN\ssm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\LANDesk\System Manager\BIN\modemview.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\LDClient\wuser32.exe
C:\LDCLIENT\SDISTHK.EXE
C:\WINNT\Explorer.EXE
C:\LDCLIENT\SOFTMON.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\LDClient\LDISCN32.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\program files\quick time\qttask.exe
C:\WINNT\system32\tp4serv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINNT\system32\etlitr50.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
D:\Program Files\Mobile Connection Manager\Wnex7DO.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\LANDesk\System Manager\BIN\USM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WinZip\winzip32.exe
C:\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\LDCLIE NT\SDISTHK.EXE,C:\LDCLIENT\SOFTMON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iamapp] "D:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TaskComp] C:\LDClient\amclient.exe /tcs /s
O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s /bw=WAN
O4 - HKLM\..\Run: [VulScan] c:\ldclient\Vulscan.exe
O4 - HKLM\..\Run: [Inventory] C:\LDClient\LDISCN32.EXE /NTT=LANDESK1:5007 /S="LANDESK1" /I=HTTP://LANDESK1/ldlogon/ldappl3.ldz /NOUI /W=300
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quick time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKCU\..\Run: [key] C:\WINNT\system32\winxp.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINNT\system32\WINdirect.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Entrust Login.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Mobile Connection Manager-WatchDog.lnk = D:\Program Files\Mobile Connection Manager\Wnex7DO.exe
O4 - Global Startup: shamin~1.exe
O4 - Global Startup: USM.lnk = C:\Program Files\LANDesk\System Manager\BIN\USM.exe
O4 - Global Startup: work.bat
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F104C1-86B6-40B9-B4E6-D9FBB63EAE43}: NameServer = 205.188.146.146

I'll let someone else decipher the HJT log tonight, I'm close to crosseyed already.. :rolleyes:

My laptop had a similar mouse problem that was a driver issue. Boot into Safe Mode, remove the mouse from Device Manager, (and every other mouse if more than one is listed). Reboot and see if it acts right again.

I Think you have the Bagle worm.

Download The Free Avast Removal tool. (http://www.avast.com/eng/avast_cleaner.html)

Perform an On-line scan (http://housecall.trendmicro.com/) .

Run the AVAST removal tool.

Post the results of your scans along with a new HJT log.

neither the on-line scan nor the avast program found any viruses. meanwhile, my cursor is still acting like it's on steroids. any other suggestions? thanks in advance.

Something you could try (as long as you have an external mouse) is disabling the touchpad in device manager, rebooting and see how it goes.
If it solves the problem, try removing it from device manager, and reboot (without the external mouse attached) - the system should automatically detect it and load the drivers - hopefully the symptoms won't come back.

There are loads of things that can happen - I did a google search and came up with this:
http://www.gonegold.com/ubb/ultimatebb.cgi?ubb=get_topic;f=4;t=006007
which says that an erratic mouse was due to video drivers - reinstalling them solved the problem.

Does the touchpad look normal? is it a uniform colour? any damage to it? these things are extremely sensitive, so any damage or over pressure on it can cause problems.

someone may need to walk me through the disabling the mouse process. i tried it, but not sure i did it right.

and in the meantime, i've started getting an 8611 error message upon booting up sometimes.