Infected with Keyboard/Mouse Hijacker...help!!

[Aditya11]

Once the pc starts, this virus/worm/Trojan becomes active after some time. Then it shows following signs:

1. I can't drag and move any file/icon in explorer and on desktop
2. The forward movement key in most games (W) stops reacting or acts
erratically
3. The mouse too, doesn't function properly and keeps shaking on menus

So from what I understand, this malware takes control of my keyboard and mouse movements, kind of hijacking it. I have scanned my entire system with some anti malware tools including SUPERAntiSpyware, Malwarebyte's Anti Malware and A-squared. I deleted all the results they came up with, thinking that it must have removed the threat. Afterwards, I reinstalled winXP and other applications and games. But alas! Once again I am experiencing the same problem! It is really frustrating...I don't know how to rid of this nuisance. Can anyone help me please??

Thanks in advance.

[krishnandu.sarkar]

I'm not sure itz any virus or not...............try Spybot, Kaspersky and a online scan if needed...................

[sude]

please search the forum.. u will get ur solution...

SUDE

[krishnandu.sarkar]

As I'm not sure its a virus or not.............I suggest u to turn off all the start-ups frm Start>Run type "msconfig"................In "general" tab select "selective startup"..........Now reboot and enable service one by one by rebooting each time...............this will help u 2 find the root of problem................u can also try finding an unwanted service and startup program on "Services" and "Startup" tab respectively.............


I'm not sure.............that this will help u or not..............wait till other members reply................

[Aditya11]

I am pretty sure that it is not a keyboard/mouse problem. As I said, this malware gets activated AFTER some time once I start the OS. The exact time/ trigger point for its occurance is unknown. I will try to post a log of HIJACK THIS once when I reach home, but I guess I should do that only once the infection is active.(gosh, I hate to use the word "infection" for my pc!). I also tried to run Kaspersky scan, but couldnt complete due to lack of time.

@sude

I ran a search about my query (keyboard problems) and looked into intial pages but didnt find anything similar to my problem. I know you have answered to coulpe of posts there, but my problem is a different one..

[rhitwick]

buddy r u sure its not a keyboard or mouse problem??

[general gyan]
check d "key" in question properly, if its broken etc......
If using scroll mouse clear d dust in it and if
using optical or laser don't use a slippery surface
[/general gyan]

go to safe mode.......
scan ur pc...........
please be offline while this scan.........
try kaspersky and avira
and do remember to post HijackThis log...........

[Aditya11]

Oh yes, I am 100% sure that it is NOT a keyboard/mouse problem. I mean, which "problem" comes into existence such randomly? If a hardware is faulty, it would show consistent malfunctioning properties, not so here..anyways.

After scanning with Kaspersky and also with Spybot (and removing any threats the former displayed), I was almost happy that everything has become normal...until today! admittedly, my PC runtime is quite high today so I am guessing the malware remians dormant inintially. Right now, I am unable to move and drag any icons on desktop and explorer (which I was doing fine just 5 minutes back). So I am infected again as I type this. I am also attaching Hijackthis log. I did the scan only 2 minutes back after the infection...I hope a good soul would provide me a solution...this is eating my heart!

----------

Logfile of HijackThis v1.99.1
Scan saved at 11:57:39 PM, on 30-Jul-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
F:\GAMEWARES\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\devldr32.exe
G:\Software\03_Tools\tclocklight-040702-3\tclock.exe
C:\Program Files\Texter\texter.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\sw g.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Fraps] F:\GAMEWARES\FRAPS\FRAPS.EXE
O4 - Startup: tclock.lnk = G:\Software\03_Tools\tclocklight-040702-3\tclock.exe
O4 - Startup: texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{561EFACA-2E2F-414B-AA5D-A2967980D3BD}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

---
I installed Avast! after cleaning the system with Kaspersky, as the later was giving me irritating prompts for buying the full version...

[sude]

Quote:

I ran a search about my query (keyboard problems) and looked into intial pages but didnt find anything similar to my problem. I know you have answered to coulpe of posts there, but my problem is a different one..

well in that case dont worry.. ur solution to the query is on way...

SUDE

dear aditya...
i went through the log. but didnt find any suspicious entry...
can u plz post ur system configuration??

SUDE

[Aditya11]

Here's my pc config:

Mainboard : Asus M2A-VM HDMI
Chipset : AMD RS690/RS690M
Processor : AMD Athlon 64 X2 4400+ @ 2300 MHz
Physical Memory: 2048 MB (2 x 1024 DDR2-SDRAM )
Video Card : NVIDIA GeForce 8600 GTS 256MB DDR3
Hard Disk : ST3250310SV (250 GB)
Hard Disk : ST3250820AS (250 GB)
DVD-Rom Drive : HL-DT-ST DVDRAM GSA-H42N
Monitor Type : LG Electronics 700E
Operating System : Microsoft Windows XP Professional 5.01.2600 Service Pack 3