Hello. My mother-in-law is having an issue with her computer where anytime you go into a program, the keyboard and mouse will lock up and I can only do a hard reset (holding down the power button to turn off the computer and then turn it back on) to get the computer going again. I was able to do some scans, but was not successful in getting all the steps done that were listed in the first sticky note. Her avast anti-virus key ran out and she was trying to get the new key and get it downloaded when she realized she was having the problem.
Here is what I have done so far:
ran the microsoft msrt - the first time I ran it, I did a full scan and the screensaver came on and the computer locked up in the middle of the scan. The second time, I turned the screensaver off and then ran the quick scan. No files were found.
she already had atf cleaner on her desktop. I ran it. After running it, the keyboard and mouse still locked up in programs (I tried word) and on the internet.
ran the GMER rootkit scanner. could not save the first log (computer locked up while I was attempting to save to the floppy drive), but was able to save the second log. I thought I saved it on a floppy, but it wasn't there when I checked on my computer today. Probably my error in saving.
was not able to download MBA-M.
Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Carol Anne Bott at 16:25:17.48 on Wed 06/30/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.705 [GMT -5:00]
AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\wuauclt.exe
A:\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [DellTouch] c:\windows\DELLMMKB.EXE
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\carola~1\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {A2943D49-429A-4243-AA6D-7751DE369954} = 156.154.70.22,156.154.71.22
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\carola~1\applic~1\mozilla\firefox\profiles\ief543df.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-21 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-21 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-21 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-21 20560]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-21 707152]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-8-6 28672]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [2009-8-19 19072]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-21 138680]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-21 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-21 352920]
S3 Msikbd2k;DellTouch;c:\windows\system32\drivers\msikbd2k.sys --> c:\windows\system32\drivers\msikbd2k.sys [?]
=============== Created Last 30 ================
2010-06-30 15:45:12 0 d-----w- C:\71c3556e4b4a95adaee1
2010-06-30 15:45:05 0 d-----w- C:\411d1cdf5c682e6d7583
==================== Find3M ====================
2010-04-12 22:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2003-06-01 19:43:36 29184 -csha-w- c:\program files\Thumbs.db
2002-03-31 21:47:08 2314987 -c--a-w- c:\program files\MultiPASS C635 Updater 2.0..1
2001-08-18 13:00:00 94784 -csh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2009-08-20 22:31:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082020090821\index.dat
============= FINISH: 16:27:23.21 ===============
Please let me know if there is anything I can delete out or what might be causing the mouse and keyboard to lock up. She does have the Hijack this program on her desktop and I was able to run a HJT log and I can post if necessary.
Thanks,
jrb