Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect keyboard input and mouse sensitivty issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 mmogamer

mmogamer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 17 December 2010 - 09:10 AM

Hey gang,

Well to start of I'll describe the problem. My mouse sensitivity alternates a notch from normal to fast or normal to slow and back again whenever I am logged on to the computer i.e while browing, gaming or whatever. Also while typing and having typed correctly, mind you, something different is entered in the field i.e while chatting online or writing an email.

The steps I've taking to pin point the problem include buying several new mice and doing clean installs of windows and applications. I've also tried updating drivers etc. The problem persists.

Some background information. I've been playing world of warcraft for a couple of years now. Prior to this, I kid you not, I hadn't even heard of keyloggers. Malware, trojans and virus sure but not keyloggers and rootkits. My gaming account got "hacked" 2-3 years ago and that's when the bleep hit the fan so to speak. After that most of my email adresses got compromised and I started to have malware problems.

It has come to the point where I actually suspect the gaming company for introducing malware. Abit extreme but that's what malware does to you. So instead of going bonkers I've decided to, FINALLY, try and fix the problem. I hope you guys can help. Here are the files. Also to note: my computer has very few programs installed ast the point of the scan because I did a clean install of windows 2 days ago. The programs include avira, world of warcraft and google chrome. Another thing is that I own a copy of win xp and win 7. The problem appears on both versions of a clean install.

********


DDS (Ver_10-12-12.02) - NTFSx86
Run by Gurra at 14:29:59,35 on 2010-12-17
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3327.2353 [GMT 1:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\Downloads\HijackThis (1).exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gurra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gurra\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.se/
uRun: [Google Update] "c:\users\gurra\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-13 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-13 61960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-13 123496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-12-13 79360]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-17 1343400]

=============== Created Last 30 ================

2010-12-17 04:14:46 -------- d-----w- c:\users\gurra\appdata\roaming\Avira
2010-12-17 02:14:21 -------- d-----w- c:\windows\system32\Wat
2010-12-15 03:53:28 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-15 03:53:26 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e566c5e4-1d6f-4619-a7a4-fe8c05bfe83e}\mpengine.dll
2010-12-15 03:50:50 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-14 04:12:47 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-12-13 06:52:26 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-13 06:51:36 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-13 06:51:36 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-13 06:51:36 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-13 06:51:36 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-13 06:51:36 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-13 06:47:40 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-13 06:46:07 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-13 06:46:07 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-13 06:46:06 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-13 06:46:05 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-12-13 06:46:05 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-13 06:44:57 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-13 06:44:34 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-12-13 06:44:33 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-13 06:44:31 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-12-13 06:44:31 224256 ----a-w- c:\windows\system32\schannel.dll
2010-12-13 06:44:30 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-13 06:44:30 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-13 06:44:30 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-13 06:44:28 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-12-13 06:44:27 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-13 06:44:27 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-12-13 06:44:27 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-13 06:39:40 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-12-13 05:50:48 -------- d-----w- c:\windows\PCHEALTH
2010-12-13 05:35:43 -------- d-----w- c:\progra~2\Blizzard Entertainment
2010-12-13 05:10:39 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-12-13 05:10:07 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-13 05:10:07 2873820 ------w- c:\windows\system32\Sens_oal.dll
2010-12-13 05:10:07 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-13 05:09:48 -------- d-----w- c:\program files\common files\Creative Labs Shared
2010-12-13 05:09:10 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-12-13 05:09:10 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2010-12-13 05:08:38 11264 ----a-w- c:\windows\INRES.DLL
2010-12-13 05:08:38 -------- d-----w- c:\program files\Creative
2010-12-13 05:08:32 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2010-12-13 05:08:32 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2010-12-13 05:08:32 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2010-12-13 05:08:32 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-12-13 05:08:32 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2010-12-13 05:08:32 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2010-12-13 05:08:29 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-12-13 05:08:29 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-12-13 04:50:44 -------- d-----w- c:\users\gurra\appdata\local\Google
2010-12-13 04:50:01 -------- d-----w- c:\users\gurra\appdata\local\Apps
2010-12-13 04:49:59 -------- d-----w- c:\users\gurra\appdata\local\Deployment
2010-12-13 03:55:40 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-13 03:54:03 -------- d-----w- c:\progra~2\Blizzard
2010-12-13 03:49:29 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-13 03:49:29 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-12-13 03:49:29 123496 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-12-13 03:43:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-13 03:40:53 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-13 03:40:40 -------- d-----w- C:\NVIDIA
2010-12-13 03:37:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-13 03:37:38 -------- d-----w- c:\program files\Avira
2010-12-13 03:37:38 -------- d-----w- c:\progra~2\Avira
2010-12-13 03:34:45 -------- d-sh--w- c:\windows\Installer
2010-12-13 03:31:27 -------- d-----w- c:\users\gurra\appdata\local\Diagnostics
2010-12-13 03:29:36 -------- d-----w- c:\windows\system32\wbem\Performance
2010-12-13 03:26:59 -------- d-sh--we c:\program files\Delade filer
2010-12-13 03:26:59 -------- d-sh--we C:\Program
2010-12-13 03:26:59 -------- d-sh--we c:\progra~2\Start-meny
2010-12-13 03:26:59 -------- d-sh--we c:\progra~2\Skrivbord
2010-12-13 03:26:59 -------- d-sh--we c:\progra~2\Programdata
2010-12-13 03:26:59 -------- d-sh--we c:\progra~2\Mallar
2010-12-13 03:26:59 -------- d-sh--we c:\progra~2\Favoriter
2010-12-13 03:26:59 -------- d-sh--we c:\progra~2\Dokument
2010-12-13 03:18:44 -------- d-----w- c:\windows\Panther
2010-12-13 03:18:30 -------- d-sh--w- C:\Boot

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-22 06:23:05 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-22 06:23:05 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-22 06:23:05 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23:05 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-22 06:23:05 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-22 06:23:05 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-22 06:23:05 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-22 06:23:04 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23:04 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23:04 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23:02 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-22 06:23:02 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 11:42:46 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 11:42:46 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 11:42:46 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 11:42:46 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:42:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:42:38 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 14:30:19,53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mmogamer

mmogamer
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 December 2010 - 05:22 PM

It turns out someone is remotely accesing and configuring my computer. Solved.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:54 PM

Posted 19 December 2010 - 07:56 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users