This one has me really stumped!
I've been building and repairing PC's and servers for over 25 years now have never come across anything quite like this. The first ransomware I ran into took a couple hours to figure out...but I've been searching everywhere and trying everything without success.
Seems a retired friend of the family got sucked into one of those "Hello, I'm from Microsoft and we've detected a virus on your computer..." hook, line and sinker. After they took his financials to the cleaners, he finally called me to clean up his PC. It had been invaded pretty well, with all kinds of backdoors, etc., but I was pretty sure I found it all, ran several scans in Safe Mode with several different tools (RogueKiller, Malwarebytes, Kapersky TDSSkiller).
Several weeks went by without issue (though the jerks kept calling and threatening him). Then he calls and says he cannot get the keyboard or mouse to respond. I figured it was probably hardware weirdness and would be a relative snap to fix. Nope!
This is a 3-year-old Dell with Windows 7 64-bit Home Premium that gets very light use.
Keyboard works in Bios only (which I've cleared already). Neither the KB nor mouse work in Safe Mode for more than a few seconds if at all. Same in normal Windows. I might get as much as 10 seconds in before I see the driver installer come up in the system tray and fail to install the keyboard and mouse drivers (and apparently anything USB). I get the "Device driver failed to install..." message after which I'm dead in the water.
I've pulled and attached the drive to another PC and have run as many AV scans as I can with various products but only minor items were found and removed. Prefetch was cleared as were the main temp directories. Poked around the System32 folder and others an noticed nothing. Startup empty too. Loaded the registry hives to look at Software and the Run and Run Once areas to only find the usual items.
Have created and run Kapersky Rescue. Bitdefender Rescue, and Avira Rescue all from boot CDs without any findings. Tried OTLPE for the first time, also without any meaningful clues. The mouse and KB work just fine in those environments. It's only when Windows runs that something jumps in and kills all USB devices (including flash drives). Really wish there were a PS2 port on this thing.
I strongly suspect that if there were a true virus, it is no longer present....BUT a script or command of some sort has gotten in there, somewhere I'm unfamiliar with...and runs interference on the USB/HID drivers (which I'd replaced with copies from a clean PC early on). I've also tried other brands and models of KB or mice, wired and wireless. Same thing every time.
I'm guessing it's possible those rip-off artists may have left something of a ticking bomb behind that they could reset or disable as they maintained control over this guys computer. Who knows.
REALLY don't want to reinstall Windows if I don't have to, but if I do, I will. I'm certain I've spent enough time to have done it many times by now. I'm much more interested in finding out what this is and adding to my arsenal of understanding how to address it than I am in giving up and reinstalling. I'm afraid, as has been the case now and then in the past...that others I know may have this happen. After dealing with the first ransomware infection, it was a relative snap to eradicate it from the others that followed other friends and clients.
Sorry for long post. Gotta figure the devil's in the details...somewhere.
Any suggestions or help would be very appreciated.