Mouse and Keyboard Freezes

Viruses and worms
21

All I found on swypeoutgame, is it’s a site, from the looks of it, from which you can download/search for ps2,gameboy, xbox ,etc.

Does that sound familar?

22

Thanks oldman,

I didn’t bother with a search as thicky wasn’t familiar with there being a game or having installed it plus the location and that activeX style folder name were just too suspicious for me.

23

ok i completed steps 1-3 as Tech said and still having problems :-\ I dont really download games offline often unless im sure it’s trustworthy. My nephews kinda get on my computer and download games so that may be where it came from. omg they are in so much trouble >:(

24

You can if you want, as oldman suggested confirm the detection and report the findings for swypeoutgame.7zip.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

Steps 1-3 are really the preamble step 4 (assuming the detection is confirmed good by VT, Jotti) is next, start with one anti-spyware tool and run that, then the next, etc and report any findings.

25

thicky, David is right, don’t give up. Move toward the end of the list. Be patient 8)

26

Since you once had more than one av service on your computer, it may be possible that the chest & move folder are damaged. Try a repair of avast.

Add/remove programs > click once on avast to select it > click on Change/Remove > scroll down the left pane and click on repair > click OK> follow directions

~NOTE~ you must be on-line for this to work.

27

Not necessarily. The files are kept into avast setup folder, i.e., the repair function could work off-line, unless the files are damaged.

28

okiez i’ve done everything up to the hijackthis log thing. im running the runscanner right now…but here’s the results of the hijackthis log:

EDIT: I have the runscanner log also…where is on-line analysis?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:31 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJ9G0TJ2\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [StorageGuard] “C:\Program Files\VERITAS Software\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [WCOLOREAL] “C:\Program Files\Coloreal\coloreal.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [DDCActiveMenu] “C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe” -boot
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\MSMSGS.EXE” /background
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra ‘Tools’ menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


End of file - 6639 bytes

29

You shouldn’t run HJT from a temporary location as any fixes you make, the back-up couldn’t be restored if an error was made and your temp location files were deleted. You should place it in a folder of its own, e.g. C:\HJT or C:\Program Files\HJT that way it is in a permenant location and back-ups will be preserved.

You don’t appear to have an active firewall, what is your firewall ?

Your version of Java has now been updated, the latest version is jre1.6.0_03.
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://www.java.com/en/download/index.jsp

This could be nasty, “Realtek AC97 Audio - Event Monitor. “Slyware” file used surreptitiously monitor one’s actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers”

see http://www.bleepingcomputer.com/startups/Alcxmntr.exe-245.html and http://www.castlecops.com/s180-Alcxmntr_exe.html.

C:\WINDOWS\ALCXMNTR.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

This is suspect, what do you know about it ?

O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

The above should be fixed, but not before you have a permenant folder for HJT and run it again when in the new permanent location.
Other than that I don’t see anything obvious in your HJT log.

Also (see below), some say this is may have a privacy policy that shares their info on you with third parties, it isn’t essential that it runs.
http://www.castlecops.com/s858-DDCActiveMenu.html

Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case

O4 - HKLM..\Run: [DDCActiveMenu] “C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe” -boot

30

i installed HJT correctly, and i dont think i have a firewall…just a firewall with windows security i guess, i uninstalled the older versions of java and reinstalled the updated one, and about the O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
i have no idea what that is. i fixed it since on that site it said that it is undesireable. crosses fingers :-\

Edit: after all that it’s still doin it =( it does it when i play this online game i downloaded and installed called “second life” it’s a well known game so i thought it was ok to download…is it the game that may be the problem? the mouse and the keyboard freezes while im playing it, but when it freezes the game is still running…only the keyboard and mouse freeze and not the program.

31

This would appear to say differently as it was the one you ran to get this log.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJ9G0TJ2\HiJackThis[1].exe

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

  • There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php.

That’s fine.

That should be OK as it isn’t an essential application, though my concern about where hijackthis was run from (see above) would mean hijackthis and fixes could possibly be deleted if it was in a Temp location.

The correct installation should have placed HiJackThis in a folder of its own and not in a temp location.

32

Hi thicky

Are you still having problems with the freezes? We seem to be bouncing around like a dog chasing a jack rabbit. Going from a possible conflict to resouce issue to an infection.

This game you are playing, where you ever able to play it without the freezes? If not, it could come down to low resouces. Right click the mycomputer icon, and post the cpu and ram info from the general tab.