Frustrated College Student[INACTIVE]

[pacek]

Good evening,

Thanks for your help!

I've had a lot of problems with my computer, but this is a new one. Whenever my screen saver comes on, (although it's not really a screen saver, when it just goes on energy-saving mode), I always have to restart my computer when I want to use it again. Otherwise, the start button is at the top, with stuff flashing all over the place. Shutting it down lets me use it, until next time I walk away for a little while. Please help!!

Here is my log:

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:43:47 PM, on 1/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\LTMSG.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168896626992

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://161.13.1.36/activex/AMC.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8160 bytes

Thanks in advance!!

[jwbirdsong]

Download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

Please then reboot your computer in Safe Mode (without Networking) by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

• Open the C:\SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back here along with a Combofix log..(below)
  

Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply .

[pacek]

Here's the SDFix Log:

SDFix: Version 1.133

Run by Owner on Tue 01/29/2008 at 01:02 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted

Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-29 13:08:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:

---------------

File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 15 Jan 2007 196 A.SHR --- "C:\BOOT.BAK"

Tue 9 Oct 2007 24,064 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc609.tmp"

Thu 12 Jul 2007 27,648 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc610.tmp"

Mon 24 Sep 2007 35,328 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc611.tmp"

Mon 24 Sep 2007 35,328 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc612.tmp"

Tue 3 Apr 2007 1,906,176 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc613.tmp"

Mon 2 Apr 2007 24,064 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc614.tmp"

Wed 10 Oct 2007 28,672 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc615.tmp"

Thu 12 Jul 2007 26,624 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc616.tmp"

Wed 31 Oct 2007 107,008 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc617.tmp"

Wed 4 Apr 2007 28,672 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc618.tmp"

Wed 18 Apr 2007 37,888 A..H. --- "C:\RECYCLER\S-1-5-21-26990825-1145980942-645668462-1003\Dc619.tmp"

Fri 11 Feb 2005 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"

Mon 15 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4.tmp"

Sun 26 Aug 2007 59,392 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1236.tmp"

Finished!

Here's the combofix log:

ComboFix 08-01-29.3 - Owner 2008-01-29 13:18:39.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E0SSA7A3\ComboFix[1].exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Owner\Application Data\inst.exe

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))

.

2008-01-29 13:01 . 2008-01-29 13:01 <DIR> d-------- C:\WINDOWS\ERUNT

2008-01-22 21:42 . 2008-01-22 21:42 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-21 17:08 . 2008-01-21 17:08 <DIR> d-------- C:\Program Files\iPod

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 23:08 --------- d-----w C:\Program Files\iTunes

2008-01-21 23:06 --------- d-----w C:\Program Files\QuickTime

2007-12-31 20:38 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

2007-12-31 20:38 --------- d-----w C:\Program Files\DVDFab Platinum 3

2007-12-31 20:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-12-26 19:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-12-17 17:13 --------- d-----w C:\Program Files\Easy CD & DVD Cover Creator

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-04-18 02:13 39,880 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

2007-03-09 06:38 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 06:07 151597]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]

"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]

"VTTimer"="VTTimer.exe" []

"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 21:28 81920]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[jwbirdsong]

Couple of things regarding Combofix

1) your whole log didn't post.....

2) You are running it from IE.

Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E0SSA7A3\ComboFix[1].exe

This is from clicking OPEN instead of Save. Make SURE you save the file to your Desktop and run it from there. and then repost your log

Edited January 29, 2008 by jwbirdsong

[pacek]

ComboFix 08-01-30.1 - Owner 2008-01-29 18:59:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.90 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))

.

2008-01-29 13:01 . 2008-01-29 13:01 <DIR> d-------- C:\WINDOWS\ERUNT

2008-01-22 21:42 . 2008-01-22 21:42 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-21 17:08 . 2008-01-21 17:08 <DIR> d-------- C:\Program Files\iPod

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-17 11:13 . 2007-12-17 11:13 <DIR> d-------- C:\WINDOWS\system32\EWS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 23:08 --------- d-----w C:\Program Files\iTunes

2008-01-21 23:06 --------- d-----w C:\Program Files\QuickTime

2007-12-31 20:38 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

2007-12-31 20:38 --------- d-----w C:\Program Files\DVDFab Platinum 3

2007-12-31 20:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-12-26 19:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-12-17 17:13 --------- d-----w C:\Program Files\Easy CD & DVD Cover Creator

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-04-18 02:13 39,880 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

2007-03-09 06:38 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 06:07 151597]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]

"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]

"VTTimer"="VTTimer.exe" []

"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 21:28 81920]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 03:15]

S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 03:15]

*Newly Created Service* - ENTDRV51

*Newly Created Service* - HTTPFILTER

.

Contents of the 'Scheduled Tasks' folder

"2008-01-23 15:44:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-29 19:01:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\RtlGina2.dll

.

Completion time: 2008-01-29 19:02:51

ComboFix-quarantined-files.txt 2008-01-30 01:02:41

ComboFix2.txt 2008-01-29 19:21:28

.

2008-01-10 09:02:11 --- E O F ---

is that all of it now?

[jwbirdsong]

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Click on the Start Scanning button at bottom of page.
  
• Accept the License Agreement and the ActiveX install.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.
  

2.

[pacek]

Scanning Report

Computer name: YOUR-W04GTXLD67

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ D:\

Result: 15 malware found

Tracking Cookie (spyware)

* System (Disinfected)

* System

* System

* System

* System

* System

* System

* System

* System

* System

* System

* System

* System

* System

* System

Statistics

Scanned:

* Files: 44322

* System: 4767

* Not scanned: 2

Actions:

* Disinfected: 1

* Renamed: 0

* Deleted: 0

* None: 14

* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options

Scanning engines:

* F-Secure Libra: 2.4.2, 2008-01-31

* F-Secure AVP: 7.0.171, 2008-02-01

* F-Secure Orion: 1.2.37, 2008-02-01

* F-Secure Blacklight: 1.0.64

* F-Secure Draco: 1.0.35, 2008-01-28

* F-Secure Pegasus: 1.19.0, 2008-00-30

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF

* Use Advanced heuristics

[pacek]

any other advice? its still doing it!

[jwbirdsong]

By the "still doing it" you mean the Standby mode issue right.

Well it doesn't APPEAR to be caused by spyware. But let's look a little deeper to make sure.

Sorry about the long delay. Not sure what happened. I may have just missed/overlooked/not received the notice of your reply,

Delete the Combofix you now and have and get a new/updated copy from HERE and post a fresh log from it along with a log from the following:

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
  
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  
• Under "Configuration and Preferences", click the Preferences button.
  
• Click the Scanning Control tab.
  
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
    
  • Scan for tracking cookies.
    
  • Terminate memory threats before quarantining.
    

  [*] Click the "Close" button to leave the control center screen.

  [*] Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

  [*] On the left, make sure you check C:\Fixed Drive.

  [*] On the right, under "Complete Scan", choose Perform Complete Scan.

  [*] Click "Next" to start the scan. Please be patient while it scans your computer.

  [*] After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

  [*] Make sure everything has a checkmark next to it and click "Next".

  [*] A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

  [*] If asked if you want to reboot, click "Yes".

  [*] To retrieve the removal information after reboot, launch SUPERAntispyware again.

  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.
    

  [*] Click Close to exit the program.

[jwbirdsong]

And in the meantiime I'll look a little deeper into the issue. So basically it locksup when it enters Standby, correct?? and then you have to Hard Boot it?

[pacek]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 02/05/2008 at 07:50 PM

Application Version : 3.9.1008

Core Rules Database Version : 3395

Trace Rules Database Version: 1387

Scan type : Complete Scan

Total Scan Time : 01:23:08

Memory items scanned : 422

Memory threats detected : 0

Registry items scanned : 6180

Registry threats detected : 0

File items scanned : 79122

File threats detected : 71

Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\owner@clickaider[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][3].txt

C:\Documents and Settings\Owner\Cookies\owner@findarticles[1].txt

C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@honoluluadvertiser[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt

C:\Documents and Settings\Owner\Cookies\owner@adultadworld[1].txt

C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt

C:\Documents and Settings\Owner\Cookies\owner@financialaidfinder[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@vortexmediagroup[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt

C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@pornoinside[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@altastat[1].txt

C:\Documents and Settings\Owner\Cookies\owner@list[1].txt

C:\Documents and Settings\Owner\Cookies\owner@mysexgames[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@homemadefuckvideos[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][3].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@metareward[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@sexyfuckgames[1].txt

C:\Documents and Settings\Owner\Cookies\owner@fuckvideo[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@eroticlick[2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owner@precisionclick[2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\owner@pornhub[1].txt

C:\Documents and Settings\Owner\Cookies\owner@humornsex[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

ComboFix 08-02.05.3 - Owner 2008-02-05 18:17:02.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.140 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NO1NIQ7J\ComboFix[1].exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))

.

2008-01-29 13:01 . 2008-01-29 13:01 <DIR> d-------- C:\WINDOWS\ERUNT

2008-01-22 21:42 . 2008-01-22 21:42 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-21 17:08 . 2008-01-21 17:08 <DIR> d-------- C:\Program Files\iPod

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 23:08 --------- d-----w C:\Program Files\iTunes

2008-01-21 23:06 --------- d-----w C:\Program Files\QuickTime

2007-12-31 20:38 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

2007-12-31 20:38 --------- d-----w C:\Program Files\DVDFab Platinum 3

2007-12-31 20:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-12-26 19:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-12-17 17:13 --------- d-----w C:\Program Files\Easy CD & DVD Cover Creator

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-04-18 02:13 39,880 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

2007-03-09 06:38 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 06:07 151597]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]

"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]

"VTTimer"="VTTimer.exe" []

"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 21:28 81920]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 03:15]

S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 03:15]

.

Contents of the 'Scheduled Tasks' folder

"2008-01-30 15:44:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 18:19:10

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\RtlGina2.dll

.

Completion time: 2008-02-05 18:19:40

ComboFix-quarantined-files.txt 2008-02-06 00:19:31

ComboFix2.txt 2008-01-30 01:02:52

ComboFix3.txt 2008-01-29 19:21:28

.

2008-01-10 09:02:11 --- E O F ---

ok- here are 2 of the logs. I have turned off the standby and screensaver, but it still will do it if it's idle for too long. (although nothing changes on the screen.) The start toolbar at the bottom will also appear at the top, everything will just kind of freak out- and I can't open or change anything until i restart. I know that isn't a very good description, but it's really the only way i can explain it. thanks! -kyle

[jwbirdsong]

Still looking into possibalities, just a quick question. This didn't happen to start at about the same time as you installed/started using the Netgear Wireless Adapter did it??

[pacek]

actually... it probably did start happening around the time!!

Why is that? Is it fixable?

[jwbirdsong]

Well the GINA file are used for log in, fast user switching, etc. I'm betting you also no longer have a Welcome screen when you start Windows, correct? The one that displays user name...

Netgear uses thier own verison of msgina (RtlGina2.dll) and it has been know to cause all sort of login/start/switching issues.

MS-MVP Doug Knox has a fix/check for such issues. Go to his website HERE and download/use the XP_FixLogon.ZIP ..direction are on the page.

Let me know how you get on with this and if it fixes the issue.

Also do you have a XP install CD..incase we need to repair/fix some other files??