Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92366 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Something is stealing focus on my PC


  • This topic is locked This topic is locked
13 replies to this topic

#1 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 21 November 2009 - 08:59 AM

Hi all. Something is stealing focus on my PC about every 20 minutes. My active window becomes grayed out but nothing else opens up in the foreground. I've run Malwarebytes and AVG and they both come up clean. Any ideas?


Root Repeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/21 09:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1EAF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1A6B000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==



DDS Text:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 9:49:06.56 on Sat 11/21/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1506 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [EPSON Stylus CX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticaa.exe /fu "c:\windows\temp\E_SA9.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203624910218
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\l04ufm07.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-24 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-3 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-3 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-3 285392]

=============== Created Last 30 ================

2009-11-21 09:40 <DIR> --d----- c:\program files\Trend Micro
2009-11-03 13:43 <DIR> --d-h--- C:\$AVG
2009-11-03 13:42 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 13:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-11-01 13:32 <DIR> --d----- c:\program files\Roxio
2009-11-01 13:32 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-11-01 13:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Research In Motion
2009-10-28 21:27 <DIR> --d----- c:\windows\system32\NtmsData
2009-10-27 18:50 <DIR> --d----- c:\program files\Western Digital

==================== Find3M ====================

2009-11-03 13:42 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 13:42 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-11-02 08:52 16,384 a------- c:\windows\system32\lgfwunis.exe
2009-10-11 18:53 87,608 -------- c:\docume~1\admin\applic~1\inst.exe
2009-10-11 18:53 47,360 -------- c:\windows\system32\drivers\pcouffin.sys
2009-10-11 18:53 47,360 -------- c:\docume~1\admin\applic~1\pcouffin.sys
2009-09-25 11:41 856,064 -------- c:\windows\system32\divx_xx0c.dll
2009-09-25 11:41 856,064 -------- c:\windows\system32\divx_xx07.dll
2009-09-25 11:41 847,872 -------- c:\windows\system32\divx_xx0a.dll
2009-09-25 11:41 843,776 -------- c:\windows\system32\divx_xx16.dll
2009-09-25 11:41 839,680 -------- c:\windows\system32\divx_xx11.dll
2009-09-25 11:41 696,320 -------- c:\windows\system32\DivX.dll
2009-09-25 00:37 667,136 a------- c:\windows\system32\wininet.dll
2009-09-25 00:37 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-31 20:15 11,952 -------- c:\windows\system32\avgrsstx(2)(2).dll
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-07-11 18:54 256 -------- c:\documents and settings\admin\pool.bin

============= FINISH: 9:49:35.81 ===============


Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:37 AM, on 11/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support....veX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1203624910218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5806 bytes


Any help would be greatly appreciated!

Attached Files


    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 25 November 2009 - 04:13 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 25 November 2009 - 05:25 PM

Hi and thanks for the help!
Here is my combofix log:

ComboFix 09-11-25.03 - Admin 11/25/2009 18:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1534 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-21 14:46 . 2009-11-21 14:47 -------- d-----w- c:\program files\ERUNT
2009-11-21 14:40 . 2009-11-21 14:40 -------- d-----w- c:\program files\Trend Micro
2009-11-04 00:24 . 2009-11-04 00:24 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-03 18:43 . 2009-11-03 18:43 -------- d-----w- C:\$AVG
2009-11-03 18:42 . 2009-11-09 17:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 18:42 . 2009-11-03 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-01 18:32 . 2009-11-01 18:33 -------- d-----w- c:\program files\Roxio
2009-11-01 18:32 . 2009-11-01 18:32 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-01 18:08 . 2009-11-01 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-01 00:21 . 2009-11-01 00:21 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2009-10-29 02:27 . 2009-10-29 02:29 -------- d-----w- c:\windows\system32\NtmsData
2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\program files\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 22:40 . 2009-07-07 02:14 -------- d-----w- c:\program files\lg_fwupdate
2009-11-23 22:56 . 2009-11-23 22:56 -------- d-----w- c:\program files\Total Video Converter
2009-11-22 23:34 . 2009-10-21 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2009-11-08 21:10 . 2009-10-10 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-03 18:42 . 2009-06-24 21:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 18:42 . 2009-06-24 21:29 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-03 18:42 . 2009-06-24 21:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 18:42 . 2009-06-24 21:29 -------- d-----w- c:\program files\AVG
2009-11-02 13:52 . 2009-07-07 02:14 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-11-01 18:32 . 2009-07-11 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-01 18:23 . 2009-07-11 16:20 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-01 01:05 . 2009-07-14 01:09 256 ----a-w- c:\windows\system32\pool.bin
2009-10-27 23:50 . 2008-02-21 07:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 22:10 . 2009-10-21 22:10 -------- d-----w- c:\program files\VideoLAN
2009-10-21 21:48 . 2009-10-21 21:48 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-17 00:27 . 2009-06-24 23:06 -------- d-----w- c:\program files\DivX
2009-10-17 00:27 . 2009-06-24 23:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-16 12:26 . 2008-02-21 07:23 28944 ------w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 23:55 . 2009-10-11 23:53 -------- d-----w- c:\documents and settings\Admin\Application Data\Vso
2009-10-11 23:53 . 2009-10-11 23:53 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-10-11 23:53 . 2009-10-11 23:53 47360 ------w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2009-10-11 23:53 . 2009-10-11 23:53 47360 ------w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2009-10-11 23:52 . 2009-10-11 23:52 -------- d-----w- c:\program files\VSO
2009-10-11 13:40 . 2009-10-10 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 19:18 . 2009-10-10 19:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-10 19:17 . 2009-10-10 19:17 86016 ------w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-10 02:39 . 2009-10-10 02:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-10-10 02:34 . 2009-10-10 02:21 -------- d-----w- c:\documents and settings\Admin\Application Data\CyberLink
2009-10-10 02:21 . 2009-10-10 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-06 20:21 . 2009-07-12 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 01:00 . 2009-07-07 04:44 177024 ------w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\l04ufm07.default\FlashGot.exe
2009-09-25 16:41 . 2009-09-25 16:41 856064 ------w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ------w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ------w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ------w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ------w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ------w- c:\windows\system32\DivX.dll
2009-09-25 05:37 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-07-12 04:52 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-07-12 04:52 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 01:15 . 2009-06-24 21:29 11952 ------w- c:\windows\system32\avgrsstx(2)(2).dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ------w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ------w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe blrun" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2003-12-17 40960]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-10-31 623960]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-03 18:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/24/2009 4:29 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/3/2009 1:42 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/3/2009 1:42 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/3/2009 1:42 PM 285392]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\l04ufm07.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-25 18:22
ComboFix-quarantined-files.txt 2009-11-25 23:22

Pre-Run: 305,682,841,600 bytes free
Post-Run: 305,651,585,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 18BEEBA5D791CD964DFC59A4C23C5EEF

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 25 November 2009 - 05:51 PM

Hi,

Please do the following:

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


Also, please advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 26 November 2009 - 06:54 PM

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, November 25, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, November 26, 2009 00:04:09 Records in database: 3291379 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 58125 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:37:16 No threats found. Scanned area is clean. Selected area has been scanned. Computer seems to be running well and the focus stealing seems to have stopped. One thing I should have mentioned when I originally posted the thread is that my firewall (the standard windows firewall) seems to load late. After my computer's been up and running for 3 to 5 minutes, I'll get a little pop up telling me that my computer may not be protected as my firewall is inactive. The pop up goes away after a few seconds and if I check the firewall it appears to be active and functioning normally. This has been happening for quite some time now (before the focus stealing). I have no idea if it's related at all, or if it's even something to be concerned about. Thanks again for the help!

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 November 2009 - 07:46 PM

Hi,

Try a third party firewall rather than use the windows firewall. We don't recommend the firewall that comes built in to Windows.
It doesn't block everything that may try to get in, and the entire firewall is written to the registry.
As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions.


Four excellent free firewalls are:

Outpost Firewall Free
Comodo
Sunbelt Kerio
Sygate
NOTE: DO NOT install more than one firewall.

Note: If you choose Comodo - Please be careful with the installation of the Comodo program, it comes bundled with an adware toolbar which you need to de-select when you are going through the installation process. It's not a malicious program, but it may be a privacy risk and I don't think you want it on your system.


NEXT


The rest of your log appears to be clean,

time to clean up our tools:

please do the following:

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 26 November 2009 - 07:48 PM

D'oh! Spoke too soon. The focus stealing just happened again. Argh!

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 November 2009 - 07:50 PM

There doesn't appear to be any malware remaining on your system that could be causing this...can you try to explain in much greater detail what exactly is happening?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 26 November 2009 - 08:14 PM

I'll be watching something full screen on my PC like a movie or TV episode and suddenly it pops out of fullscreen and goes into the background as if a new window had popped up, but nothing has popped up. Just now as I was typing the word "watching" in this post, the window suddenly went into the background and the letters I was typing stopped showing up on the screen. and the blue title bar at the top of the screen faded out. Whatever window is active suddenly becomes inactive, but nothing else shows up in the foreground. I don't really know how else to describe it. I just downloaded and installed the Outpost firewall by the way.

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 27 November 2009 - 03:57 AM

Does a new window show up in your task bar when this happens?

Try this registry tweak to prevent it:

Copy and paste the following text inside the codebox into Notepad..

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"ForegroundFlashCount"=dword:00000000
"ForegroundLockTimeout"=dword:00030d40

Click Save As from the File menu
Select All Files from the Save As Type menu in the Save As dialog box
Save this file with a "reg" extension, name it fixfile.reg
Save it to your desktop.

It should look like this Posted Image

Locate and right-click fixfile.reg and then select Merge
When prompted, choose Yes

Reboot Windows for the change to take effect

This tells Windows to prevent any application window from popping up in front of your current one and instead only flash the icon in the taskbar.

Let me know if that helps

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#11 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 27 November 2009 - 07:13 AM

No. Nothing new shows up in the task bar when it happens and I've already tried that registry edit before opening the thread here. Unfortunately it doesn't prevent this from happening.

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 27 November 2009 - 07:38 AM

One of my expert colleagues advised to check to see if it's a firewall warning. By the time the screen comes back the warning isn't visible anymore, so it's difficult to know if that is the cause.

Try dis-connecting from the internet and run a video. If the issue doesn't occur, then it may be the settings in your firewall that need adjusting.

If that doesn't resolve anything then I think it's time to let our expert tech's take a peek.

Please start a new topic in our WINDOWS forum.

Link back to this topic so they can see you are clean of malware:

Hopefully they will be able to see what the issue is.

Good luck

~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 Peanut Butter

Peanut Butter

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 27 November 2009 - 10:13 AM

Thanks very much CB. Since I turned off the windows firewall and switched to the Outpost firewall and I'm still having the same issue, I doubt it's a firewall issue, but I'll try disconnecting and see what happens when I get home tonight. I'll start a thread in the Windows forum as you suggested. Thanks again for all of your help!

#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 30 November 2009 - 06:22 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users