[4D(Fordy(Ford) Ollie]

Computer started off by opening Calculator randomly, which I at first put down to a keyboard fault (I'm not convinced I've got very good drivers for it, and has no calculator button that could be sticky)

Then yesterday it went to standby suddenly, and has a couple of times today.

Now doubting this as a coincidence, especially as it's a new build and install, so I had a brief window where I didn't have any protection installed.

CCleaner run a few times since I've been running it, registry fixes as well, with backups for that if need be.

If helps at all I also have one of those annoying bugs (Which I'm 99% sure is due to Netgear, however I can't seem to stop it this time) where the logon goes back to classic no matter how you set it. (tried deleting gina's etc.. no avail.)

Here's HJT:
One sec.. must have deleted it.. I'll post this so you can have a read and post a log as soon as I've redownloaded it..

EDIT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:38, on 29/04/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
K:\Program Files\Alwil Software\Avast4\ashServ.exe
K:\Program Files (x86)\Bonjour\mDNSResponder.exe
K:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
K:\WINDOWS\RTHDCPL.EXE
K:\Program Files (x86)\DNA\btdna.exe
K:\WINDOWS\SysWOW64\ctfmon.exe
K:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
K:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
K:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
K:\Program Files (x86)\iTunes\iTunesHelper.exe
K:\Program Files (x86)\iPod\bin\iPodService.exe
K:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
K:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
K:\Program Files (x86)\iTunes\iTunes.exe
K:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WinPatrol] "K:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [avast!] K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "K:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "K:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "K:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = K:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1240732031000
O17 - HKLM\System\CCS\Services\Tcpip\..\{54A66C0E-E05A-4012-95B0-661FD24E273B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{54A66C0E-E05A-4012-95B0-661FD24E273B}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - K:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - K:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - K:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - K:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - K:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - K:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - K:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - K:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - K:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - K:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - K:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - K:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - K:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - K:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - K:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - K:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - K:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Search (WSearch) - Unknown owner - K:\WINDOWS\system32\SearchIndexer.exe (file missing)
--
End of file - 7054 bytes

[4D(Fordy(Ford) Ollie]

MBAM:

Malwarebytes' Anti-Malware 1.36
Database version: 2059
Windows 5.2.3790 Service Pack 2
29/04/2009 17:50:50
mbam-log-2009-04-29 (17-50-50).txt
Scan type: Full Scan (B:\|C:\|K:\|S:\|)
Objects scanned: 132312
Time elapsed: 18 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Deleted Hijack.DisplayProperties, but I seriously doubt that's the cause?

Anyway, who am I to say.. you malware lads are the ones that know

Also if it's of any relevance - I just got an approval request for sys32\userlogon\userinit from WinPatrol, which I accepted, figuring it sounded familiar and ok? Not sure if that's a solution to my logon problem?

[evilfantasy]

Scan with Panda ActiveScan 2.0

This scanner requires Internet Explorer

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report in your next reply.

[4D(Fordy(Ford) Ollie]

Just to say, it's still going to standby since MBAM deletion.
Running Panda now, and you may want to update that template type thing, unless it's not always the same:

Country and province wern't asked for, and clicking on my computer wasn't neccessary.. Doesn't matter of course, just thought you may like to know.

On 60% with 35 infected files

Post with a log soon as done.

[evilfantasy]

Quote:

On 60% with 35 infected files

Panda reports cookies as a threat so it could just be that.

[4D(Fordy(Ford) Ollie]

Yeah they were just cookies, that's comforting

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-04-29 21:50:39
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
avast! antivirus 4.8.1335 [VPS 090428-0] 4.8.1335 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@247realmedia[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@tribalfusion[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@mediaplex[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@ad.yi eldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@ad.yieldmanager[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@servi ng-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@bs.serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@bs.se rving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@overt ure[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No K:\Documents and Settings\Administrator\Cookies\administrator@quest ionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@adrevolver[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No K:\Documents and Settings\Fordy\Cookies\fordy@atwola[1].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location |7@(39n
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description |7@(39n
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================

[evilfantasy]

Nada!!

There is a new version of CCleaner released today. http://www.ccleaner.com/download/builds

[4D(Fordy(Ford) Ollie]

What do you reckons going on then??

Running new CCleaner anyway, but that'd be a mircale if it made a difference..

EDIT:
Should I repost the issue as a random standby problem outside of the Virus section?

[evilfantasy]

I don't see anything in HJT or the Panda scan so I'm not sure what to think about that. Have you installed anything recently that might cause this?

[4D(Fordy(Ford) Ollie]

Nothing for a few days, and nothing I havn't used several times before.

Just Avast, CCleaner, WinPatrol.. it's only stuff like that that's on there at the moment.

I did have a dodgy Minefield installed, which wasn't working right, so I uninstalled it. Don't think it's that though.