WindowEnhancer

[emjayh]

It's been a long while since I've posted 'cos I had NO problems.......it was great.

Couple of weeks ago had an HP auto update............ since then (I think) when online on the tool bar at the bottom where the windows you have open show every ten minutes or so I get another split second window. No writing just the a small white box top left of it.

Ran Panda activescan :

Adware/WindowEnhancer C:\WINDOWS\SYSTEMS\SBUtils\SB Winet.dll
Adware/WindowEnhancer C:\WINDOWS\SYSTEMS\SBUtils\SB WebTools.dll

Have since run AVG virus scan
Ad Aware in safe mode
Spybot in safe mode
CW Shredder in safe mode with VX2 add-on - all clean
Gone through program files - nothing dodgy there
Have also ran Bitdefender - no infections
Have also ran McAfee Free scan - no infections

Ran Panda active scan again and 2 infections still show up but it won't or can't fix.

Can somebody have a look at my log and get back to me - Cheers
This is what activescan showed

Adware:Adware/WindowEnhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWinet.dll
Adware:Adware/WindowEnhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebTools.dll
Logfile of HijackThis v1.99.1
Scan saved at 1:56:11 PM, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124261917128
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...79/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D1247D-3E38-40B5-9C27-A4241CE6D079}: NameServer = 202.27.158.40 202.27.156.72
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe



Thanks guys

[POADB]

Welcome back to TSF

Simply delete this foldeR:

C:\WINDOWS\SYSTEM\SBUtils\

Reboot your computer.

Does Panda find anything now?

[emjayh]

Well that was easy................ Folder deleted, ran panda activescan showed nothing, great thank you.

But......................... still having this little window pop up every few minutes when online and I notice my screensaver seems to please itself when it chooses to work or not. Also occasionally, when screensaver is working for no apparent reason and without touching a damn thing the screen will re-appear - these incidents may happen irrespective of being online or not.
Hence my initials reason for running activescan to start with.

Maybe this thread needs moving else where now??

Thanks again

[POADB]

Let's experiment.

I have a hunch it's the HP software.

Fix these items in HJT:

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

Reboot your computer and use let me know if the problem occurs.

[emjayh]

Items deleted everything working as normal, even runs faster although hadn't really noticed it was slower until items deleted.

What I don't understand is why the HP update should add on something that has and adverse affect on your system ????????

Well, thanks again guys, you're becoming the 4th emergency service as we rapidly move into this high tech reliant world.

Cheers

[POADB]

Test it out for a few days, and I'll keep this thread open.

The HP software installs an 'optional' manager and update tool. It will periodically check for updates and system activity..and it's proving a bit of nuisance.

That is indeed if this part of the utility is to blame.

Let me know ina few days if the issue does not occur again.

[emjayh]

Cheers POADB, everything working like a dream, screen-saver back to normal, power save back to normal, and no little windows popping up in the tool bar when I'm on the net. Done several checks with adaware, spybot,panda a/scan etc everything clean and dandy.

Consider the thread resolved, many thanks.