Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: chitose Invisible Window  (Read 7377 times)

0 Members and 1 Guest are viewing this topic.

Jax_Minnesota

    Topic Starter


    Rookie

    chitose Invisible Window
    « on: June 28, 2009, 09:17:26 AM »
    My computer is operating rather nicely, ever since EvilFantasy helped me debug some malware. 

    However, this morning, a strange dialog box came up when I was re-booting.  It said something about trouble closing “chitose Invisible Window”  I did a Google search for this subject, and came up with a few fragments that talked about a keystroke logger, and a bunch of Japanese pages.  (There is a city in Northern Japan named Chitose.)  Translating a handful of these pages though, some of the Japanese writers were forum posters that also were worried about spyware.  The first English page that comes up links to a Warez site which sells keystroke loggers...

    Advice?

    My computer is a Fujitsu lifebook, with a T2300 Intel processor, Windows XP Media Center Edition, ver 2002, SP3. 
    Logged

    Quantos



      Guru
    • Veni, Vidi, Vici
      • Thanked: 170
      • Yes
      • Yes
    • Computer: Specs
    • Experience: Guru
    • OS: Linux variant
    Re: chitose Invisible Window
    « Reply #1 on: June 28, 2009, 11:49:18 AM »
    This is going to seem obvious, but here goes.

    Is it a corporate computer, or a used computer that may have or have had a reason for this to be installed on it?
    Logged
    Evil is an exact science.

    Jax_Minnesota

      Topic Starter


      Rookie

      Re: chitose Invisible Window
      « Reply #2 on: June 28, 2009, 12:02:21 PM »
      No - this is my personal laptop.  Used occasionally by family members. 
      Logged

      Quantos



        Guru
      • Veni, Vidi, Vici
        • Thanked: 170
        • Yes
        • Yes
      • Computer: Specs
      • Experience: Guru
      • OS: Linux variant
      Re: chitose Invisible Window
      « Reply #3 on: June 28, 2009, 12:08:18 PM »
      Okay, I was just wondering, there are a few corporations that apparantly don't trust the staff.  Personally I'd never work at such a place.  But I had to ask.  :)
      Logged
      Evil is an exact science.

      Karnac



        Specialist

        Thanked: 211
        Re: chitose Invisible Window
        « Reply #4 on: June 28, 2009, 12:26:46 PM »
        You know the drill.....

        http://www.computerhope.com/forum/index.php/topic,46313.0.html


        Post your 3 logs and a specialist will have a look.......

        BTW is this program showing up in add/remove programs in control panel?
        Logged


        Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

        Jax_Minnesota

          Topic Starter


          Rookie

          Re: chitose Invisible Window
          « Reply #5 on: June 28, 2009, 09:28:12 PM »
          Nope - nothing out of the ordinary shows up in the Control Panel/Remove Programs window... 

          Here are my three log files --
          --------------------------------------------------------------------------------------------
          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 06/28/2009 at 05:53 PM

          Application Version : 4.26.1006

          Core Rules Database Version : 3960
          Trace Rules Database Version: 1901

          Scan type       : Complete Scan
          Total Scan Time : 00:51:25

          Memory items scanned      : 751
          Memory threats detected   : 0
          Registry items scanned    : 5588
          Registry threats detected : 0
          File items scanned        : 81366
          File threats detected     : 3

          Adware.Tracking Cookie
             C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
             C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
             C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt

          -------------------------------------------------------------------------------------------------
          Malwarebytes' Anti-Malware 1.38
          Database version: 2347
          Windows 5.1.2600 Service Pack 3

          6/28/2009 10:13:30 PM
          mbam-log-2009-06-28 (22-13-30).txt

          Scan type: Quick Scan
          Objects scanned: 93927
          Time elapsed: 5 minute(s), 4 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 0
          Registry Values Infected: 0
          Registry Data Items Infected: 0
          Folders Infected: 0
          Files Infected: 0

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          (No malicious items detected)

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          (No malicious items detected)

          Files Infected:
          (No malicious items detected)

          --------------------------------------------------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 10:24:02 PM, on 6/28/2009
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v8.00 (8.00.6001.18702)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
          C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\agrsmsvc.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\Program Files\Maxtor\Sync\SyncServices.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
          C:\WINDOWS\system32\SearchIndexer.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\ehome\ehtray.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\WINDOWS\AGRSMMSG.exe
          C:\Program Files\Apoint2K\Apoint.exe
          C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
          C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
          C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
          C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
          C:\Program Files\CyberLink Codec\PDVDServ.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
          C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
          C:\Program Files\ESET\ESET Smart Security\egui.exe
          C:\WINDOWS\eHome\ehmsas.exe
          C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
          C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
          C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
          C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\Program Files\Apoint2K\HidFind.exe
          C:\Program Files\Apoint2K\Apntex.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Windows Desktop Search\WindowsSearch.exe
          C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
          C:\WINDOWS\system32\SearchProtocolHost.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
          O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
          O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
          O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
          O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
          O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
          O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
          O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink Codec\PDVDServ.exe"
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
          O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
          O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
          O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
          O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
          O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
          O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
          O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
          O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
          O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
          O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
          O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
          O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
          O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239386189328
          O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
          O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
          O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
          O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
          O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
          O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

          --
          End of file - 9991 bytes


          Logged

          Quantos



            Guru
          • Veni, Vidi, Vici
            • Thanked: 170
            • Yes
            • Yes
          • Computer: Specs
          • Experience: Guru
          • OS: Linux variant
          Re: chitose Invisible Window
          « Reply #6 on: June 28, 2009, 09:50:41 PM »
          Quote
          BTW is this program showing up in add/remove programs in control panel?

          Can you take a look at that?
          Logged
          Evil is an exact science.

          Karnac



            Specialist

            Thanked: 211
            Re: chitose Invisible Window
            « Reply #7 on: June 28, 2009, 09:53:16 PM »
            Quote from: Jax_Minnesota on June 28, 2009, 09:28:12 PM
            Nope - nothing out of the ordinary shows up in the Control Panel/Remove Programs window... 



            Logged


            Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

            Quantos



              Guru
            • Veni, Vidi, Vici
              • Thanked: 170
              • Yes
              • Yes
            • Computer: Specs
            • Experience: Guru
            • OS: Linux variant
            Re: chitose Invisible Window
            « Reply #8 on: June 28, 2009, 11:13:40 PM »
            *censored*, it was worth a shot.
            Logged
            Evil is an exact science.

            Jax_Minnesota

              Topic Starter


              Rookie

              Re: chitose Invisible Window
              « Reply #9 on: June 29, 2009, 07:20:10 AM »
              I look forward to seeing what you find from your analysis of the three logs. 

              Last night another odd dialog box came out, stating "CiceroUIWndFrame is not responding."  I read on a forum that this may have something to do with a handwriting and speech recognition function in Office XP, which I use.  But I thought I would bring it to your attention. 

              I have no need for speech or handwriting recognition. 
              « Last Edit: June 29, 2009, 10:38:28 AM by Jax_Minnesota »
              Logged
              Pages: [1]   Go Up
              « previous next »