![]() -key:xx - simulate using virtual key code xx.-ontaskbar - show a task bar button (use with -showdlg).-showdlg - shows a dialog indicating whether caffeine is active.-stes - tell Windows to stay awake, don't use F15.-allowss - prevent sleep, but allow the screensaver to start.-useshift - simulate the shift key instead of F15.-noicon - does not show a task tray icon.-replace - closes the current running instance, replacing it.-apptoggleshowdlg - toggles the running state, and shows dialog.-apptoggle - toggles the running state of the current running instance of the application.-appoff - makes the current running instance of the application inactive.-appon - makes the current running instance of the application active.-appexit - terminates current running instance of application.-inactivefor:xx - application will become active after xx minutes.-activefor:xx - application will become inactive after xx minutes.-exitafter:xx - application will terminate after xx minutes.-startoff - application starts disabled.Must be the first text on the commandline xx - where xx is a number which sets the number of seconds between simulated keypresses.There are some command line switches you can use to alter this behaviour: Double-clicking it again refills the pot, and will keep your machine awake.īy default the app starts enabled, and works every 59 seconds. Double-clicking the icon empties the coffee pot (that's what the icon is) and temporarily disables the program. The icon is shown above - it's the leftmost one in the task tray, and this is all you see. It works by simulating a keypress once every 59 seconds, so your machine thinks you're still working at the keyboard, so won't lock the screen or activate the screensaver. If you have problems with your PC locking or going to sleep, caffeine will keep it awake. = Pseudo HJT Report =īHO: SnagIt Toolbar Loader: - hxxp:///update/1.6.Caffeine Prevent your computer from going to sleep = Running Processes =Ĭ:\WINDOWS\system32\svchost -k DcomLaunchĬ:\WINDOWS\System32\svchost.exe -k netsvcsĬ:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exeĬ:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exeĬ:\Program Files\Cisco Systems\VPN Client\cvpnd.exeĬ:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exeĬ:\Program Files\LogMeIn\x86\LMIGuardianSvc.exeĬ:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeĬ:\Program Files\Parallels\Parallels Tools\Services\coherence.exeĬ:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exeĬ:\Program Files\Parallels\Parallels Tools\Services\prl_tools.exeĬ:\Program Files\Silk\Shared Files\SgLauncher\sgLauncher.exeĬ:\WINDOWS\system32\svchost.exe -k imgsvcĬ:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exeĬ:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEĬ:\Program Files\VMware\VMware Player\vmware-authd.exeĬ:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeĬ:\Program Files\VMware\VMware Player\hqtray.exeĬ:\Program Files\Parallels\Parallels Tools\SIA\SharedIntApp.exeĬ:\Program Files\Parallels\Parallels Tools\prl_cc.exeĬ:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exeĬ:\Program Files\DAEMON Tools Lite\DTLite.exeĬ:\Program Files\TechSmith\Snagit 9\Snagit32.exeĬ:\Program Files\TechSmith\Snagit 9\TSCHelp.exeĬ:\Program Files\TechSmith\Snagit 9\SnagPriv.exeĬ:\Program Files\TechSmith\Snagit 9\snagiteditor.exeĬ:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe I am a bit hesistant to post the attach.log file because it shows a lot about my systems configuration, please let me know if you really need it. posting encrypted data to the 4 specific hosts to /g.php Some of the behaviour i see occuring on my machine : In the end the dds.scr did work on my virtual. I run this XP image as bootcamp partition on my mac but ALSO as virtual machine in OS-X. So it seems like an infection through skype (unconfirmed but it was a weird call) with some homecalling malware. Please see attached screenshot for what I found the the message I got. ![]() ![]() Today however I noticed something very weird and found the file responsible. I found that suspicious enough to download process explorer and found that a process "Explorer.exe" was making registry changes and in netstat I found communication to a domain named ********.Įverything was suspicious to me but anti malware tools including malware bytes and online scans of the files had no results. Normally I need to select my profile to login but that wasn't necessary anymore. The next boot I noticed my login screen for windows was bypassed. I kept playing my game and shutdown my pc after. I decided to answer but didnt hear anything. Yesterday I had this strange call on skype from someone with "." as a name.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |