1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved XP Logo Screen Freezing

Discussion in 'Malware and Virus Removal Archive' started by Jeff33, 2010/03/26.

Page 2 of 3
  1. 2010/03/26
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    Yep, and it froze up. :(
     
    Jeff33,
    #21
  2. 2010/03/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you have to use "Last known good configuration" again?
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/03/26
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    I didn't try anything. I just unplugged it. What do you want me to try next?
     
    Jeff33,
    #23
  5. 2010/03/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure, if we're dealing here with an infection. So far, nothing serious was found.
    Let's finish checking to eliminate infection possibility and we'll go from there.

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    ========================================================

    Disable your antivirus program.
    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

    Post fresh HJT log as well.
     
    broni,
    #24
  6. 2010/03/26
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    Ok, but it won't be until later today. It's 12:30 AM and I am going to bed. Talk to ya tomorrow bro!
    Thanks for the help!
     
    Jeff33,
    #25
  7. 2010/03/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem. It's getting late here too :)
     
    broni,
    #26
  8. 2010/03/27
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    I did another Hijackthis scan:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:44:50 PM, on 3/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\SoftwareDistribution\Download\91fdb2bb23ba8edd195d7bed698912e5\update\update.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg201.mail.yahoo.com/dc/launch?sysreq=ignore
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU "
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 6106 bytes
     
    Jeff33,
    #27
  9. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What about TFC and Kaspersky scan?
     
    broni,
    #28
  10. 2010/03/27
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    I did the tfc scan, but it asked me to restart, and when I did it hung up again. I am unable to anything that requires me to restart the system. I will run the kaspersky scan right now.
     
    Jeff33,
    #29
  11. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)....
     
    broni,
    #30
  12. 2010/03/27
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    This kaspersky download is going to take forever on dial-up. It's only at 2%! :(
    Anything else I can try?
     
    Jeff33,
    #31
  13. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This one should be faster...

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.

    Post fresh HijackThis log as well.
     
    broni,
    #32
  14. 2010/03/28
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    QuickScan Beta 32-bit v0.9.9.13
    -------------------------------

    Scan date: Sun Mar 28 13:25:20 2010
    Machine ID: 802C04



    No infection found.
    ---------------------



    Processes
    ---------
    <unsigned> AntiVir Desktop 1788 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    <unsigned> Multimedia Card Reader 1708 C:\Program Files\Digital Media Reader\shwiconem.exe
    <unsigned> PrismXL Software Family 856 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    <unsigned> SUPERAntiSpyware 1820 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    <unsigned> Viewpoint Manager 1244 C:\Program Files\Viewpoint\Common\ViewpointService.exe

    <verified> Firefox 3976 C:\Program Files\Mozilla Firefox\firefox.exe
    <verified> Java(TM) Platform SE 6 U11 648 C:\Program Files\Java\jre6\bin\jqs.exe
    <verified> Java(TM) Platform SE 6 U11 1744 C:\Program Files\Java\jre6\bin\jusched.exe
    <verified> Microsoft® Windows® Operating System 1612 C:\WINDOWS\Explorer.EXE
    <verified> Microsoft® Windows® Operating System 472 C:\WINDOWS\System32\alg.exe
    <verified> Microsoft® Windows® Operating System 660 C:\WINDOWS\system32\csrss.exe
    <verified> Microsoft® Windows® Operating System 740 C:\WINDOWS\system32\lsass.exe
    <verified> Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\services.exe
    <verified> Microsoft® Windows® Operating System 588 C:\WINDOWS\System32\smss.exe
    <verified> Microsoft® Windows® Operating System 1460 C:\WINDOWS\system32\spoolsv.exe
    <verified> Microsoft® Windows® Operating System 572 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 896 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 948 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 976 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1064 C:\WINDOWS\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1120 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\wdfmgr.exe
    <verified> Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\winlogon.exe
    <verified> Microsoft® Windows® Operating System 1356 C:\WINDOWS\system32\wscntfy.exe
    <verified> Microsoft® Windows® Operating System 2720 C:\WINDOWS\system32\wuauclt.exe
    <verified> Search Protection 1772 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    <verified> Yahoo! AutoUpdater 1340 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    Network activity
    ----------------
    Process firefox.exe (3976) connected on port 80 (HTTP) - 66.235.142.3
    Process firefox.exe (3976) connected on port 443 (HTTP over SSL) - 74.125.95.19
    Process firefox.exe (3976) connected on port 443 (HTTP over SSL) - 74.125.95.97
    Process firefox.exe (3976) connected on port 80 (HTTP) - 165.254.2.18
    Process firefox.exe (3976) connected on port 80 (HTTP) - 168.75.65.85
    Process firefox.exe (3976) connected on port 80 (HTTP) - 207.152.124.49
    Process firefox.exe (3976) connected on port 443 (HTTP over SSL) - 74.125.95.19
    Process firefox.exe (3976) connected on port 80 (HTTP) - 208.122.28.26
    Process firefox.exe (3976) connected on port 80 (HTTP) - 74.125.95.113
    Process firefox.exe (3976) connected on port 443 (HTTP over SSL) - 209.85.225.99
    Process firefox.exe (3976) connected on port 80 (HTTP) - 173.223.69.115

    Process svchost.exe (976) listens on ports: 135 (RPC)


    Autoruns and critical files
    ---------------------------
    <unsigned> AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    <unsigned> Application Remind_XP C:\WINDOWS\Creator\Remind_XP.exe
    <unsigned> EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE
    <unsigned> McAfee SpamKiller C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
    <unsigned> Multimedia Card Reader C:\Program Files\Digital Media Reader\shwiconem.exe
    <unsigned> Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE
    <unsigned> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    <unsigned> SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    <unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    <verified> Glary Utilities C:\Program Files\Glary Utilities\initialize.exe
    <verified> Java(TM) Platform SE 6 U11 C:\Program Files\Java\jre6\bin\jusched.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    <verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    <verified> NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
    <verified> Realtek Audio - Event Monitor C:\WINDOWS\ALCXMNTR.EXE
    <verified> Search Protection C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    <verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


    Browser plugins
    ---------------
    <unsigned> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    <unsigned> Java(TM) Platform SE 6 U11 c:\program files\java\jre6\bin\jp2ssv.dll
    <unsigned> Java(TM) Platform SE 6 U11 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    <unsigned> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    <unsigned> QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

    <verified> AcroIEHelper Library c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    <verified> BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w0jmv2z0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    <verified> BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w0jmv2z0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    <verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    <verified> Java(TM) Platform SE 6 U11 c:\program files\java\jre6\bin\ssv.dll
    <verified> Messenger C:\Program Files\Messenger\msmsgs.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    <verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    <verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    <verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
    <verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
    <verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


    Scan
    ----
    <unsigned> MD5: 031ccdff85a57172f3402cb99b3e9d46 C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    <unsigned> MD5: 11ab72d5d603db401c190b454fb935a7 C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    <unsigned> MD5: 4b0991cd076b617a2231b19a6663c1c9 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll
    <unsigned> MD5: 29680a793f690eef4aaa68479d2a6df8 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    <unsigned> MD5: 2013fba8166c3ef321f15917a4957b9f C:\Program Files\Avira\AntiVir Desktop\avipc.dll
    <unsigned> MD5: 6773f1370b793da385eb8b476595c103 C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
    <unsigned> MD5: 8dbc6f2f6f04003eed51744ef3a6539e C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
    <unsigned> MD5: 8ba9b411cf48d13115ebcb071c0463d3 C:\Program Files\Avira\AntiVir Desktop\ccgrdrc.dll
    <unsigned> MD5: ce1fccfc91c0a14de738d03d252f87b1 C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
    <unsigned> MD5: 580d9dc5effbfef0b2a2186f947bf3ea C:\Program Files\Avira\AntiVir Desktop\cclib.dll
    <unsigned> MD5: e77b57b521e5212f341338cc7c4adcdc C:\Program Files\Avira\AntiVir Desktop\cclic.dll
    <unsigned> MD5: 3a37ce4877ec2c1d9b6650ac2958855a C:\Program Files\Avira\AntiVir Desktop\cclicrc.dll
    <unsigned> MD5: 1d03cc5a2ee7204e7222405f71841fc2 C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
    <unsigned> MD5: 2a13898f9aac250ead07c7267b16c49d C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
    <unsigned> MD5: 7a62407e622d28df44ec3a7ab849a9c8 C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
    <unsigned> MD5: 318b0d2cf5470f724b217498553d36e6 C:\Program Files\Avira\AntiVir Desktop\shlext.dll
    <unsigned> MD5: 33d7285f12d934268a34206dfc4ad1b3 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    <unsigned> MD5: 3b9723245419456c846f140dc148bf9f C:\Program Files\Digital Media Reader\shwiconem.exe
    <unsigned> MD5: 0dcd17c9a3b135c61834c716a412a5bf C:\Program Files\Glary Utilities\rtl70.bpl
    <unsigned> MD5: 599dabd485b83b3ddbfcacfd60ac8774 C:\Program Files\Glary Utilities\vcl70.bpl
    <unsigned> MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    <unsigned> MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    <unsigned> MD5: 5d57fd3df32dc69cec3d1d54b4c43162 c:\program files\java\jre6\bin\jp2ssv.dll
    <unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
    <unsigned> MD5: f68edafe003f2b3523c0742cd3b8d673 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    <unsigned> MD5: a5f0ef1a69f6707f27e53ee54b8f8ac4 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
    <unsigned> MD5: 6b10550346c7ea1c96513f5f53e5ba87 C:\Program Files\Mozilla Firefox\freebl3.dll
    <unsigned> MD5: 97e2501ff70553dd4c6cc34bbb3a0e5f C:\Program Files\Mozilla Firefox\softokn3.dll
    <unsigned> MD5: dfe5f3feca7ff4851919806c5510115c C:\Program Files\Privacy Guardian\Shredder\ShredderShellExtension.dll
    <unsigned> MD5: 31a7aa2dedefbd3927b0cade051aac2c C:\Program Files\SUPERAntiSpyware\deupx.dll
    <unsigned> MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
    <unsigned> MD5: c030c9a39e85b6f04a8dd25d1a50258a C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    <unsigned> MD5: e9c2d75c748c3f0a4c34d6cf2ae1d754 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    <unsigned> MD5: 64c100dbf57c6cb6e7d5d24153f5e444 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    <unsigned> MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    <unsigned> MD5: d8edaeeaf63bbf45ed9b7a3666641c2a C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    <unsigned> MD5: 8a62a42e804c8aa0c7331bf83872befd C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    <unsigned> MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    <unsigned> MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    <unsigned> MD5: bacc877db547bd8f421891ebfb6282ed C:\WINDOWS\Creator\Remind_XP.exe
    <unsigned> MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    <unsigned> MD5: d3cc7a3813123e955b3a497c04b404e2 C:\WINDOWS\SMINST\RECGUARD.EXE
    <unsigned> MD5: 7c48a8fcb88fe8ab0ad16f416d6c31a1 C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    <unsigned> MD5: 4991184c394b01f1c55bb01d313518f8 C:\WINDOWS\System32\Drivers\btwusb.sys
    <unsigned> MD5: 86ca1a5c15a5a98d5533945fb1120b05 C:\WINDOWS\System32\Drivers\sunkfilt.sys
    <unsigned> MD5: 7bd86e3a12e5589ec68d859b672432da C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE


    No file uploaded.

    Scan finished - communication took 19 sec
    Total traffic - 0.04 MB sent, 2.42 KB recvd
    Scanned 868 files and modules - 146 seconds
     
    Jeff33,
    #33
  15. 2010/03/28
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:34:21 PM, on 3/28/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg201.mail.yahoo.com/dc/launch?sysreq=ignore
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU "
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8F16F915-81EB-4010-B5B4-FE50EBA487A9}: NameServer = 209.244.0.3 209.244.0.4
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 6144 bytes
     
    Jeff33,
    #34
  16. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You don't have any AV program running.
    Please, download and install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    ================================================================

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ===================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    =================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [unless you use paid version]
    O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU "
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [unless you use paid version]

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #35
  17. 2010/03/29
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    Won't I be required to restart my pc to complete the install?
     
    Jeff33,
    #36
  18. 2010/03/29
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    I am referring to the AV software.
     
    Jeff33,
    #37
  19. 2010/03/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Most likely. Whatever installation program will tell you.
     
    broni,
    #38
  20. 2010/03/29
    Jeff33

    Jeff33 Inactive Thread Starter

    Joined:
    2010/03/15
    Messages:
    49
    Likes Received:
    0
    Ok, I got Avira installed and active. I will work on that other stuff now.
     
    Jeff33,
    #39
  21. 2010/03/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)....
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...