Virus scan freeze up

**spinkfloyd** · 04-09-2007

Can any one help please? I cannot run any of my anti-virus programs both AVG and Uniblue Spy ware are freezing after scanning for 10mins or so. Then my PC freezes and I have to reboot to come out of these programs. Any help much appreciated!

**Neal** · 04-09-2007

Welcome,

Go here http://www.d-a-l.com/help/showthread.php?t=32403 download hijackthis, follow instructions there and copy/paste back here in this thread and we will have a look

**spinkfloyd** · 05-09-2007

thanks for reply Neil;

tried to do as you said but none of the anti virus progs would complete there scans every thing froze up. All I can do is paste this log hope it helps!

Logfile of HijackThis v1.99.1
Scan saved at 12:06:59, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Startup Faster 2004\s***ent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184980823546
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

**Neal** · 05-09-2007

What about the uninstall list, could be important to look at that.

Not a thing showing in that hijackthis log even if it is an older version.

Are you saying you can't click on that link I gave you.

Why can't you install the hijackthis from the link I provided?

Rename hijackthis from the link like this:

Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

**spinkfloyd** · 06-09-2007

OK! Neil hope I have done it right this time????????

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:11, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Startup Faster 2004\s***ent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184980823546
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5986 bytes

uninstall list......

616 PC File Transfer
Ad-Aware SE v1.06r1
Adobe Reader 8.1.0
Adobe Stock Photos 1.0
Ashampoo Burning Studio 6
Ashampoo Magical Defrag 2
avast! Antivirus
BT Engine 4.8
CCleaner (remove only)
CDDRV_Installer
COMODO Firewall Pro
Creative MediaSource
Diskeeper Professional Premier Edition
ePrompter
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
FLAC 1.1.4b (remove only)
foobar2000 v0.9.4.4
Geoff Hamilton's 3D Garden Designer
Google Toolbar for Internet Explorer
Hauppauge English Help Files and Resources
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
Hauppauge WinTV2000
Hawking Hi-Gain Wireless-G USB Dish Adapter
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Intellisync Lite for NEC 616
InterVideo FilterSDK for Hauppauge
IrfanView (remove only)
Java 2 Runtime Environment Standard Edition v1.3.1_18
Java(TM) 6 Update 2
KhalInstallWrapper
Logitech SetPoint
MAGIX Media Manager 2004 silver
MAGIX music studio 2005 deLuxe
McAfee SiteAdvisor
Memory-Map OS Edition Version 5
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
NVIDIA nTune
Online Manuals for WinTV (English)
Opera 9.22
Pack Vista Inspirat 2 1.0
PC Connectivity Solution
PC Pitstop Optimize 1.5
Perf3490P_3590P User's Guide
Prevx 2.0 Agent
QuickTime
Realtek High Definition Audio Driver
RegCure 1.0.0.43
Registry Mechanic 6.0
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sound Blaster Live! 24-Bit External
Spybot - Search & Destroy 1.4
SpywareGuard v2.2
Startup Faster! 2004
Tasco SkyWatch (Remove only)
The One Ring 3D Screensaver 1.0
Trojan Remover 6.6.1
Typing Tutor
U3Launcher
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VideoAvatar
Window Washer
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896626
WinRAR archiver
XP Repair Pro 2007
Yahoo! Widgets

**spinkfloyd** · 06-09-2007

Also ran Dr.Web CureIt, but this also froze mid scan

**Neal** · 06-09-2007

Having this Prevx 2.0 Agent and Avast anti-virus could be cause of problems. It is always better having one anti-virus program running at the same time.

If you can't run any scanners it is going to be extremely difficult if not impossible in removeing any malware that might be present. hijackthis log is clean.

Right click on dr. web cureit > select rename > type something simple like kitty, then press enter and try to run the scan again.

Other idea:

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip

Unzip it to the desktop and double-click on it.
Silent Runners will ask if you want to skip the supplementary search.
Please select 'No' to include them.
The program will take longer to run, but will give us more information.

If you get any kind of warning message about scripts, please choose to allow the script to run.

When the scan is finished, a message will pop up and a logfile will have been created on the desktop.
The logfile is named 'Startup Programs' by default and will be located where the program is.

Please post the entire contents of this logfile for me to see.

**spinkfloyd** · 09-09-2007

Hope I've done this right this time

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"StartupFaster" = ""C:\Program Files\Startup Faster 2004\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP" ["URSoft,Inc"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once\ {++}
"WIAWizardMenu" = "RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu " [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\6172\SiteAdv.dll" ["McAfee, Inc."]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shredding Utility"
-> {HKLM...CLSID} = "Window Washer Shredding Utility"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShellEx.dll" ["SEIKO EPSON CORPORATION"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"
-> {HKLM...CLSID} = "Window Washer Shredding Utility"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"
-> {HKLM...CLSID} = "Window Washer Shredding Utility"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Default executables:
--------------------

HKLM\Software\Classes\htafile\shell\open\command\ = (key not found)
HKLM\Software\Classes\htafile\ = (key not found)

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\RON\Application Data\IrfanView\IrfanView_Wallpaper.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\THEONE~1.SCR" (The One Ring 3D Screensaver.scr) [null data]

Enabled Scheduled Tasks:
------------------------

"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE" ["Safer Networking Limited"]
"Uniblue SpeedUpMyPC Nag" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" [file not found]
"Uniblue SpeedUpMyPC" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" [file not found]
"Uniblue SpyEraser" -> launches: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -s" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor"
-> {HKLM...CLSID} = "McAfee SiteAdvisor"
\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\6172\SiteAdv.dll" ["McAfee, Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AshampooDefragService, AshampooDefragService, "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe" [" "]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Comodo Application Agent, CmdAgent, "C:\Program Files\Comodo\Firewall\cmdagent.exe" ["COMODO"]
Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
EPGService, EPGService, "C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe" ["Hauppauge Computer Works"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
nTune Service, nTuneService, "C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SiteAdvisor Service, SiteAdvisor Service, "C:\Program Files\SiteAdvisor\6172\SAService.exe" ["McAfee, Inc."]
Window Washer Engine, wwEngineSvc, "C:\Program Files\Webroot\Washer\WasherSvc.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

---------- (launch time: 2007-09-09 13:05:16)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 48 seconds.
---------- (total run time: 152 seconds)

think it might be time to flatten this PC and start again with a fresh system and stop downloading all this crap I got on here!!!!!!!!!!!!!

**Neal** · 09-09-2007

Probably a good idea as silentrunners came up clean and if you can't run the malware removeing scanners your pretty much pooched.

Good luck.

Virus scan freeze up

Virus scan freeze up

Similar Threads

PC TURNS OFF DURING VIRUS SCAN (again)

Virus Scan?????

Virus in Online Hardware Scan???

can not complete a virus scan

Rebooting during virus scan