Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Screen goes black after clicking link

This is a discussion on Screen goes black after clicking link within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. This is started about 3 weeks ago. It only is true for my email program Yahoo Mail and doesn't happen


 
 
Thread Tools Search this Thread
Old 06-10-2009, 05:01 AM   #1
Registered Member
 
Join Date: Jun 2009
Posts: 2
OS: XP



This is started about 3 weeks ago. It only is true for my email program Yahoo Mail and doesn't happen all the time so I can't get a bead on it. Whenever I click a link in my Yahoo mail to read a message the web browser will go to black for a split moment before opening the email. This sometimes happens also whenever I click on a link within the email. It will happen on occasion when Internet surfing going from site to site. It doesn't happen all the time so i can't say what does it exactly. But I find it a very odd thing to do and it's a new thing so in all I am very suspicious of what may be going on.


DDS (Ver_09-05-14.01) - NTFSx86 MINIMAL
Run by Administrator at 19:45:10.87 on Tue 06/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3289 [GMT -4:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrator\Desktop\First Steps\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://remoteaccess.wyndhamworldwid...home/index.cgi
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.trendsecure.com/commonapi/redirect.php?a=FD&l=en-US
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [AdobeBridge]
uRun: [WinColorReminder] c:\program files\pro imaging powertoys\microsoft color control panel applet for windows xp\WinColorReminder.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe
mRun: [HPHUPD06] c:\program files\hp\{ba2d9411-dbb4-43e4-9421-780413650a67}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photoc~1.lnk - c:\program files\pantone colorvision\photocal\PhotoCAL.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{cc15a5fc-b6d3-4a2d-8a26-d8f2702a3c00}\IcoUltraMon.ico
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240312364512
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://svphxqcenter01.hotelgroup.com/qcbin/Spider91.cab
DPF: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remoteaccess.wyndhamworldwide.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\pfub96ql.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.mc01g.mail.yahoo.com/mc/showFolder;_ylt=Aleauqfl5hX4rl0VChS0am0pl70X?fid=Inbox&sort=date&order=down&.rand=2097779821&filterBy=all
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pfub96ql.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [2009-2-27 95752]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [2009-2-27 28680]
R0 oodivd;O&O DiskImage VirtualDisk Driver;c:\windows\system32\drivers\oodivd.sys [2009-2-27 133640]
R0 oodivdh;oodivdh;c:\windows\system32\drivers\oodivdh.sys [2009-2-27 31240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-15 28544]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-9 24636]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2009-3-15 57344]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-17 47640]
S2 O&O DiskImage;O&O DiskImage;c:\program files\oo software\diskimage\oodiag.exe [2009-2-27 2106624]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-23 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-2-23 497008]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-23 36368]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-23 677128]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-9-14 10496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-2-23 335376]
S3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [2006-6-10 8078]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-09 19:33 <DIR> --d-h--- c:\windows\PIF
2009-06-05 22:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\com.Desktop.FlyCast.7C0C57158F17768D90610B2E569AA275F34D83AB.1
2009-06-05 22:49 <DIR> --d----- c:\program files\FlyCast
2009-06-05 14:43 34 a------- c:\docume~1\admini~1\applic~1\dsf.dat
2009-06-04 23:11 <DIR> --d----- c:\program files\Paint.NET
2009-06-03 18:25 34 a------- c:\windows\cdplayer.ini
2009-06-03 17:19 <DIR> --d----- C:\audiograbber
2009-06-03 16:58 344,064 a------- c:\windows\system32\msvcr70.dll
2009-05-23 16:09 <DIR> --d----- c:\docume~1\admini~1\applic~1\MXSkypeRecorder
2009-05-23 11:37 <DIR> --d----- c:\program files\Pro Imaging Powertoys
2009-05-23 11:33 <DIR> --d----- c:\windows\system32\URTTEMP
2009-05-23 09:23 <DIR> --d----- c:\windows\pss
2009-05-21 15:40 <DIR> --d----- c:\program files\CamStudio
2009-05-21 15:39 695,578 a------- c:\windows\system32\unins000.exe
2009-05-21 15:39 65,536 a------- c:\windows\system32\camcodec.dll
2009-05-21 15:39 1,078 a------- c:\windows\system32\camcodec.ico
2009-05-21 15:39 1,077 a------- c:\windows\system32\unins000.dat
2009-05-21 12:49 <DIR> --d----- c:\program files\ZD Soft
2009-05-21 00:24 <DIR> --d----- c:\program files\renaun.com
2009-05-19 19:57 <DIR> --d----- c:\program files\iLinc
2009-05-18 19:33 <DIR> --d----- c:\program files\Audacity
2009-05-18 19:07 6,592 a------- c:\windows\gwpreset.ini
2009-05-18 19:07 3,362 a------- c:\windows\express.eqx
2009-05-18 19:07 586 a------- c:\windows\goldwave.ini
2009-05-18 19:03 <DIR> --d----- c:\program files\GoldWave

==================== Find3M ====================

2009-06-09 13:02 12,595 a------- c:\windows\system32\wacom.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 16:37 57,344 a------- c:\docume~1\admini~1\applic~1\JuniperSetup.exe
2003-11-03 18:07 499,712 a------- c:\program files\msvcp71.dll
2003-11-03 18:07 348,160 a------- c:\program files\msvcr71.dll
2003-05-30 10:22 344,064 a----r-- c:\program files\msvcr70.dll
2002-01-05 04:40 487,424 a------- c:\program files\msvcp70.dll
2009-01-09 10:02 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-01-09 10:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-01-09 10:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010920090110\index.dat
2009-01-09 10:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 19:45:36.92 ===============
Attached Files
File Type: zip Attach.zip (5.8 KB, 6 views)

__________________
teelions is offline  
Old 06-14-2009, 12:50 PM   #2
Security Team
Analyst
 
Blade81's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jun 2008
Location: Finland
Posts: 1,448
OS: Win7 64-bit, Win8.1 64-bit



Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

__________________

Microsoft MVP Consumer Security 2008-2014
UNITE member since 2006
Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms please create own topic instead of following instructions given to some other.
Blade81 is offline  
Old 06-20-2009, 05:00 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,780
OS: XP Win7 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:06 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts