Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Complete freeze when trying to run SpywareBlaster

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » December 30th, 2007, 8:03 am

Experiencing complete freeze (lockup) when I attempt to run Spywareblaster and Trustsofts HistoryKill 2007.
I attempted to uninstall, reinstall these applications, but both seem to have corrupt installers so the
programs would not correctly uninstall. I get no system errors when lockup occurs, just a full freeze of the
system only cleared by a hard reboot.

Event view showed two recent NetDDE 206 errors "Listen failed: 23: The ncb_lana_num member did not specify a valid network number." and "Listen failed: 15: "

I am using Comodo, plus a router NAT, Eset's NOD32, Adaware, Spybot, SpywareGuard, SpywareBlaster and HistoryKill 2007.

I had to uninstall HistoryKill 2007 completely, for now. Attached is my HJT log. Please let me know if you see anything
which I need to be concerned with.

Thanks,
GuMan


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:46:19 AM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Comodo\Firewall\CPF.exe
G:\Program Files\Eset\nod32kui.exe
G:\WINDOWS\system32\netdde.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
G:\Program Files\Comodo\Firewall\cmdagent.exe
G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
G:\Program Files\Eset\nod32krn.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\UPHClean\uphclean.exe
G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Main\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Blackmagic CheckVersion PCI] G:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "G:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: FireBox Control Panel.lnk = G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8304550421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8304530812
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - G:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - GARMIN Corp. - (no file)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6984 bytes
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am
Advertisement
Register to Remove

Re: Complete freeze when trying to run SpywareBlaster

Unread postby Katana » January 3rd, 2008, 10:01 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 3rd, 2008, 10:53 pm

Note:
Downloaded 'dss.exe' via the link you provided. Executed and directed 'dss.exe' to
use it's clone method of HiJack. Upon completion, 'dss.exe' opened Notepad with
'Main.txt' (included below). However, no file called 'extra.txt' has been created or
opened. Path 'G:\Deckard\System Scanner' holds these output files, of which only
'Main.txt' exists. Feel free to advise on how to get the information you need from
me.

Deckard's System Scanner v20071014.68
Run by Main on 2008-01-03 21:48:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-03 21:48:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
G:\WINDOWS\system32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\E_S0XIC1.EXE
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Comodo\Firewall\cpf.exe
G:\Program Files\ESET\nod32kui.exe
G:\Program Files\SpywareGuard\sgmain.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
G:\Program Files\SpywareGuard\sgbhp.exe
G:\Program Files\Comodo\Firewall\cmdagent.exe
G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
G:\Program Files\ESET\nod32krn.exe
G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\UPHClean\uphclean.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Documents and Settings\Main\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Blackmagic CheckVersion PCI] G:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "G:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareGuard] G:\Program Files\SpywareGuard\sgmain.exe
O4 - HKLM\..\Run: [FireBox Control Panel] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
O4 - HKLM\..\Run: [CleanupAssistant Boot Cleaner] G:\Program Files\Cleanup Assistant\Cleanup Assistant.exe /boot
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {3234504D-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... pg4dmo.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... mv9dmo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8304550421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8304530812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/fl ... wflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - G:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - G:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - G:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - G:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - G:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - G:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\ESET\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe


--
End of file - 8724 bytes

-- Files created between 2007-12-03 and 2008-01-03 -----------------------------

2008-01-03 21:29:56 0 d-------- G:\Program Files\Trend Micro
2007-12-31 16:04:05 0 d-------- G:\Program Files\EsetOnlineScanner
2007-12-30 16:53:02 0 d-------- G:\Documents and Settings\Main\Application Data\CleanupAssistant
2007-12-30 16:52:47 0 d--h----- G:\Program Files\InstallJammer Registry
2007-12-30 16:52:24 0 d-------- G:\Program Files\Cleanup Assistant
2007-12-29 23:13:00 0 d-------- G:\Program Files\Apple Software Update
2007-12-29 23:13:00 0 d-------- G:\Documents and Settings\All Users\Application Data\Apple
2007-12-26 15:12:05 17408 --a------ G:\WINDOWS\system32\drivers\bmdpdisk.sys <Not Verified; Blackmagic Design; Blackmagic Design FrameLink>
2007-12-26 15:12:05 143872 --a------ G:\WINDOWS\system32\drivers\bmdpbox.sys <Not Verified; Blackmagic Design; Blackmagic Design FrameLink>
2007-12-26 14:19:04 0 d-------- G:\symbols
2007-12-26 14:12:27 0 d-------- G:\Program Files\Debugging Tools for Windows
2007-12-26 12:32:12 0 dr-h----- G:\Documents and Settings\Main\Recent
2007-12-25 23:17:12 8 --a------ G:\WINDOWS\mvraidver.dat
2007-12-25 22:58:03 53248 --a------ G:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2007-12-22 13:57:14 0 d-------- G:\Video Plug-Ins
2007-12-22 13:57:14 0 d-------- G:\Presets
2007-12-15 08:52:01 0 d-------- G:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2007-12-15 08:51:44 0 d-------- G:\Documents and Settings\Main\Application Data\Future Systems Solutions
2007-12-14 23:21:38 0 d-------- G:\Program Files\R-Drive Image
2007-12-14 22:04:34 0 d-------- G:\Program Files\Future Systems Solutions
2007-12-11 20:12:47 0 d-------- G:\Program Files\HD Tune
2007-12-08 10:07:18 0 d-------- G:\Documents and Settings\Main\Application Data\DVDFab
2007-12-08 09:36:43 47360 --a------ G:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-08 09:36:43 0 d-------- G:\Documents and Settings\Main\Application Data\Vso
2007-12-08 09:36:43 47360 --a------ G:\Documents and Settings\Main\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-08 09:36:40 0 d-------- G:\Program Files\DVDFab Platinum 4


-- Find3M Report ---------------------------------------------------------------

2008-01-03 21:12:19 0 d-------- G:\Program Files\FlashGet
2008-01-01 21:53:57 664 --a------ G:\WINDOWS\system32\d3d9caps.dat
2007-12-30 06:58:08 0 d-------- G:\Program Files\SpywareGuard
2007-12-29 23:14:08 0 d-------- G:\Program Files\QuickTime
2007-12-29 20:09:31 0 d-------- G:\Program Files\Intel
2007-12-25 22:44:42 0 d--h----- G:\Program Files\InstallShield Installation Information
2007-12-22 18:01:00 0 d-------- G:\Documents and Settings\Main\Application Data\Canon
2007-12-22 13:56:59 0 d-------- G:\Program Files\Boris FX, Inc
2007-12-11 00:27:27 0 d-------- G:\Program Files\EPSON Print CD
2007-12-11 00:27:26 18291 --a------ G:\WINDOWS\system32\EPPICResdb0000
2007-12-11 00:27:26 113 --a------ G:\WINDOWS\system32\EPPICResdb
2007-12-09 14:41:56 0 d-------- G:\Documents and Settings\Main\Application Data\BitTorrent
2007-12-08 09:36:51 34 --a------ G:\Documents and Settings\Main\Application Data\pcouffin.log
2007-12-08 09:36:43 1144 --a------ G:\Documents and Settings\Main\Application Data\pcouffin.inf
2007-12-08 09:36:43 7887 --a------ G:\Documents and Settings\Main\Application Data\pcouffin.cat
2007-12-01 22:41:33 0 d-------- G:\Program Files\Micro Technology Unlimited
2007-11-16 07:56:13 0 d-------- G:\Program Files\Sorenson Media
2007-11-15 20:37:36 0 d-------- G:\Program Files\ONES (E)
2007-11-14 22:54:48 0 d-------- G:\Program Files\Loudspeaker Design
2007-11-14 22:52:47 0 d-------- G:\Documents and Settings\Main\Application Data\Syntrillium
2007-11-14 22:49:42 0 d-------- G:\Program Files\TechSmith
2007-11-14 22:33:30 0 d-------- G:\Program Files\subsim
2007-11-10 17:56:45 0 d-------- G:\Documents and Settings\Main\Application Data\System Tweaker
2007-11-04 20:50:03 0 d-------- G:\Documents and Settings\Main\Application Data\Adobe
2007-11-04 19:27:32 0 d-------- G:\Program Files\Serious Magic
2007-11-04 18:49:07 979 ---hs---- G:\WINDOWS\system32\msrvdasm.dat
2007-10-26 15:17:50 114688 --a------ G:\WINDOWS\system32\mv_api.dll <Not Verified; Marvell; RAID API Dynamic Link Library>
2007-10-24 18:15:24 393216 --a------ G:\WINDOWS\system32\zraidapi.dll <Not Verified; ZApps; zraidapi Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo 900"="G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.exe" [12/10/2002 02:00 AM]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [09/17/2007 12:07 AM]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 12:07 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [12/10/2004 11:45 AM G:\WINDOWS\KHALMNPR.Exe]
"Blackmagic CheckVersion PCI"="G:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe" [11/16/2007 10:38 AM]
"COMODO Firewall Pro"="G:\Program Files\Comodo\Firewall\CPF.exe" [09/22/2007 09:53 AM]
"nod32kui"="G:\Program Files\Eset\nod32kui.exe" [04/27/2007 03:59 PM]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"SpywareGuard"="G:\Program Files\SpywareGuard\sgmain.exe" [08/29/2003 06:05 PM]
"FireBox Control Panel"="G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe" [10/10/2007 05:03 PM]
"CleanupAssistant Boot Cleaner"="G:\Program Files\Cleanup Assistant\Cleanup Assistant.exe" [10/30/2007 09:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-01-03 21:48:57 ------------
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby Katana » January 3rd, 2008, 11:03 pm

To get the Extra log
  • Click Start > Run type "G:\Documents and Settings\Main\Desktop\dss.exe" /config click OK
  • This will bring up a pop up box.
    • Uncheck Main log.
    • Check Extra log
      • check the 5 boxes beneath it.
  • Hit the Scan button.
  • When the scan finishes the Extra.txt file will be minimised in Taskbar at the bottom of your screen.
  • Post it back here please.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 3rd, 2008, 11:12 pm

Similar enough to your directions to work it out. dss.exe may be different version than you think.




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2045.7 MiB / 1523.03 MiB
Pagefile Memory (total/avail): 3936.58 MiB / 3608.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1989.08 MiB

A: is Removable (Unformatted)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 465.75 GiB total, 358.49 GiB free.
H: is Removable (No Media)
I: is Removable (No Media)
J: is Fixed (NTFS) - 1863.03 GiB total, 1709.62 GiB free.
K: is Fixed (NTFS) - 111.79 GiB total, 28.95 GiB free.
L: is Fixed (NTFS) - 465.76 GiB total, 396.34 GiB free.

\\.\PHYSICALDRIVE0 - Video_Work - 1863.03 GiB - 1 partition
\PARTITION0 - Installable File System - 1863.03 GiB - J:

\\.\PHYSICALDRIVE3 - LaCie Group SA LaCie 1394 Disk drive LUN 0 IEEE 1394 SBP2 Device - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - K:

\\.\PHYSICALDRIVE1 - Seagate ST3500630AS SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.75 GiB - G:

\\.\PHYSICALDRIVE2 - Seagate ST3500630AS SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - L:

\\.\PHYSICALDRIVE4 - VIA-P VT6205-DevB USB Device

\\.\PHYSICALDRIVE5 - VIA-P VT6205-DevM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
FirewallOverride is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\Program Files\\BitTorrent\\bittorrent.exe"="G:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"G:\\Program Files\\Messenger\\msmsgs.exe"="G:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=G:\Documents and Settings\All Users
APPDATA=G:\Documents and Settings\Main\Application Data
CLASSPATH=.;G:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=G:\Program Files\Common Files
COMPUTERNAME=GUVID
ComSpec=G:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=G:
HOMEPATH=\Documents and Settings\Main
LOGONSERVER=\\GUVID
NUMBER_OF_PROCESSORS=2
OldPath=G:\WINDOWS\system32;G:\WINDOWS;G:\WINDOWS\system32\WBEM;G:\Program Files\Common Files\Adobe\AGL;G:\Program Files\QuickTime\QTSystem\
OS=Windows_NT
Path=G:\WINDOWS\system32;G:\WINDOWS;G:\WINDOWS\system32\WBEM;G:\Program Files\Intel\DMIX;G:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=G:\Program Files
PROMPT=$P$G
QTJAVA=G:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=G:
SystemRoot=G:\WINDOWS
TEMP=G:\DOCUME~1\Main\LOCALS~1\Temp
TMP=G:\DOCUME~1\Main\LOCALS~1\Temp
USERDOMAIN=GUVID
USERNAME=Main
USERPROFILE=G:\Documents and Settings\Main
windir=G:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Main (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> G:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /I {2ECE7ECE-D15B-4999-8B8D-01C998F489D5}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
--> msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\PCHealth.inf
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Encore DVD FC --> MsiExec.exe /X{F6F6C08A-ED6F-4968-8292-A08E9F02584F}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000103}
Adobe Flash Player 9 ActiveX --> G:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Premiere Pro FC --> MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
Adobe Production Studio --> G:\PROGRA~1\INSTAL~1\{AAB06~1\setup.exe /relaunched/rootloc=e:\adobe production studio/lang=0409
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> G:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE G:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0 --> G:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fG:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Video Suite Extras --> MsiExec.exe /I{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\Setup.exe" -l0x9
Atomic Clock Sync --> G:\PROGRA~1\ATOMIC~1\UNWISE.EXE G:\PROGRA~1\ATOMIC~1\INSTALL.LOG
BitPim 0.9.14 --> "G:\Program Files\BitPim\unins000.exe"
BitTorrent 5.0.8 --> "G:\Program Files\BitTorrent\uninstall.exe"
Blackmagic DeckLink --> MsiExec.exe /I{28E81E41-69D9-41B0-889C-8377C4091AB5}
Boris FX --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{37EADA02-5920-47A6-A17D-A6E010187587}\setup.exe" -l0x9 -removeonly
Camtasia Studio 2 --> G:\Program Files\TechSmith\Camtasia Studio 2\CSuninst.EXE
Canon CanoScan Toolbox 4.9 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\Setup.exe" -l0x9 anything
Captura --> G:\WINDOWS\unvise32.exe G:\Program Files\uninstal.log
Cda Product Service - shared component --> G:\WINDOWS\CdaC13BA.EXE /uninstall
CDCheck (remove only) --> "G:\Program Files\CDCheck\uninst.exe"
Cleanup Assistant --> G:\Program Files\Cleanup Assistant\uninstall.exe
COMODO Firewall Pro --> G:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Creative ZEN Stone User's Guide --> "G:\Program Files\Creative\Creative ZEN Stone\UGRemove.exe" /Product_Name:ZENStoneUG
Debugging Tools for Windows --> MsiExec.exe /I{F3ECED46-91CC-4F44-9917-9A20085D5D26}
DesignPro 5.0 Limited Edition --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6}
DivX Codec --> G:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> G:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> G:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> G:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> G:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DV Rack --> MsiExec.exe /I{828ED61D-0C70-4AD9-B0A4-C827F64121CF}
DVD Identifier --> "G:\Program Files\DVD Identifier\Uninst\unins000.exe"
DVDFab Platinum 4.0.1.2 --> "G:\Program Files\DVDFab Platinum 4\unins000.exe"
Easy Mail for Windows 95/98/00/ME/NT/XP --> "G:\Program Files\Home Plan Software\EasyMail32\Remove.exe" /U:"G:\Program Files\Home Plan Software\EasyMail32\Remove.log"
EPSON EPIC --> G:\Program Files\epson\epic\sp900_e\uninstall.exe
EPSON Print CD --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> G:\Program Files\EPSON\PrinterDriverTemp\SP900\EPUPDATE.EXE /R
ESET Online Scanner --> G:\WINDOWS\system32\OnlineScannerUninstaller.exe
EVEREST Home Edition v2.20 --> "G:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Garmin MapSource --> MsiExec.exe /X{F3B76517-C1BC-40A7-814C-4C0A87E7D9DF}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GSview 4.8 --> G:\Program Files\Ghostgum\gsview\uninstgs.exe "G:\Program Files\Ghostgum\gsview\uninstal.txt"
HD Tune 2.54 --> "G:\Program Files\HD Tune\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "G:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICC Color Profiles --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{F055A917-7B25-4A2B-8970-2151C000CD61}\Setup.exe" -l0x9 anything
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel(R) SMBus --> G:\WINDOWS\system32\ismbun.exe -uninstall
IsoBuster 1.9.1 --> "G:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Juicer 2.1 --> "G:\Program Files\Digital Juice\Juicer 2\unins000.exe"
Juicer 3.0 --> "G:\Program Files\Digital Juice\Juicer 3\unins000.exe"
Juicer 3.0 SoundFX Edition 1.0 --> "G:\Program Files\Digital Juice\Juicer 3.0 SoundFX Edition\unins000.exe"
Knoll Light Factory 2.5 --> G:\WINDOWS\unvise32.exe G:\Program Files\Adobe\Adobe After Effects 7.0\Support Files\Plug-ins\KLF2.5GPU.log
Knoll Light Factory 2.5 PPro --> G:\WINDOWS\unvise32.exe G:\Program Files\Adobe\Adobe Premiere Pro 2.0\Plug-ins\en_US\Knoll Light Factory 2.5\klf2.5gpuppro.log
LG USB Drivers --> G:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE G:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LG USB Modem driver --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
Logitech SetPoint --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
MainConcept DV Codec --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A502A400-0CEF-42E6-BC7B-39B249703CFC} /l1033
MapSource --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
MapSource - City Select North America v6 --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5F8434AA-E977-4A28-8D39-35969565DF53} /l1033
Marvell 61xx MRU --> G:\Program Files\Marvell\61xx\uninstmru.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "G:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "G:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.11) --> G:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM --> G:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 Antivirus System --> G:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NVIDIA Drivers --> G:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
ONES (E) --> G:\WINDOWS\InZU31.exe /U:G:\Program Files\ONES (E)\Uninstall.inz /L:e /K:ONES(E)
PC Probe II --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PC Wizard 2007.1.73 --> "G:\Program Files\PC Wizard 2007\unins000.exe"
Pdf995 --> G:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> G:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
PL-2303 USB-to-Serial --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PreSonus 1394 Audio Driver v2.46 (FireBox) --> "G:\Program Files\PreSonus\1394AudioDriver_FireBox\uninst.exe" Software\PreSonus\1394AudioDriver_FireBox\Setup
Punch! Home Design - Platinum --> G:\PROGRA~1\PUNCH!~1\UNWISE.EXE G:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Quicken 2005 --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RW-Everything --> "G:\Program Files\RW-Everything\unins000.exe"
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Signature995 --> G:\Program Files\TaxCut06\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Sonic Foundry Soft Encode 1.0 - Dolby Digital 5.1 --> G:\WINDOWS\SF97UNIN.EXE /A G:\PROGRA~1\SONICF~1\SFTENCDD.LOG
Sony Sound Forge 7.0 --> MsiExec.exe /I{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}
Sorenson Squeeze 4.5 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}\setup.exe" -l0x9
SpamBayes 1.0.4 --> "G:\Program Files\SpamBayes\unins000.exe"
Spybot - Search & Destroy 1.4 --> "G:\Program Files\Spybot - Search & Destroy\unins000.exe"
Startup Control Panel --> MsiExec.exe /I{3DC91D8B-0C19-4D67-930B-D0AAD2009632}
Steinberg Cubase LE --> "G:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "G:\Program Files\Steinberg\Cubase LE\Install.log"
TaxCut Premium 2006 --> G:\PROGRA~1\TaxCut06\Program\removetc.exe
TMPGEnc Plus 2.5 --> G:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}
Uniblue RegistryBooster 2 --> "G:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue System Tweaker --> "G:\Program Files\Uniblue\System Tweaker\unins000.exe"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
ViewSonic Monitor Drivers --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Wave Corrector PE version 3.4 --> "G:\Program Files\WaveCor\unins000.exe"
Westell Firmware Upgrade --> G:\WINDOWS\unins000.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "G:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> G:\Program Files\WinRAR\uninstall.exe
WinZip --> "G:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-01-03 22:11:07 ------------
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby Katana » January 3rd, 2008, 11:35 pm

There is no obvious malware showing so far.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the Kaspesky log in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 3rd, 2008, 11:57 pm

Attempting to capitulate, however Kaspersky database download rate seems to be tuned
for 33.6k dial-up. Just ran full NOD32 scan and BD with no hits. I will reply with Kaspersky
log when it manages to pull it's pants up and get's to business.
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 4th, 2008, 9:12 am

Purged, updated Java. Ran Kaspersky this morning...


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 04, 2008 8:09:40 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/01/2008
Kaspersky Anti-Virus database records: 502374
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 219939
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:39:50

Infected Object Name / Virus Name / Last Action
G:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\Main\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\Main\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Main\Local Settings\History\History.IE5\MSHist012008010420080105\index.dat Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Temp\~DF39FE.tmp Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Temp\~DF9CBF.tmp Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Temp\~DFF403.tmp Object is locked skipped
G:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Main\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\Main\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
G:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
G:\Program Files\ESET\logs\virlog.dat Object is locked skipped
G:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
G:\Program Files\Marvell\61xx\Apache2\logs\access.log Object is locked skipped
G:\Program Files\Marvell\61xx\Apache2\logs\error.log Object is locked skipped
G:\System Volume Information\_restore{8D1852A4-1AD9-440E-9BB1-93B8F5912522}\RP206\change.log Object is locked skipped
G:\WINDOWS\CSC\00000001 Object is locked skipped
G:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
G:\WINDOWS\SchedLgU.Txt Object is locked skipped
G:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
G:\WINDOWS\Sti_Trace.log Object is locked skipped
G:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
G:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
G:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
G:\WINDOWS\system32\config\DEFAULT Object is locked skipped
G:\WINDOWS\system32\config\default.LOG Object is locked skipped
G:\WINDOWS\system32\config\Internet.evt Object is locked skipped
G:\WINDOWS\system32\config\SAM Object is locked skipped
G:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
G:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
G:\WINDOWS\system32\config\SECURITY Object is locked skipped
G:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
G:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
G:\WINDOWS\system32\config\software.LOG Object is locked skipped
G:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
G:\WINDOWS\system32\config\SYSTEM Object is locked skipped
G:\WINDOWS\system32\config\system.LOG Object is locked skipped
G:\WINDOWS\system32\h323log.txt Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
G:\WINDOWS\Temp\Perflib_Perfdata_200.dat Object is locked skipped
G:\WINDOWS\wiadebug.log Object is locked skipped
G:\WINDOWS\wiaservc.log Object is locked skipped
G:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{8D1852A4-1AD9-440E-9BB1-93B8F5912522}\RP206\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{8D1852A4-1AD9-440E-9BB1-93B8F5912522}\RP206\change.log Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\_restore{8D1852A4-1AD9-440E-9BB1-93B8F5912522}\RP206\change.log Object is locked skipped

Scan process completed.
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby Katana » January 4th, 2008, 12:16 pm

There is no malware apparent in your logs, lets try one last scan.



Download and Run ComboFix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 4th, 2008, 8:25 pm

First, thanks for keeping up with this. Second, I did update my Java, so your
last post should probably not have that commentary in it.

Here is the ComboFix log:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
ComboFix 08-01-04.1 - Main 2008-01-04 19:10:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1553 [GMT -5:00]
Running from: G:\Documents and Settings\Main\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Documents and Settings\Main\Application Data\inst.exe
G:\Program Files\Common Files\{3C6E6~1
G:\Program Files\Common Files\{3C6E6~1\toolbardll.lzma
G:\Program Files\Common Files\{3C6E6~1\UnInstall.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 19:09 . 2000-08-31 08:00 51,200 --a------ G:\WINDOWS\NirCmd.exe
2008-01-04 08:30 . 2008-01-04 08:35 54,156 --ah----- G:\WINDOWS\QTFont.qfn
2008-01-04 08:30 . 2008-01-04 08:35 1,409 --a------ G:\WINDOWS\QTFont.for
2008-01-03 22:50 . 2008-01-03 22:50 <DIR> d-------- G:\WINDOWS\system32\Kaspersky Lab
2008-01-03 22:50 . 2008-01-03 22:50 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 22:48 . 2007-09-24 23:31 69,632 --a------ G:\WINDOWS\system32\javacpl.cpl
2008-01-03 22:39 . 2008-01-03 22:39 <DIR> d-------- G:\Documents and Settings\Main\.SunDownloadManager
2008-01-03 22:18 . 2008-01-03 22:18 <DIR> d-------- G:\Program Files\SampleTank 2 Free
2008-01-03 21:56 . 2008-01-03 21:57 <DIR> d-------- G:\Documents and Settings\Main\Application Data\PrevxCSI
2008-01-03 21:56 . 2008-01-03 21:56 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Prevx
2008-01-03 21:48 . 2008-01-03 21:48 <DIR> d-------- G:\Deckard
2007-12-31 16:04 . 2007-12-31 16:05 <DIR> d-------- G:\Program Files\EsetOnlineScanner
2007-12-30 16:53 . 2007-12-30 17:02 <DIR> d-------- G:\Documents and Settings\Main\Application Data\CleanupAssistant
2007-12-30 16:52 . 2007-12-30 16:52 <DIR> d--h----- G:\Program Files\InstallJammer Registry
2007-12-30 16:52 . 2007-12-30 16:52 <DIR> d-------- G:\Program Files\Cleanup Assistant
2007-12-29 23:13 . 2007-12-29 23:13 <DIR> d-------- G:\Program Files\Apple Software Update
2007-12-29 23:13 . 2007-12-29 23:13 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2007-12-26 15:12 . 2007-11-16 10:25 143,872 --a------ G:\WINDOWS\system32\drivers\bmdpbox.sys
2007-12-26 15:12 . 2007-11-16 10:25 17,408 --a------ G:\WINDOWS\system32\drivers\bmdpdisk.sys
2007-12-26 14:19 . 2007-12-26 14:31 <DIR> d-------- G:\symbols
2007-12-26 14:12 . 2007-12-26 14:31 <DIR> d-------- G:\Program Files\Debugging Tools for Windows
2007-12-25 23:17 . 2008-01-04 19:15 8 --a------ G:\WINDOWS\mvraidver.dat
2007-12-25 22:58 . 2007-08-10 16:12 53,248 --a------ G:\WINDOWS\system32\CSVer.dll
2007-12-22 13:57 . 2007-12-22 13:57 <DIR> d-------- G:\Video Plug-Ins
2007-12-22 13:57 . 2007-12-22 13:57 <DIR> d-------- G:\Presets
2007-12-15 17:16 . 2005-09-23 08:29 626,688 --a------ G:\WINDOWS\system32\msvcr80.dll
2007-12-15 12:07 . 2007-12-15 12:14 1,245,216 --a------ G:\WINDOWS\system32\AutoPartNt.exe
2007-12-15 12:07 . 2007-12-15 12:16 1,024 --a------ G:\WINDOWS\system32\AutoPartNt.let
2007-12-15 08:52 . 2007-12-15 08:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2007-12-15 08:51 . 2007-12-15 08:51 <DIR> d-------- G:\Documents and Settings\Main\Application Data\Future Systems Solutions
2007-12-11 20:12 . 2007-12-11 20:12 <DIR> d-------- G:\Program Files\HD Tune
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ G:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ G:\WINDOWS\system32\QuickTime.qts
2007-12-08 10:07 . 2007-12-08 10:07 <DIR> d-------- G:\Documents and Settings\Main\Application Data\DVDFab
2007-12-08 09:36 . 2007-12-09 22:29 <DIR> d-------- G:\Program Files\DVDFab Platinum 4
2007-12-08 09:36 . 2007-12-09 22:33 <DIR> d-------- G:\Documents and Settings\Main\Application Data\Vso
2007-12-08 09:36 . 2007-12-08 09:36 47,360 --a------ G:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 09:36 . 2007-12-08 09:36 47,360 --a------ G:\Documents and Settings\Main\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 13:17 --------- d-----w G:\Program Files\Java
2008-01-04 04:47 --------- d-----w G:\Program Files\FlashGet
2008-01-04 03:33 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-01-04 03:04 --------- d-----w G:\Program Files\Sonic Foundry Soft Encode
2008-01-01 22:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\pdf995
2007-12-30 11:58 --------- d-----w G:\Program Files\SpywareGuard
2007-12-30 04:14 --------- d-----w G:\Program Files\QuickTime
2007-12-30 04:13 --------- d-----w G:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-30 01:09 --------- d-----w G:\Program Files\Intel
2007-12-30 01:09 --------- d-----w G:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
2007-12-26 01:03 --------- d---a-w G:\Documents and Settings\All Users\Application Data\TEMP
2007-12-22 23:01 --------- d-----w G:\Documents and Settings\Main\Application Data\Canon
2007-12-22 18:56 --------- d-----w G:\Program Files\Boris FX, Inc
2007-12-11 05:27 --------- d-----w G:\Program Files\EPSON Print CD
2007-12-09 19:41 --------- d-----w G:\Documents and Settings\Main\Application Data\BitTorrent
2007-12-02 03:41 --------- d-----w G:\Program Files\Micro Technology Unlimited
2007-12-02 03:40 --------- d-----w G:\Documents and Settings\All Users\Application Data\YoGen
2007-11-16 15:38 7,680 ----a-w G:\WINDOWS\system32\drivers\deckmp.sys
2007-11-16 15:38 2,274,304 ----a-w G:\WINDOWS\system32\drivers\decklink.sys
2007-11-16 15:24 18,944 ----a-w G:\WINDOWS\system32\drivers\deckser.sys
2007-11-16 15:24 13,824 ----a-w G:\WINDOWS\system32\drivers\deckaud.sys
2007-11-16 12:56 --------- d-----w G:\Program Files\Sorenson Media
2007-11-16 01:37 --------- d-----w G:\Program Files\ONES (E)
2007-11-15 03:54 --------- d-----w G:\Program Files\Loudspeaker Design
2007-11-15 03:52 --------- d-----w G:\Documents and Settings\Main\Application Data\Syntrillium
2007-11-15 03:49 --------- d-----w G:\Program Files\TechSmith
2007-11-15 03:33 --------- d-----w G:\Program Files\subsim
2007-11-13 10:25 20,480 ----a-w G:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 22:56 --------- d-----w G:\Documents and Settings\Main\Application Data\System Tweaker
2007-11-05 00:27 --------- d-----w G:\Program Files\Serious Magic
2006-10-28 17:43 1,378 ----a-w G:\Program Files\uninstal.log
2006-10-24 02:02 952 --sha-w G:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo 900"="G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.exe" [2002-12-10 02:00 75776]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 49152 G:\WINDOWS\KHALMNPR.Exe]
"Blackmagic CheckVersion PCI"="G:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe" [2007-11-16 10:38 4730880]
"COMODO Firewall Pro"="G:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-22 09:53 1115728]
"nod32kui"="G:\Program Files\Eset\nod32kui.exe" [2007-04-27 15:59 949376]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SpywareGuard"="G:\Program Files\SpywareGuard\sgmain.exe" [2003-08-29 18:05 360448]
"FireBox Control Panel"="G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe" [2007-10-10 17:03 1077248]
"CleanupAssistant Boot Cleaner"="G:\Program Files\Cleanup Assistant\Cleanup Assistant.exe" [2007-10-30 09:58 593920]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

R0 mv61xx;mv61xx;G:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-10-31 15:47]
R0 PzWDM;PzWDM;G:\WINDOWS\system32\Drivers\PzWDM.sys [2004-03-11 00:32]
R1 BMDPDisk;BMDPDisk;G:\WINDOWS\system32\drivers\BMDPDisk.sys [2007-11-16 10:25]
R2 BMDPBox;BMDPBox;G:\WINDOWS\system32\drivers\BMDPBox.sys [2007-11-16 10:25]
R2 Marvell RAID;Marvell RAID Event Agent;G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-10-24 18:15]
R2 MRUWebService;MRU Web Service;"G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe" [2007-08-24 05:06]
R2 osaio;osaio;G:\WINDOWS\system32\drivers\osaio.sys [2007-10-29 20:47]
R3 BMDDeckLinkAudio;BMDDeckLinkAudio;G:\WINDOWS\system32\DRIVERS\deckaud.sys [2007-11-16 10:24]
R3 BMDDeckLinkSerial;BMDDeckLinkSerial;G:\WINDOWS\system32\DRIVERS\deckser.sys [2007-11-16 10:24]
R3 DeckLink;DeckLink;G:\WINDOWS\system32\DRIVERS\DeckLink.sys [2007-11-16 10:38]
R3 DeckLinkDisplay;DeckLinkDisplay;G:\WINDOWS\system32\DRIVERS\deckmp.sys [2007-11-16 10:38]
R3 pae_1394;pae_1394;G:\WINDOWS\system32\Drivers\pae_1394.sys [2007-10-09 17:06]
R3 pae_avs;pae_avs;G:\WINDOWS\system32\Drivers\pae_avs.sys [2007-10-09 17:06]
S3 Asushwio;Asushwio;G:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-27 10:26]
S3 PciCon;PciCon;F:\PciCon.sys []
S3 ps_1394;ps_1394;G:\WINDOWS\system32\Drivers\ps_1394.sys [2004-10-14 14:33]
S3 ps_avs;ps_avs;G:\WINDOWS\system32\Drivers\ps_avs.sys [2004-10-14 14:33]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 04:13:03 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 19:16:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 19:19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 00:19:15

-----------------------------------------------------------------------------------------------
Here is the latest HJT logfile:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:20:17 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Comodo\Firewall\cmdagent.exe
G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
G:\Program Files\Eset\nod32krn.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\UPHClean\uphclean.exe
G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Comodo\Firewall\CPF.exe
G:\Program Files\Eset\nod32kui.exe
G:\Program Files\SpywareGuard\sgmain.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\SpywareGuard\sgbhp.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\notepad.exe
G:\Documents and Settings\Main\Desktop\Utilities\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Blackmagic CheckVersion PCI] G:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "G:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareGuard] G:\Program Files\SpywareGuard\sgmain.exe
O4 - HKLM\..\Run: [FireBox Control Panel] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
O4 - HKLM\..\Run: [CleanupAssistant Boot Cleaner] G:\Program Files\Cleanup Assistant\Cleanup Assistant.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8304550421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8304530812
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - G:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - GARMIN Corp. - (no file)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - G:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - G:\Program Files\Marvell\61xx\Apache2\bin\httpd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7246 bytes
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby Katana » January 4th, 2008, 9:16 pm

Well that cleared a couple of items, though they shouldn't have been causing your problems.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O23 - Service: Google Updater Service (gusvc) - GARMIN Corp. - (no file)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Download a new copy of spyware blaster and try installing it now.
SpywareBlaster 3.5.1
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 4th, 2008, 9:40 pm

SUCCESS!!

Also, Trustsofts HistoryKill2007 was locking up similarly, and is now fine.

I noted both applications are heavily Java based, so cleaning up the old
Java versions and updating to 6.0.3 probably is what did the trick.

Why won't Java updates clean up old versions? What a pain. I will have to
be more diligent about cleaning this stuff up.

Thanks ever so much for your help on this. I am glad it wasn't something
more serious. I try to be careful, but that doesn't do much good lately.
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 4th, 2008, 9:43 pm

FYI.. made a donation, since you helped so much.
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am

Re: Complete freeze when trying to run SpywareBlaster

Unread postby Katana » January 5th, 2008, 7:06 am

Good, I'm glad things are sorted :)
Java was and is a pain the auto updater rarely works, the updates never remove old versions, but we are stuck with it if we want to use java based applications.
Thankyou for the donation, it is very much appreciated :thumbup:

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up :D

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.

Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

The following is some info to help you stay safe and clean.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan ... ncipal.htm
http://www.kaspersky.com/virusscanner

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    All the programs in this list have a free version.
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • AVG Anti-Spyware 7.5 <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner
  • Ad-Aware 2007 Free <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 3.5.1
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep


Also PLEASE read this article.......So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Complete freeze when trying to run SpywareBlaster

Unread postby GuMan » January 5th, 2008, 12:55 pm

All is well, thanks. Purged restore files.

I currently use:

Eset's NOD32

These items I run once a week (at least)
Kaspersky's Online scanner
Spybot 1.4 (No TeaTimer, however... slows down the machine too much)
Adaware 2007
SpywareBlaster 3.5.1

SpywareGuard 2.2

I bought HistoryKill a long time ago before there was
much out there, and I like that it runs on browser exit
automatically. Since I own it, I use it. I have kept it
up to date, and now run HistoryKill2007.

I also have Uniblue's RegistryBooster 2. Seems like it works
well.

I noticed that when I reinstalled Firefox (which I use every so often)
about a month ago, I failed to go and get the AddOns you recommend.
This is a possible entry point. A few websites I have, as well as the
webserver in my DSL modem, do not like IE7.

Thanks again for the help!
GuMan
Active Member
 
Posts: 9
Joined: December 30th, 2007, 7:50 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware