Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie 7 Pops A Completely Blank Page (ie7)


  • Please log in to reply
18 replies to this topic

#1 thumperzluv

thumperzluv

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 27 June 2007 - 04:10 PM

I use Vista Home Premium on a new HP. Frequently, IE7 puts up a completely blank page...no toolbars, no status bar and no 'red x' to close it. F 11 does nothing to it. It looks like I painted my entire screen white and I have to use the Task Manager to close it. What's even stranger is that it can happen from my desktop before I've even opened IE. I use Avast$ (free)Anti Virus, Spysweeper, SB S&D, Spyware Blaster, Ad-Aware and Windows Defender.This is a screenshot...
IE7 pops up a blank page
'Pest Patrol' found 2 keys...

Network1.Popups
hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net

trojan.win32.dialer.hc
hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\domains\sgrunt.biz

I saved these as .reg files and then deleted them, but this didn't help.
Here is the HijackThis Log...
Logfile of HijackThis v1.99.1
Scan saved at 12:31:27 PM, on 6/27/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.wildblue.com/wpad.det
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Any help will be very appreciated.......
Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 08 July 2007 - 01:23 PM

Hi thumperzluv,

Our apologiies for the delay. If you still need help, please post a new log so I can see if anything has changed.

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 thumperzluv

thumperzluv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 08 July 2007 - 07:50 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:07 PM, on 7/8/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.wildblue.com/wpad.det
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8456 bytes
Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 09 July 2007 - 12:37 AM

OK, well, I'm not seeing any obvious signs of malware. The two keys found by Pest Patrol were probably SpywareBlaster putting those sites in your Restricted Zone--I've got the same two on my system. Pest Patrol is known for raising false alarms about other security tools like this.

With all the security you have on your system you probably are suffering from some type of incompatibility with some of your programs on Vista or how they interact with each other on Vista. I would suspect IE7Pro and possibly Incredimail's Magnetic and some others may be buggy or not work on Vista, especially if you do not have the latest version. But this is speculation at this point, let's get some more information.

Please do the following.

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking "Save Report As HTML" Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop.
9. Post the Kaspersky scan results in your next reply.

Open HijackThis and click Open Misc Tools Section.

Now click the Open Uninstall Manager button, then the Save List button. Save the list somewhere convenient like My Documents and then the list will open in Notepad. Copy and Paste that list into your next reply to this post.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 thumperzluv

thumperzluv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 10 July 2007 - 11:06 AM

Papakid, I think you may be right. I don't think I have an infection.
SuperAntiSpyware went nuts on this last scan, though. I started it and left, expecting it to be done when I returned, but it was still scanning 15 HOURS later, so I aborted it!
It never takes more than an hour, and I only have about 70,000 files, but this showed 800,000+! (Weird :thumbsup: ) Anyway, all it found was the usual...cookies.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2007 at 04:05 AM

Application Version : 3.8.1002

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 15:07:16

Memory items scanned : 657
Memory threats detected : 0
Registry items scanned : 7351
Registry threats detected : 0
File items scanned : 812624
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\FRANKLIN\AppData\Roaming\Microsoft\Windows\Cookies\franklin@ad.yieldmanager[2].txt
C:\Documents and Settings\FRANKLIN\AppData\Roaming\Microsoft\Windows\Cookies\franklin@ads.pointroll[1].txt
C:\Documents and Settings\FRANKLIN\AppData\Roaming\Microsoft\Windows\Cookies\franklin@atdmt[2].txt
C:\Documents and Settings\FRANKLIN\AppData\Roaming\Microsoft\Windows\Cookies\franklin@doubleclick[1].txt
C:\Documents and Settings\FRANKLIN\Application Data\Microsoft\Windows\Cookies\franklin@ad.yieldmanager[2].txt
C:\Documents and Settings\FRANKLIN\Application Data\Microsoft\Windows\Cookies\franklin@ads.pointroll[1].txt
C:\Documents and Settings\FRANKLIN\Application Data\Microsoft\Windows\Cookies\franklin@atdmt[2].txt
C:\Documents and Settings\FRANKLIN\Application Data\Microsoft\Windows\Cookies\franklin@doubleclick[1].txt
C:\Documents and Settings\FRANKLIN\Cookies\franklin@ad.yieldmanager[2].txt
C:\Documents and Settings\FRANKLIN\Cookies\franklin@ads.pointroll[1].txt
C:\Documents and Settings\FRANKLIN\Cookies\franklin@atdmt[2].txt
C:\Documents and Settings\FRANKLIN\Cookies\franklin@doubleclick[1].txt


I couldn't get Kaspersky to work, after I O.K.ed the Active X, it just quit downloading, but I suspect that it would have found only cookies, too. I installed IE7Pro after the problem started, but I think I will uninstall Magentic and see if that helps. I'll let you know, and thanks for your help !
Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 11 July 2007 - 12:23 AM

OK.

I would still like to check closer for malware tho. The problems with the scanners might be because of new security tools--have you installed anything new lately, for example SpySweeper? This is why I wanted to see the uninstall list so please go ahead and post that.

Try running the Kaspersky scanner again, but disable Avast first.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 thumperzluv

thumperzluv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 12 July 2007 - 07:52 PM

Papakid, Sorry it took so long. I had to jump through many hoops to get this far. Disableing Avast worked for the download to scan, but I couldn't save the log until after I stopped my IE Security completely, which meant I had to start all over again! :thumbsup:

Here are the logs, and Thanks for your help !
Char

Uninstall list

8:31 PM 7/12/2007
4UOnly 1.2.7
7-Zip 4.47 beta
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Animation Shop 3 Try And Buy
avast! Antivirus
Belarc Advisor 7.2
BILLIARD COLLECTION
CalendarPal
CCleaner (remove only)
CCScore
Cleanse Uninstaller 2.57
Darts
DivX
Driver Magician 3.16
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hardware Diagnostic Tools
HLPPDOCK
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Photosmart Essential 2.0
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
IE7Pro
InControl 2.4
IncrediMail Xe
Java™ SE Runtime Environment 6
Java™ SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Lexmark X1100 Series
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Magentic
MailWasher Pro
Microsoft .NET Framework 1.1
Microsoft English TTS 5.1
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 5.0
MVision
My HP Games
Nature Illusion Studio
Notifier
NVIDIA Drivers
OcxSetup
OfotoXMI
OpenOffice.org 2.1
OTtBP
OTtBPSDK
Paint Shop Pro 7 Try And Buy
Python 2.4.3
Realtek High Definition Audio Driver
Registry Mechanic 6.0
Revo Uninstaller 1.10
Rio Internet Update
Rio Music Manager
Rio Taxi
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Scrabble Complete
SFR
SHASTA
SKIN0001
SKINXSDK
Smileycons 6.0
Soft Data Fax Modem with SmartCP
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Star Downloader Free
staticcr
SUPERAntiSpyware Free Edition
TextAloud
The Print Shop 22
TSP_CODEC
UMVPLStandalone
URGE
Virtual Pool Windows
VPRINTOL
Windows Media Player Firefox Plugin
WinPatrol
WIRELESS
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zappit!

KASPERSKY ONLINE SCANNER REPORT I've never seen this report before, but what is with the repeated "Object is locked skipped" ?

Thursday, July 12, 2007 7:36:43 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/07/2007
Kaspersky Anti-Virus database records: 361820


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 201298
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 01:38:52

Infected Object Name Virus Name Last Action
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\10952[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[2].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[3].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[4].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[5].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\186[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\256[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\256[2].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[2].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\402[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[2].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[3].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[4].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[5].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[2].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[1].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[2].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[3].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[4].ssq Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[5].ssq Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_CHARLOTTE.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_CHARLOTTE.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_CHARLOTTE.log Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\95776a7b6ac3e40ec6790ede8087efd9_77455242-8461-4eb6-a990-4bbd4a95e8db Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog02.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog04.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog05.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog06.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog07.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog12.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog13.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog14.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog16.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog17.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog18.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog19.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog20.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog21.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog22.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog24.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog25.sqm Object is locked skipped

C:\ProgramData\Microsoft\eHome\logs\eHomeLog26.sqm Object is locked skipped

C:\ProgramData\Microsoft\User Account Pictures\Guest.dat Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007071220070713\index.dat Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\UsrClass.dat{d801cdf3-2732-11dc-b220-0018f3fabc12}.TM.blf Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\UsrClass.dat{d801cdf3-2732-11dc-b220-0018f3fabc12}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows\UsrClass.dat{d801cdf3-2732-11dc-b220-0018f3fabc12}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Temp\~DF3683.tmp Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Temp\~DFC833.tmp Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Temp\~DFC936.tmp Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\Temp\~DFE371.tmp Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\VirtualStore\Program Files\Yahoo!\Messenger\logs\billing_CHARLOTTE.log Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\VirtualStore\Program Files\Yahoo!\Messenger\logs\client_CHARLOTTE.log Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\VirtualStore\Program Files\Yahoo!\Messenger\logs\network_CHARLOTTE.log Object is locked skipped

C:\Users\CHARLOTTE\AppData\Local\VirtualStore\Windows\yacs.log Object is locked skipped

C:\Users\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\CHARLOTTE\Desktop\Mom's Case\Programs.exe\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped
C:\Users\CHARLOTTE\ntuser.dat Object is locked skipped

C:\Users\CHARLOTTE\ntuser.dat.LOG1 Object is locked skipped

C:\Users\CHARLOTTE\ntuser.dat.LOG2 Object is locked skipped

C:\Users\CHARLOTTE\ntuser.dat{d801cdf1-2732-11dc-b220-0018f3fabc12}.TM.blf Object is locked skipped

C:\Users\CHARLOTTE\ntuser.dat{d801cdf1-2732-11dc-b220-0018f3fabc12}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\CHARLOTTE\ntuser.dat{d801cdf1-2732-11dc-b220-0018f3fabc12}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog01.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog03.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog04.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog05.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog06.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog07.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog08.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog09.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog10.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog11.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog12.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog13.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog14.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Microsoft\Portable Devices\wpdlog15.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Temp\wmplog00.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Temp\wmplog01.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Temp\wmplog02.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Temp\wmplog03.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Temp\wmplog04.sqm Object is locked skipped

C:\Users\FRANKLIN\AppData\Local\Temp\wmplog05.sqm Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped

C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped

C:\Windows\Logs\CBS\CBS.log Object is locked skipped

C:\Windows\Logs\DPX\setupact.log Object is locked skipped

C:\Windows\Logs\DPX\setuperr.log Object is locked skipped

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped

C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped

C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped

C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped

C:\Windows\security\database\secedit.sdb Object is locked skipped

C:\Windows\SoftwareDistribution\EventCache\{F20698AA-E4D8-4944-93C9-075BA640C936}.bin Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\components Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\default Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\sam Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\security Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\software Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\system Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped

C:\Windows\System32\SMI\Store\Machine\schema.dat Object is locked skipped

C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped

C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped

C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped

C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\HPCeeScheduleForCHARLOTTE.job Object is locked skipped

C:\Windows\Tasks\HPCeeScheduleForFRANKLIN.job Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

C:\Windows\yacs.log Object is locked skipped

Scan process completed.
Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 16 July 2007 - 12:24 PM

Hi thumperzluv,

My apologies for being late getting back to you as well. I do still suspect this is some kind of software conflict or incompatibilty, as your logs still look malware free. It just bothers me that you had trouble running the two scans I asked of you and that the problem you posted about is unexplained. Is that still happening?

Did you try uninstalling Magnetic as you mentioned earlier? Can you think of what you may have installed around the time this started happening? As I asked about earlier, a newly installed security software could be the culprit. As malware has gotten more sophisticated, so have the security tools that deal with it. AV's and antispyware/malware applications are blocking more web-based threats: ad-blockers, phishing filters, Parental Controls, registry protection, etc. There could be unknown conflicts when running more than one and this could be compounded by the new OS.

Running supplementary scans on demand is no problem, it is the protection that runs in the background that can get overdone. I generally just use my AV protection and decline to enable any others if given a choice. That works for me because I don't engage in high-risk surfing but it is not for everyone. I only mention it because you have several several sophisticated protections running now.

Windows Defender
WinPatrol
SpySweeper

These are all great products (at least Defender used to be), but I am not sure you need all of them. SpySweeper's last upgrade version had problems when it first came out and you can now get it with an antivirus, the latter of which could clash with one alreadyinstalled. WinPatrol is basically an intrusion Prevention System that works much like a firewall. What I would suggest is that you disable and/or uninstall two of the above, then run your system for a while and see if it resolves the problem. For example, uninstall SpySweeper, disable Defender and see how things run for a while.

The other possibilites are programs that interact with IE or alter the appearance of Windows. Your desktop appearance is actually a rendering of IE, moreso if you have Active Desktop enabled. This is why Incredimail and programs associated with it like Magnetic are also suspect. But I would look at anything connected to IE and browsing, including your download manager.

If you can narrow it down to one particular program causing the problem, then contact their support so the bugs can be worked out. Also first check out the system requirements to see if they are meant to run on Vista yet.

The one "infection" KAV found is part of Incredimail and not anything to worry about. Some people mistrust any program that can download stuff for you but I have never heard of Incredimail downloading anything evil. It also is sometimes flagged as adware because the free version displays ads and some people think seeing any ad is evil. If this doesn't bother you you have nothing to worry about.

Also all those locked files are just shown for informational purposes. 99% of the time those are protected system files or things like your AV's quarantine folder that are protected for a reason and legit. Occasionally you will see malware files that are trying to protect themselves. Your system looks OK to me.

I wish I could give more specific help. There is still a possibility that you have something that is well-hidden, like a root-kit, but I am still looking for a rootkit scanner that is known to work on Vista. I think there would be more showing up in the logs tho as they tend to give themselves away in other ways, but while I look let's run one more scan.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 18 July 2007 - 10:00 PM

For anyone else reading this, thumperzluv had some trouble posting the DSS log so I'm posting for her.

O.K. I uninstalled Magentic, SpySweeper and Win Patrol, but kept Defender enabled. Here are the DSS logs...

Deckard's System Scanner v20070711.54
Run by CHARLOTTE on 2007-07-18 at 14:08:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2007-07-18 08:25:24 UTC - RP249 - Windows Update
17: 2007-07-16 08:51:14 UTC - RP248 - Scheduled Checkpoint
16: 2007-07-15 19:32:44 UTC - RP247 - Scheduled Checkpoint
15: 2007-07-15 06:51:39 UTC - RP246 - Scheduled Checkpoint
14: 2007-07-14 08:04:05 UTC - RP245 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-07-07 16:23:27 UTC - RP231 - Device Driver Package Install: HP Keyboards


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-18 14:15:51
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\CHARLOTTE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\Program Files\Star Downloader\SDIEInt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys

S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-05 21:16:11 334 --a------ C:\Windows\Tasks\HPCeeScheduleForFRANKLIN.job
2007-06-20 15:33:55 338 --a------ C:\Windows\Tasks\HPCeeScheduleForCHARLOTTE.job


-- Files created between 2007-06-18 and 2007-07-18 -----------------------------

2007-07-16 13:48:44 0 d-------- C:\Program Files\Wondershare
2007-07-13 18:04:02 0 d-------- C:\Windows\cache
2007-07-13 11:25:37 0 d-------- C:\Windows\PCHEALTH
2007-07-13 11:25:37 0 d-------- C:\Program Files\MSN Messenger
2007-07-10 11:49:12 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-07-09 11:53:22 0 d-------- C:\Windows\BDOSCAN8
2007-07-08 20:40:49 0 d-------- C:\Program Files\Trend Micro
2007-07-08 13:34:17 0 d-------- C:\Users\All Users\Google Updater
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\Templates
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\Start Menu
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\SendTo
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\Recent
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\PrintHood
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\NetHood
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\Local Settings
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\Cookies
2007-07-02 20:18:31 0 d--hs---- C:\Users\Guest\Application Data
2007-07-02 20:18:30 0 d--hs---- C:\Users\Guest\My Documents
2007-07-02 20:16:08 0 dr------- C:\Users\Guest\Downloads
2007-07-02 20:16:08 0 dr------- C:\Users\Guest\Documents
2007-07-02 20:16:08 0 dr------- C:\Users\Guest\Desktop
2007-07-02 20:16:08 0 d--h----- C:\Users\Guest\AppData
2007-07-02 20:16:07 0 dr------- C:\Users\Guest\Videos
2007-07-02 20:16:07 0 d-------- C:\Users\Guest\Saved Games
2007-07-02 20:16:07 0 dr------- C:\Users\Guest\Pictures
2007-07-02 20:16:07 262144 --a------ C:\Users\Guest\ntuser.dat
2007-07-02 20:16:07 0 dr------- C:\Users\Guest\Music
2007-07-02 20:16:07 0 dr------- C:\Users\Guest\Links
2007-07-02 20:16:07 0 dr------- C:\Users\Guest\Favorites
2007-06-29 18:09:08 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-06-29 17:59:56 0 d-------- C:\KAV
2007-06-28 20:57:40 0 d-------- C:\Users\All Users\Macromedia
2007-06-28 20:55:43 0 d-------- C:\Users\All Users\Mozilla
2007-06-28 16:33:23 12800 --a------ C:\Windows\system32\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2007-06-28 16:33:23 92208 --a------ C:\Windows\system32\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2007-06-26 14:18:44 0 d-------- C:\Program Files\CCleaner
2007-06-23 19:52:59 0 d-------- C:\Users\All Users\CheckPoint
2007-06-23 19:07:33 0 d-------- C:\Windows\Internet Logs
2007-06-23 18:23:03 0 d-------- C:\Program Files\7-Zip
2007-06-22 11:58:53 3840 --a------ C:\Windows\system32\drivers\BANTExt.sys
2007-06-22 11:58:53 0 d-------- C:\Program Files\Belarc
2007-06-20 17:38:45 0 d-------- C:\Webroot


-- Find3M Report ---------------------------------------------------------------

2007-07-18 09:30:55 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\MailWasherPro
2007-07-16 09:24:20 0 d-------- C:\Program Files\Star Downloader
2007-07-13 18:09:11 0 d-------- C:\Program Files\Yahoo!
2007-07-11 11:44:20 0 d-------- C:\Program Files\Windows Mail
2007-07-10 14:00:33 0 d-------- C:\Program Files\Google
2007-07-09 12:57:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-08 12:44:42 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\WinPatrol
2007-07-08 12:44:41 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\ImageBadger
2007-07-08 12:44:41 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\IE7pro
2007-07-08 12:44:41 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\CuteReminder
2007-07-06 14:28:26 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\Lamantine
2007-07-05 16:55:34 0 d-------- C:\Program Files\SpywareBlaster
2007-07-01 10:47:46 164 --a------ C:\install.dat
2007-06-30 23:52:03 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-06-29 15:43:08 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\Yahoo!
2007-06-24 21:22:47 0 d-------- C:\Program Files\HP
2007-06-23 20:11:47 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\OpenOffice.org2
2007-06-23 17:40:48 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\WinRAR
2007-06-22 13:21:39 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\AltrixSoft
2007-06-22 12:19:27 0 d-------- C:\Program Files\IE7Pro
2007-06-21 19:48:18 0 d-------- C:\Program Files\TextAloud
2007-06-18 10:23:21 0 d-------- C:\Program Files\IncrediMail
2007-06-16 20:52:53 0 d-------- C:\Program Files\Lexmark X1100 Series
2007-06-15 21:26:03 0 d-------- C:\Program Files\Zards software
2007-06-08 12:27:13 0 d-------- C:\Program Files\VSRevoGroup
2007-05-30 22:08:20 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\SUPERAntiSpyware.com
2007-05-30 22:07:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-30 01:21:21 0 d-------- C:\Program Files\Bytescribe
2007-05-27 13:12:50 0 d-------- C:\Program Files\Driver Magician
2007-05-20 11:20:58 0 d-------- C:\Users\CHARLOTTE\AppData\Roaming\Media Center Programs
2007-05-16 19:00:19 390 --a------ C:\Users\CHARLOTTE\AppData\Roaming\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00011268-E188-40DF-A514-835FCD78B1BF} C:\Program Files\IE7Pro\IE7Pro.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
{FFFFFEF0-5B30-21D4-945D-000000000000} C:\PROGRA~1\STARDO~1\SDIEInt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
@=""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"RtHDVCpl"="RtHDVCpl.exe"
"hpsysdrv"="c:\\hp\\support\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NvSvc"="\"RUNDLL32.EXE\" C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="\"C:\\Program Files\\Windows Sidebar\\sidebar.exe\" /autoRun"
"Magentic"="\"C:\\PROGRA~1\\Magentic\\bin\\Magentic.exe\" /c"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,6c,61,75,6e,\
63,68,65,72,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdiez.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc



-- End of Deckard's System Scanner: finished at 2007-07-18 at 14:16:33 ---------

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 893.94 MiB / 236.3 MiB
Pagefile Memory (total/avail): 2042.64 MiB / 1288.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.95 MiB

C: is Fixed (NTFS) - 226.63 GiB total, 165.92 GiB free.
D: is Fixed (NTFS) - 6.25 GiB total, 1.11 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1001 [VPS 000757-4] v4.7.1001 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Spy Sweeper v5.5.1.3356 (Webroot Software Inc)<<< I uninstalled this before the scan, so why is this here?

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\CHARLOTTE\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHARLOTTE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\CHARLOTTE
LOCALAPPDATA=C:\Users\CHARLOTTE\AppData\Local
LOGONSERVER=\\CHARLOTTE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHARLO~1\AppData\Local\Temp
TMP=C:\Users\CHARLO~1\AppData\Local\Temp
USERDOMAIN=CHARLOTTE-PC
USERNAME=CHARLOTTE
USERPROFILE=C:\Users\CHARLOTTE
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

CHARLOTTE
FRANKLIN
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
--> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
4UOnly 1.2.7 --> "C:\Program Files\Dillobits Software\4UOnly\unins000.exe"
7-Zip 4.47 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Animation Shop 3 Try And Buy --> MsiExec.exe /I{4B2B78EC-5111-4C0E-A955-0D84BBA49740}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BILLIARD COLLECTION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1979C406-7B7E-42A6-A2F5-1DCBB443CADC}\setup.exe" -l0x9
CalendarPal --> C:\Program Files\CalendarPal\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cleanse Uninstaller 2.57 --> C:\Program Files\Zards software\Cleanse Uninstaller\uninst.exe
Darts --> MsiExec.exe /X{F91CB93C-E24C-4932-A3F9-C4A6403F90CF}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Driver Magician 3.16 --> "C:\Program Files\Driver Magician\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Google Earth --> MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential 2.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor --> MsiExec.exe /X{0373779B-A362-4B2E-B8E9-7442F19F9394}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IE7Pro --> "C:\Program Files\IE7Pro\unins000.exe"
InControl 2.4 --> "C:\Program Files\InControl\UninsHs.exe"
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140010_116ea53\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark X1100 Series --> C:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MailWasher Pro --> "C:\Program Files\FireTrust\MailWasher Pro\unins000.exe"
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft English TTS 5.1 --> MsiExec.exe /I{27A33E01-2CBF-405A-A7DA-B900218DB898}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}\setup.exe" -l0x9
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Nature Illusion Studio --> C:\Program Files\Nufsoft\NatureStudio\Uninstall.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OcxSetup --> MsiExec.exe /I{C3DC29BC-A8CF-4578-9DFC-37F049C44771}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Paint Shop Pro 7 Try And Buy --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.10 --> C:\Program Files\VSRevoGroup\RevoUninstaller\uninst.exe
Rio Internet Update --> MsiExec.exe /X{3101857A-2D36-4DD5-A092-27478119601A}
Rio Music Manager --> MsiExec.exe /X{12141D70-0324-42DB-B5E8-706040083931}
Rio Taxi --> MsiExec.exe /X{434C733C-27FA-423E-8CDC-F72B55631BA5}
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Scrabble Complete --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36649A3-D0DD-4706-B042-F5B384529C7A}\Setup.exe" -l0x9
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smileycons 6.0 --> "C:\Program Files\Smileycons\unins000.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Star Downloader Free --> C:\PROGRA~1\STARDO~1\UNWISE.EXE C:\PROGRA~1\STARDO~1\INSTALL.LOG
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TextAloud --> "C:\Program Files\TextAloud\unins000.exe"
The Print Shop 22 --> MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}
TSP_CODEC --> C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Virtual Pool Windows --> C:\Windows\uninst.exe -f"C:\Program Files\Intrplay\VPoolW\DeIsL1.isu"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wondershare Photo Story Platinum (2.1.0) --> "C:\Program Files\Wondershare\Photo Story Platinum\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! IE Search Suggest --> C:\PROGRA~1\Yahoo!\Search\UNINST~1.EXE
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zappit! --> "C:\Program Files\Zappit\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-07-18 at 14:16:33 ---------


Papakid, I will repost if the blank page pops up again.Thanks!

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 19 July 2007 - 01:01 AM

OK, I think I know why you didn't get the screen I asked about in the PM but not sure why the board blocked you from posting and not me.

Main thing is DSS found something suspicious. Let's deal with that first. I'm going to give instructions and links that are based on XP--if any of the steps are different for Vista let me know and I'll try to get stuff updated.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows

Do a file search for kdiez.exe In XP when you click on Search, there is an advance button that will allow you to set the search for hidden files and folders, make sure anything similar in Vista is enabled. Let me know what folder it is in if you find it.

When (if) you find this file, click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/flash/index_en.html

I have a few more comments and suggestions, but the board was down for a few hours and will have to deal with that later. Just one question:

Did you ever have any Norton or Symantec products installed, maybe something that came preinstalled when you bought the computer? I don't see anything in your Add/Remove lists but you have a service from them running that I overlooked earlier.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#11 thumperzluv

thumperzluv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 19 July 2007 - 06:08 PM

Yes, Papakid, I did have Norton's preinstalled. I tossed it for Avast.

Problems with both scanners. File was located at C:\ProgramData\Spybot - Search & Destroy\Recovery\ZlobMovieBox.zip\kdiez.exe

Jotti said, "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file."

VirusTotal said, "0 bytes size received / Se ha recibido un archivo vacio"

So I disabled my Windows firewall, tried again, and got the same message.

On the brighter side, it's been 30 hours and counting since I've seen the "white screen of aggravation" !

Thanks for all your help, you've been very patient with me !

BTW...This link http://www.virustotal.com/flash/index_en.html gave me a '404 page not found', so I just went to their home page...

Edited by thumperzluv, 19 July 2007 - 06:17 PM.

Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 19 July 2007 - 09:54 PM

Thanks for pointing out the virustotal link, they've changed their website and I've now updated my canned speech.

OK, the file is probably not getting scanned because it is zipped and in Spybot's Recovery section--their version of quarantine. So the file has been moved and no longer active, but it left a registry entry behind. Submit this file for me please, go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop:

C:\ProgramData\Spybot - Search & Destroy\Recovery\ZlobMovieBox.zip

Then click on the Send File button.

I would still like to find the original location of the file. Open Spybot S&D and if not already in Advanced mode, go to the Mode menu and put it there.

Then Tools>View Report>Previous Report. The numbers in each report file are the date when run--look thru the Fix reports and find the one where kdiez.exe was fixed and copy and paste that log back here, please.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#13 thumperzluv

thumperzluv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 20 July 2007 - 08:06 AM

Papakid, I sent you ZlobMovieBox.zip but I had to copy and send it from my desktop.
Here id the Spybot report you requested...


--- Report generated: 2007-06-08 12:53 ---

Free-Key-Logger: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2296132645-2245484895-395743741-1000\Software\Virtuoza

Zlob.MovieBox: Executable (File, fixing failed)
C:\Windows\System32\kdiez.exe

ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)


ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)


ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Firefox: default) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Firefox: default) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Firefox: default) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Firefox: default) (Cookie, fixed)


SystemDoctor2006: Tracking cookie (Firefox: default) (Cookie, fixed)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-06 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-06 Includes\DialerC.sbi (*)
2007-05-30 Includes\Hijackers.sbi (*)
2007-06-06 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-06-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-06-06 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-06 Includes\PUPSC.sbi (*)
2007-06-06 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-06 Includes\SecurityC.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-06-06 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-06-06 Includes\TrojansC.sbi (*)

Have a nice day !
Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!

#14 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 22 July 2007 - 11:21 PM

Thanks for all your help, you've been very patient with me !

Well, I thanks you for being patient with me as well. I got the file you sent but should have known that the zip is password protected and only Spybot knows the password.

The log says that "fixing failed", so the kdiez.exe file may still be present. With files and folders till unhidden, navigate to C:\Windows\System32 folder and let me know if you can see the kdiez.exe file.

Click this link-->Attached File  tfix.reg   126bytes   3 downloads to download tfix.reg and save it to your desktop. Then double-click the file and allow it to merge with your registry and reboot.

If kdiez.exe was visible to you then go back to
http://www.bleepingcomputer.com/submit-malware.php, browse to C:\Windows\System32\kdiez.exe and submit it. If this doesn't work we will try something else.

Now to get rid of the leftover service from Symantec, press the Windows key + R to bring up the Run box. Copy the following lines in bold text and paste them into the box and hit Enter. Paste in one line at a time.

sc stop CLTNetCnService
sc delete CLTNetCnService


If you have any problems try again in Safe Mode.

Reboot then post a new HijackThis log.

I'm assuming the "white screen of aggravation" ! is still gone? To make sure we know what was causing it, when you get some time, try reinstalling Magnetic and see if it comes back. If so you can always uninstall again and then get with the Incredimail people to troubleshoot how to fix that.

I don't use SpySweeper but have heard reports that it is difficult to uninstall. Have you purchased it or is it a trial?

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#15 thumperzluv

thumperzluv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:NE Lower Michigan
  • Local time:04:44 AM

Posted 23 July 2007 - 10:19 AM

Papakid, I did what you suggested and here is the newest log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:16 PM, on 7/18/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dillobits Software\4UOnly\4UOnly.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.wildblue.com/wpad.det
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8491 bytes

kdiez.exe is not in the system32 folder.
Yes, the 'white screen' has not returned since I uninstalled
Magentic, so I will reinstall it, probably tomorrow, and see what happens.
I have paid for Spysweeper for years without problems before this one, but that was using XP Sp2.

Thanks again.......
Posted Image
LIFE MAY NOT BE THE PARTY WE EXPECTED, BUT WHILE WE ARE HERE, WE MAY AS WELL DANCE!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users