SB3.0 won't run

Discussion in 'SpywareBlaster & Other Forum' started by Heirloom, Mar 30, 2004.

Thread Status:
Not open for further replies.
  1. Heirloom

    Heirloom Guest

    Installed SB 3.0, both overwrite on 2.6.1 and clean install and getting GPF's when launching. I can access the help file, no prob, just the .exe fails.
    I have the MSCOMCTL and the msvbvm60.dll files. 2.6.1 reinstalls with no probs.
    Details of the GPF are:
    SPYWAREBLASTER caused a general protection fault
    in module <unknown> at dce2:0000058f.
    Registers:
    EAX=bff66821 CS=0197 EIP=0000058f EFLGS=00010246
    EBX=bff66821 SS=019f ESP=008000f0 EBP=00800110
    ECX=00800194 DS=019f ESI=819d1b04 FS=52e7
    EDX=bff6682d ES=019f EDI=00800288 GS=0000
    Bytes at CS:EIP:
    ea 39 e7 00 f0 59 f8 00 f0 0d 9b 00 f0 d2 ef 00
    Stack dump:
    bff66821 00800288 bff66821 008001bc 00800194 00800574 bff6682d bff66821
    008001a4 bff7845a 00800288 bff66821 008001bc 00800194 0000058f 008002fc

    Don't know where to go from here..............
     
  2. TomV

    TomV Guest

    I'm having similar problems. I'm finding this release very buggy on a WinMe box. I cleared the protection, uninstalled the previous version, rebooted, installed the vbrun files that you recommend on your site, rebooted, and then installed 3.0.

    The GUI won't come up. It seems there is a conflict with the AV program's real-time monitor. I'm currently using Avast Home Edition. If I shut down the AV scanners, I can get the GUI to open and activate the protection. However, after doing so, I get a runtime error if I attempt to open a different screen within SpywareBlaster. o_O
     
  3. TomV

    TomV Guest

    Here's a quick update. The conflict is definitely with the real-time AV scanners. As long as I stop the scanners, I can use SpywareBlaster. If I try to run it with the scanners active, I ultimately blue screen. :doubt:
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Tom,

    Correct me if I'm wrong: it sounds like you are running more then one AV softwares resident at the same time? If so, this is bound to cause all sorts of conflicts.

    regards.

    paul
     
  5. TomV

    TomV Guest

    Paul,

    I'm running only one AV program (Avast Home Edition). The scanners that I'm referring to are the real-time monitors that are a part of Avast. Avast refers to this as the "On-Access Scanner." There are five "providers" (Avast's terminology) that are available for use. I use two of the providers: Standard Shield and Internet Mail.

    As long as I stop the providers, I can run SpywareBlaster without any problem on a WinMe machine. If the scanners are running, the GUI won't even come up for SpywareBlaster.

    I hope this information helps. It sounds like a number of people running Windows 9x are having some problems, and this is definitely a valuable program to have available.
     
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Is it possible for you to add spywareblaster.exe to an exclude list in Avast?

    I'd like to see if that fixes the problem too. :)

    Thanks!

    Best regards,

    -Javacool
     
  7. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Problem must lay elsewhere. I am running WinXP, Avast Home Edition and SB3.0 and all are functioning just fine without any interference. I have ZoneAlarm Pro - not a problem .. so far!! Just my two cents worth. :p
     
  8. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I think the problem may lie with Avast on Windows 98 or ME (2000 or XP system don't appear to have the problem at all).

    In any case, it can't hurt for Tom to try excluding that file - especially since completely disabling his AV protection allowed it to run successfully. :)

    Best regards,

    -Javacool
     
  9. TomV

    TomV Guest

    I added this to the exclude list, but unfortunately, it didn't work. I also tried disabling the scanning of all executed programs. Still no joy. As long as the Standard Sheild provider (real-time monitor) is running, SpywareBlaster won't open. This provider has to be completely stopped for the SpywareBlaster GUI to open.
     
  10. Heirloom

    Heirloom Guest

    In addition to my previous post, I have successfully installed SB in the Safe Mode and been able to open the GUI without problem. However, as soon as I reboot to normal mode, launching SB causes a GPF, as stated earlier. I dl'd all the mentioned files, tried running SB with all the AV, and protection programs disabled (with a reboot)
    and still come the GPF's.

    I haven't got a clue.......all I know is the *&^^% thing don't work.

    I hate it when stuff don't work! grrrrrrrrrrrrrrrrrrr.

    Heirloom, old and need someone smarter than me
     
  11. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    I'm running 98SE with avast Home Edition, 4.1.357 (just the Standard Shield) & I didn't have any problems installing SB 3.0 over SB 2.6.1. I left avast running the entire time.

    I don't know if it would help but are you running the current version of avast? Version 4.1.357
     
  12. TomV

    TomV Guest

    Yes, I'm using the latest version. Thanks.
     
  13. Valete3

    Valete3 Guest

    Re:Spyware Blaster Startup Problem

    like others, i use avast and win98se and have found spywareblaster3 doesnt run when avast standard shield is running. i went as far as adding the entire hard drive to the ignore list and disabled scanning of everything but i left the service itself running. after doing all that, spywareblaster3 still wouldnt start the gui.
     
  14. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    Re:Spyware Blaster Startup Problem

    The problem isn't just with Avast.

    I don't have Avast, but I do have Nod32 as primary AV with AVG free as on demand scanner. Just to let those who are attempting a fix know that whatever this problem is, it isn't just Avast. Also, I cannot get the Spyware Blaster gui to run even if disabling all AV.

    WinME - no luck at all with SB v.3.

    gj
     
  15. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Hi guys, we'll test this in our labs (that is, avast labs) and see what's going on -- i.e. how's avast interfering with loading of SB.

    Thanks for the tip.
    Vlk
     
  16. TomV

    TomV Guest

    Vlk

    Sounds good. I look forward to hearing back from Avast on this.

    Tom
     
  17. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Hmm, we've tested it and it seems to be working fine in our test lab. We tried Windows 98, Windows 98SE and Windows ME.

    I'd be interested in other apps that are loaded on your machine.
    Could you post e.g. a Hijack log? (HijackThis can be found here)

    Thanks
     
  18. TomV

    TomV Guest

    Here it is:

    StartupList report, 3/31/2004, 11:03:46 AM
    StartupList version: 1.52
    Started from : C:\DOWNLOADS\HIJACKTHIS.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\DOWNLOADS\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    Microsoft IntelliType Pro = "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    Hidserv = Hidserv.exe run
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    Logitech Utility = Logi_MwX.Exe
    ashMaiSv = D:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    Zone Labs Client = D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    devldr16.exe = C:\WINDOWS\SYSTEM\devldr16.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    avast! = D:\Program Files\Alwil Software\Avast4\ashServ.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    H/PC Connection Agent = "D:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 30/3/2004, 11:19:56)

    [rename]
    NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/mil/en/actsetup.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

    [oucv3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\OUV3IS.DLL
    CODEBASE = http://officeupdate.microsoft.com/v3content/ouv3is.cab

    [iPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
    CODEBASE = http://www.ipix.com/viewers/ipixx.cab

    [WUCorpSuppControl Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUCORPCT.DLL
    CODEBASE = http://corporate.windowsupdate.microsoft.com/en/wucorpct.CAB

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [MetaStreamCtl Class]
    InProcServer32 = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\AXMETASTREAM.DLL
    CODEBASE = https://components.viewpoint.com/MTSInstallers/MetaStream3.cab

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]

    [Cult3D ActiveX Player]
    InProcServer32 = C:\WINDOWS\SYSTEM\CULT3D\IECULT.DLL
    CODEBASE = http://www.cult3d.com/download/cult.cab

    [{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]

    [DASWebDownload Class]
    InProcServer32 = C:\WINDOWS\DASACT.DLL
    CODEBASE = http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37866.5584606482

    [DmiReader Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSPRO~1.DLL
    CODEBASE = http://ftp.us.dell.com/fixes/PROFILER.CAB

    [ActiveDataObj Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
    CODEBASE = http://www.symantec.com/techsupp/activedata/ActiveData.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
    CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\OPUC.DLL
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
    UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
    AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

    --------------------------------------------------
    End of report, 7,813 bytes
    Report generated in 0.061 seconds
     
  19. Heirloom

    Heirloom Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    34
    Javacool and anyone interested,
    I am getting GPF's when attempting to open SB3.0 (see other posts). Here is a list of the running processes on my Me machine:
    ------------------------------------------------------------------
    Process   PID   CPU   Description   Company Name   Path   Version
    Idle   0x0   52   System Idle Process         
    STMGR.EXE   0xFFFD0479       Microsoft (R) PC State Manager   Microsoft Corporation   C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE   4.90.0000.2533
    DDHELP.EXE   0xFFF72401      Microsoft DirectX Helper   Microsoft Corporation   C:\WINDOWS\SYSTEM\DDHELP.EXE   4.08.0001.0881
    STIMON.EXE   0xFFCEC991      Still Image Devices Monitor   Microsoft Corporation   C:\WINDOWS\SYSTEM\STIMON.EXE   4.90.3000.0000
    KERNEL32.DLL   0xFFCEB571      Win32 Kernel core component   Microsoft Corporation   C:\WINDOWS\SYSTEM\KERNEL32.DLL   4.90.0000.3000
    MSGSRV32.EXE   0xFFFF7C71      Windows 32-bit VxD Message Server   Microsoft Corporation   C:\WINDOWS\SYSTEM\MSGSRV32.EXE   4.90.0000.3000
    MPREXE.EXE   0xFFFFE601      WIN32 Network Interface Service Process   Microsoft Corporation   C:\WINDOWS\SYSTEM\MPREXE.EXE   4.90.0000.3000
    CCEVTMGR.EXE   0xFFFFAFBD      Event Manager Service   Symantec Corporation   C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE   1.00.0003.0004
    DKSERVICE.EXE   0xFFFC78D9      DKSERVICE.EXE   Executive Software International, Inc.   C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE   8.00.0459.0000
    RPCSS.EXE   0xFFFD6991      Distributed COM Services   Microsoft Corporation   C:\WINDOWS\SYSTEM\RPCSS.EXE   4.71.3328.0000
    VSMON.EXE   0xFFFC0791   6   TrueVector Service   Zone Labs Inc.   C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE   4.05.0538.0001
    mmtask.tsk   0xFFFFDC4D      Multimedia background task support module   Microsoft Corporation   C:\WINDOWS\SYSTEM\mmtask.tsk   4.90.0000.3000
    EXPLORER.EXE   0xFFFF9BFD       Windows Explorer   Microsoft Corporation   C:\WINDOWS\EXPLORER.EXE   5.50.4134.0100
    PSTORES.EXE   0xFFF74A31      Protected storage server   Microsoft Corporation   C:\WINDOWS\SYSTEM\PSTORES.EXE   5.00.2133.0002
    IEXPLORE.EXE   0xFFF72535   15   Internet Explorer   Microsoft Corporation   C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE   6.00.2800.1106
    MSIMN.EXE   0xFFF19A31       Outlook Express   Microsoft Corporation   C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE   6.00.2800.1123
    PPCONTROL.EXE   0xFFF3DC59            C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE   
    ATIPTAXX.EXE   0xFFF3A9A9      ATI Desktop Control Panel   ATI Technologies, Inc.   C:\WINDOWS\SYSTEM\ATIPTAXX.EXE   6.13.0001.2517
    PPMEMCHECK.EXE   0xFFF35089   1         C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE   
    CCAPP.EXE   0xFFF34D4D      Common Client CC App   Symantec Corporation   C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE   1.00.0010.0006
    TASKMON.EXE   0xFFF34AA9      Task Monitor   Microsoft Corporation   C:\WINDOWS\TASKMON.EXE   4.90.0000.3000
    GWHOTKEY.EXE   0xFFF2B1F5      Multi-function Keyboard Utility By Bill Pytlovany   Tartan Software www.BillP.com   C:\WINDOWS\GWHOTKEY.EXE   4.02.0001.0000
    SYSTRAY.EXE   0xFFF2814D      System Tray Applet   Microsoft Corporation   C:\WINDOWS\SYSTEM\SYSTRAY.EXE   4.90.0000.3000
    WMIEXE.EXE   0xFFF377DD      WMI service exe housing   Microsoft Corporation   C:\WINDOWS\SYSTEM\WMIEXE.EXE   4.90.2452.0000
    WWDISP.EXE   0xFFF0A331       Window Washer hard disk cleaning utility   Webroot Software   C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE   5.00.0000.0009
    ZLCLIENT.EXE   0xFFF069A5   5   Zone Labs Client   Zone Labs Inc.   C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE   4.05.0538.0001
    RunDLL.exe   0xFFF05971      Run a DLL as an App   Microsoft Corporation   C:\WINDOWS\RunDLL.exe   4.90.0000.3000
    ------------------------------------------------------------------
    After closing a number of the processes, Pest Patrol, Window Washer, NAV, ZoneAlarmPro4, etc., the GPF's still happen. Note from previous post, I did install SB3.0 in the Safe Mode and was able to open the GUI, however, upon returning to Normal Mode, the GPF's returned, as well.

    I hope the info above is of help.......I really liked 2.6.1 and hate being without it. Thank you all for your unselfish effort......it is appreciated.
     
  20. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    I am running WinME and have had no success in getting SpywareBlaster 3 to run at all.

    Maybe this will help those looking for commonalities among those who can't get V. 3 to work.

    gj

    ====================


    StartupList report, 3/31/2004, 2:27:22 PM
    StartupList version: 1.52
    Started from : D:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\ESET\NOD32KRN.EXE
    C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\SYSTEM\USBMMKBD.EXE
    C:\PROGRAM FILES\ESET\NOD32KUI.EXE
    C:\PROGRAM FILES\TROJANHUNTER 3.8\THGUARD.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    BHO Cop.lnk = D:\Program Files\BHOCop\BHOCop.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    hpsysdrv = c:\windows\system\hpsysdrv.exe
    Hidserv = Hidserv.exe run
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    USBMMKBD = usbmmkbd.exe
    nod32kui = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    Outpost Firewall = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /waitservice
    THGuard = "C:\PROGRAM FILES\TROJANHUNTER 3.8\THGUARD.EXE"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
    Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    NOD32kernel = "C:\Program Files\Eset\nod32krn.exe"
    Outpost Firewall = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /service

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 31/3/2004, 10:18:54)

    [rename]
    NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;"C:\Program Files\Executive Software\DiskeeperLite\"
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}
    Guard-IE - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL - {D2F719F3-106A-402B-9996-3A5B12ACA564}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-ScanDisk.job
    {D34F18B0-576E-11D0-B28C-00C04FD7CD22}_hp.job
    Maintenance-Defragment programs.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
    CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    [Hotmail Attachments Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
    CODEBASE = http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx

    [WoLoSoftSuperEdi]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
    CODEBASE = http://www.wolosoft.com/files/sedi200.zip

    [WoLoSoftJuke]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
    CODEBASE = http://www.wolosoft.com/files/juke356.zip

    [WoLoSoftRaduga]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
    CODEBASE = http://www.wolosoft.com/files/raduga31.zip

    [SDKInstall Class]
    InProcServer32 = C:\WINDOWS\SDKINST.DLL
    CODEBASE = http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [YahooYMailTo Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL
    CODEBASE = http://download.yahoo.com/dl/mail/ymmapi.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37867.6895138889

    [XCleanerOnline Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XCL_ON~1.OCX
    CODEBASE = http://www.xblock.com/download/xcl_online_freeware.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [XCavatorCtl Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\XCAVATOR.DLL
    CODEBASE = http://img.cmpnet.com/byte/columns/frantz/1999/06/XCavator.dll

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [IMDownloader Class]
    CODEBASE = http://www2.incredimail.com/contents/setup/downloader/imloader.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
     
  21. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Thanks a lot for giving it a try. I've been unable to reproduce the problem here either. :doubt:

    I'm still looking into this - and trying everything I can think of. :cool:

    Best regards,

    -Javacool
     
  22. Jarron

    Jarron Guest

    Hi Vlk (whoever you are :D).

    After installing SB3.0 program attempts to open but never shows UI. CPU usage remains at 100% until I uninstall or reboot. SpywareBlaster is shown under running apps. Once it was shown 4 times after I had tried numerous un/reinstalls. Presently I don't have it installed.

    I'm not too technical so I hope this helps.

    StartupList report, 3/31/04, 1:30:20 PM
    StartupList version: 1.52
    Started from : C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222B)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
    C:\SBPCI\CTMIX32.EXE
    C:\WINDOWS\DESKTOP\FREERAM XP PRO 1.40.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MAILWASHER PRO\MAILWASHER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
    SystemTray = SysTray.Exe
    TaskMonitor = C:\WINDOWS\taskmon.exe
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
    Propel Accelerator = C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
    SmcService = C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    CreativeMixer = C:\SBPCI\ctmix32.exe /T

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    avast! = C:\Program Files\Alwil Software\Avast4\ashserv.exe
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
    SmcService = C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    1A:Stardock TrayMonitor =

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    FreeRAM XP = "C:\WINDOWS\DESKTOP\FREERAM XP PRO 1.40.EXE" -win

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [AppletsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

    [FontsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

    [{5A8D6EE0-3E18-11D0-821E-444553540000}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

    [PerUser_ICW_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{89820200-ECBD-11cf-8B85-00AA005B4395}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
    StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

    [PerUser_Msinfo] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

    [PerUser_Msinfo2] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

    [MotownMmsysPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

    [MotownAvivideoPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

    [MotownMPlayPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf

    [PerUser_Base] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

    [ShellPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

    [Shell2PerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

    [PerUser_winbase_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

    [PerUser_winapps_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [TapiPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

    [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

    [PerUserOldLinks] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

    [MmoptRegisterPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

    [OlsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsMsnPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

    [PerUser_Paint_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

    [PerUser_Calc_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

    [PerUser_dxxspace_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

    [PerUser_CVT_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

    [MotownRecPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

    [PerUser_Vol] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

    [PerUser_MSWordPad_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

    [PerUser_RNA_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

    [PerUser_DCC_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf

    [PerUser_Dialer_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_CDPlayer_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [OlsAolPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsAttPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsCompuservePerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsProdigyPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

    [Theme_Windows_PerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf

    [Theme_MoreWindows_PerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

    [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser

    [PerUser_MSBackup_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    [PerUser_Wingames_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [IrXferPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection IrXferPerUser 64 C:\WINDOWS\INF\irxfer.inf

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=hpfsched

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:

    *File not found*

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 29/3/2004, 23:45:14)

    [rename]
    NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET BLASTER=A220 I7 D1 H7 P330 T6
    SET SBPCI=C:\SBPCI
    rem TShoot: C:\PROGRA~1\RUPSWIN\RUPS.EXE
    rem TShoot: SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
    SET PATH=%PATH%;C:\WINDOWS\Twain_32\SwUSB
    REM ****** TRIDENT MICROSYSTEMS, INC. PCI AUDIO DOS UTILS *******
    rem TShoot: SET PATH=%PATH%;C:\WINDOWS\Twain_32\SwUSB

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    DEVICE=C:\WINDOWS\HIMEM.SYS
    DEVICE=C:\WINDOWS\EMM386.EXE

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    *File not found*

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
    REM ****** TRIDENT MICROSYSTEMS, INC. PCI AUDIO DOS UTILS *******
    C:\WINDOWS\SYSTEM\WAVEINIT.EXE /M
    C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
    C:\SBPCI\SBINIT

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRAM FILES\PROPEL ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL - {656EC4B7-072B-4698-B504-2A414C1F0037}
    (no name) - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    Windows Critical Update Notification.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [DirectAnimation Java Classes]
    OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    [Internet Explorer Classes for Java]
    OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

    [SurveyCtl35 Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SURVEYCONTROL35.DLL
    CODEBASE = http://activex.microsoft.com/controls/mtswizards/sw35.cab

    [Dialpad Java Applet]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SURVEYCONTROL35.DLL
    CODEBASE = http://www.dialpad.com/applet/src/vscp.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Dialpad.osd

    [Broderbund PrintEverything Plugin Support]
    InProcServer32 = C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\BRODERBUND\PRINTEVERY.DLL
    CODEBASE = http://www.expressit.com/plugin/PEPlug.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [InstallShield International Setup Player]
    InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUPML.DLL
    CODEBASE = http://ftp.hp.com/pub/automatic/player/isetupML.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1044/V31Controls/x86/w98/en/actsetup.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37871.0232986111

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\OPUC.DLL
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [InstallShield International Setup Player]
    InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUP.DLL
    CODEBASE = https://www.broderbund.com/IFW/Cabs/isetup.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
    Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
    Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll
    Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

    --------------------------------------------------

    Enumerating Win9x VxD services:

    VNETSUP: vnetsup.vxd
    NDIS: ndis.vxd,ndis2sup.vxd
    JAVASUP: JAVASUP.VXD
    CONFIGMG: *CONFIGMG
    NTKern: *NTKERN
    VWIN32: *VWIN32
    VFBACKUP: *VFBACKUP
    VCOMM: *VCOMM
    COMBUFF: *COMBUFF
    IFSMGR: *IFSMGR
    IOS: *IOS
    MTRR: *mtrr
    SPOOLER: *SPOOLER
    UDF: *UDF
    VFAT: *VFAT
    VCACHE: *VCACHE
    VCOND: *VCOND
    VCDFSD: *VCDFSD
    VXDLDR: *VXDLDR
    VDEF: *VDEF
    VPICD: *VPICD
    VTD: *VTD
    REBOOT: *REBOOT
    VDMAD: *VDMAD
    VSD: *VSD
    V86MMGR: *V86MMGR
    PAGESWAP: *PAGESWAP
    DOSMGR: *DOSMGR
    VMPOLL: *VMPOLL
    SHELL: *SHELL
    PARITY: *PARITY
    BIOSXLAT: *BIOSXLAT
    VMCPD: *VMCPD
    VTDAPI: *VTDAPI
    PERF: *PERF
    VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386
    VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd
    VNETBIOS: vnetbios.vxd
    VREDIR: vredir.vxd
    DFS: dfs.vxd
    LMOUSE: LMOUSE.VXD
    Teefer: C:\WINDOWS\SYSTEM\Teefer.vxd

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 23,431 bytes
    Report generated in 0.403 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  23. TomV

    TomV Guest

    Vlk,

    FWIW, I uninstalled Avast, and then installed another AV program (eTrust EZ Antvirus). Even with the EZ-AV real-time moniter enabled, SpywareBlaster ran as expected, and there were no problems. I reinstalled Avast, and with the Standard Shield running, the SB GUI will not open. It's only the Standard Shield provider that seems to cause the conflict, at least on this machine.

    HTH,
    Tom
     
  24. jarron

    jarron Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    1
    Tom, you're right.

    I didn't uninstall avast, I just disabled on-access protection and was able to install SB 3.0. I re-enabled avast after I updated, set protection and exited SB.

    I assume I'm protected by both avast and SB now. I'm not sure how to verify the SB protection. Can anyone verify that disabling avast standard shield just long enough to get SB updates is a good work around?

    (Windows 98SE)
     
  25. DaVinci

    DaVinci Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    jarron,

    Stopping the Standard Shield is the approach I'm taking in regard to obtaining updates and enabling SB protection. When you have all protection enabled, SB indicates "0 items have protection disabled..." This should be your verification that you are protected.

    Tom
     
Thread Status:
Not open for further replies.