Spyblaster 3.1 failed to reinstall

Discussion in 'adware, spyware & hijack cleaning' started by Foo KY, Jun 13, 2004.

Thread Status:
Not open for further replies.
  1. Foo KY

    Foo KY Registered Member

    Jun 13, 2004
    Spyblaster 3.1 failed to reinstall.(HJTlog posted)

    The problem I have with Spyblaster is the current hot topic in the forum and I hope I can add some light to the cause. Like everybody, I had this problem will Spyblaster failed to boot after being hit by CWS.
    I have been running SB 3.1 without problem for 3 months until I got attacked by a malacious ware.

    I ran SpyBot and it detected CWS and removed. I down loaded the freeware XofSpy and it popup CWS in other parts of the registry as well as about:blank, not detected by Spybot previously. I used regedit.exe to removed CSW and about:blank.

    WinPatrol detected a malicious IE helper called "iamcgn.dll" in C:\Windows\System32. I could not delete this file because I am not authorised.

    I then found x-Cleaner by X-Block which offer a shredder and I drop iamcgn.dll into it. It popup an error during delete. The original file name to just x. I drop it once more into the shredder and it finally removed the file.

    None of the above solve the problem encounter with reinstalling SB even after a cold boot of XP.

    I surf those area of the web which I suspect I caught the bug. The second time round, Spybot detected CWS but not xofSpy. This seems strange a bit strange.

    I attached the hijackthis.log after running Spybot for your perusal. I hope to hear from you soon.

    Regards Foo KY

    Logfile of HijackThis v1.97.7
    Scan saved at 12:44:30 AM, on 6/14/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Acer\Powerkey\Powerkey.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Documents and Settings\All Users\Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mypoisk.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\default\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\default\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program Files\Acer\Powerkey\Powerkey.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: Win32 Classes -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38112.1827546296
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{270E6979-3F3F-4C0F-8F87-03CD1F2E1518}: NameServer =,
    O17 - HKLM\System\CS1\Services\Tcpip\..\{270E6979-3F3F-4C0F-8F87-03CD1F2E1518}: NameServer =,
    O17 - HKLM\System\CS2\Services\Tcpip\..\{270E6979-3F3F-4C0F-8F87-03CD1F2E1518}: NameServer =,
    Last edited by a moderator: Jun 13, 2004
  2. Taz71498

    Taz71498 Registered Member

    May 27, 2004
    Hello Foo KY,

    First thing I want you to do is update Windows and IE. Go to Windows Update on your computer and update all critical files.

    Next, Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.


    Next, Download this file from

    The file when downloaded will be dllfix.exe
    Double-Click or Open the self-extracting file. It will ask for installation and change location. Please Keep it on the Desktop.

    Navigate to the folder with the contents of the file. You will see there are two more folders inside and two BAT files.

    Run start.bat

    Run the Option 1. for report.
    Once the search is complete a ".txt" file should pop up with the name "Output.txt". Keep it and post it here along with a new Hijackthis log.
Thread Status:
Not open for further replies.