Spyblaster 3.1 failed to reinstall

Spyblaster 3.1 failed to reinstall.(HJTlog posted)

The problem I have with Spyblaster is the current hot topic in the forum and I hope I can add some light to the cause. Like everybody, I had this problem will Spyblaster failed to boot after being hit by CWS.
I have been running SB 3.1 without problem for 3 months until I got attacked by a malacious ware.

I ran SpyBot and it detected CWS and removed. I down loaded the freeware XofSpy and it popup CWS in other parts of the registry as well as about:blank, not detected by Spybot previously. I used regedit.exe to removed CSW and about:blank.

WinPatrol detected a malicious IE helper called "iamcgn.dll" in C:\Windows\System32. I could not delete this file because I am not authorised.

I then found x-Cleaner by X-Block which offer a shredder and I drop iamcgn.dll into it. It popup an error during delete. The original file name to just x. I drop it once more into the shredder and it finally removed the file.

None of the above solve the problem encounter with reinstalling SB even after a cold boot of XP.

I surf those area of the web which I suspect I caught the bug. The second time round, Spybot detected CWS but not xofSpy. This seems strange a bit strange.

I attached the hijackthis.log after running Spybot for your perusal. I hope to hear from you soon.

Regards Foo KY

Logfile of HijackThis v1.97.7
Scan saved at 12:44:30 AM, on 6/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Powerkey\Powerkey.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Documents and Settings\All Users\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\default\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\default\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program Files\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38112.1827546296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{270E6979-3F3F-4C0F-8F87-03CD1F2E1518}: NameServer = 165.21.83.88,165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{270E6979-3F3F-4C0F-8F87-03CD1F2E1518}: NameServer = 165.21.83.88,165.21.100.88
O17 - HKLM\System\CS2\Services\Tcpip\..\{270E6979-3F3F-4C0F-8F87-03CD1F2E1518}: NameServer = 165.21.83.88,165.21.100.88

 

Hello Foo KY,

First thing I want you to do is update Windows and IE. Go to Windows Update on your computer and update all critical files.

Next, Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.

Reboot.

Next, Download this file from
http://downloads.subratam.org/dllfix.exe

The file when downloaded will be dllfix.exe
Double-Click or Open the self-extracting file. It will ask for installation and change location. Please Keep it on the Desktop.

Navigate to the folder with the contents of the file. You will see there are two more folders inside and two BAT files.

Run start.bat

Run the Option 1. for report.
Once the search is complete a ".txt" file should pop up with the name "Output.txt". Keep it and post it here along with a new Hijackthis log.