ericstrojan

Discussion in 'adware, spyware & hijack cleaning' started by ericstrojan, Apr 27, 2004.

Thread Status:
Not open for further replies.
  1. ericstrojan

    ericstrojan Registered Member

    Joined:
    Apr 27, 2004
    Posts:
    6
    i have a problem with installing spyware blaster. i had none with the old version. i have read your info to others on solving with the three steps... i have followed your instructions with ad-adaware and spybot s&d and still am unable to use spywareblaster... same error message bad sector etc... i ran the hijack this and here is my log... please help on what to eliminate or do now... thanks eric... i truly appreciate your time..!!! :cool:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:09:45 PM, on 04/27/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\gearsec.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
    C:\PCMASTER\DRV32\POSSVMON.EXE
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Office\Office\MSACCESS.EXE
    C:\WINNT\msagent\AgentSvr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\My Documents\PERSONAL\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
    O2 - BHO: (no name) - {339F3E79-A4FA-4C0B-9E65-5EEBFC5607D8} - C:\WINNT\System32\oandkd.dll (file missing)
    O2 - BHO: (no name) - {52830C93-689F-4550-9C12-1B94FF1BC532} - C:\WINNT\System32\okhi.dll (file missing)
    O2 - BHO: (no name) - {714FEE71-F798-448D-AAA1-3483B4BFDF33} - C:\WINNT\System32\hfehb.dll (file missing)
    O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINNT\wiesasp2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [AHOVDKR] C:\WINNT\AHOVDKR.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - Global Startup: PCM.lnk = C:\WINNT\System32\cmd.exe
    O4 - Global Startup: POS Service Monitoring.lnk = C:\PCMASTER\DRV32\POSSVMON.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
     
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
    O2 - BHO: (no name) - {339F3E79-A4FA-4C0B-9E65-5EEBFC5607D8} - C:\WINNT\System32\oandkd.dll (file missing)
    O2 - BHO: (no name) - {52830C93-689F-4550-9C12-1B94FF1BC532} - C:\WINNT\System32\okhi.dll (file missing)
    O2 - BHO: (no name) - {714FEE71-F798-448D-AAA1-3483B4BFDF33} - C:\WINNT\System32\hfehb.dll (file missing)
    O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINNT\wiesasp2.dll

    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - HKLM\..\Run: [AHOVDKR] C:\WINNT\AHOVDKR.exe
    O4 - Global Startup: PCM.lnk = C:\WINNT\System32\cmd.exe

    Reboot, and delete

    files
    winmain.exe
    C:\WINNT\AHOVDKR.exe


    These may be hidden files. See HERE for how to show hidden files.
     
  3. ericstrojan

    ericstrojan Registered Member

    Joined:
    Apr 27, 2004
    Posts:
    6
    i hope i did this reply right? i have posted once before. i have a problem loading the new spyware blaster, with error message bad sector ect. i have done your three step, with ad aware and spy bot, also have deleted the file you mentioned in the last post was unable to find the file winmain.exe, and ahovdkr.exe... i followed the hidden file instructions. not coming up...i am also having a problem with a web page or fake web page called about:blank... i will post my hijack log again... any more suggestions? i appreciate your help... i know other folks are experiencing simular problems.. i wonder if the about:blank and the spyware loading problem is connected? you guys are great.... keep up the good work ...eric.. :cool:

    Logfile of HijackThis v1.97.7
    Scan saved at 1:15:57 PM, on 04/29/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\gearsec.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\WINNT\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PCMASTER\DRV32\POSSVMON.EXE
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\My Documents\PERSONAL\HijackThis.exe

    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - Global Startup: POS Service Monitoring.lnk = C:\PCMASTER\DRV32\POSSVMON.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
Thread Status:
Not open for further replies.