ericstrojan

i have a problem with installing spyware blaster. i had none with the old version. i have read your info to others on solving with the three steps... i have followed your instructions with ad-adaware and spybot s&d and still am unable to use spywareblaster... same error message bad sector etc... i ran the hijack this and here is my log... please help on what to eliminate or do now... thanks eric... i truly appreciate your time..!!!

Logfile of HijackThis v1.97.7
Scan saved at 6:09:45 PM, on 04/27/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\PCMASTER\DRV32\POSSVMON.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\MSACCESS.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\My Documents\PERSONAL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
O2 - BHO: (no name) - {339F3E79-A4FA-4C0B-9E65-5EEBFC5607D8} - C:\WINNT\System32\oandkd.dll (file missing)
O2 - BHO: (no name) - {52830C93-689F-4550-9C12-1B94FF1BC532} - C:\WINNT\System32\okhi.dll (file missing)
O2 - BHO: (no name) - {714FEE71-F798-448D-AAA1-3483B4BFDF33} - C:\WINNT\System32\hfehb.dll (file missing)
O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINNT\wiesasp2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AHOVDKR] C:\WINNT\AHOVDKR.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: PCM.lnk = C:\WINNT\System32\cmd.exe
O4 - Global Startup: POS Service Monitoring.lnk = C:\PCMASTER\DRV32\POSSVMON.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
O2 - BHO: (no name) - {339F3E79-A4FA-4C0B-9E65-5EEBFC5607D8} - C:\WINNT\System32\oandkd.dll (file missing)
O2 - BHO: (no name) - {52830C93-689F-4550-9C12-1B94FF1BC532} - C:\WINNT\System32\okhi.dll (file missing)
O2 - BHO: (no name) - {714FEE71-F798-448D-AAA1-3483B4BFDF33} - C:\WINNT\System32\hfehb.dll (file missing)
O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINNT\wiesasp2.dll

O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [AHOVDKR] C:\WINNT\AHOVDKR.exe
O4 - Global Startup: PCM.lnk = C:\WINNT\System32\cmd.exe

Reboot, and delete

files
winmain.exe
C:\WINNT\AHOVDKR.exe


These may be hidden files. See HERE for how to show hidden files.

 

i hope i did this reply right? i have posted once before. i have a problem loading the new spyware blaster, with error message bad sector ect. i have done your three step, with ad aware and spy bot, also have deleted the file you mentioned in the last post was unable to find the file winmain.exe, and ahovdkr.exe... i followed the hidden file instructions. not coming up...i am also having a problem with a web page or fake web page called about:blank... i will post my hijack log again... any more suggestions? i appreciate your help... i know other folks are experiencing simular problems.. i wonder if the about:blank and the spyware loading problem is connected? you guys are great.... keep up the good work ...eric..

Logfile of HijackThis v1.97.7
Scan saved at 1:15:57 PM, on 04/29/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PCMASTER\DRV32\POSSVMON.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\My Documents\PERSONAL\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: POS Service Monitoring.lnk = C:\PCMASTER\DRV32\POSSVMON.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2918D0A2-2D74-47EA-B018-BC51DD62D2D0}: NameServer = 12.15.46.2,12.15.46.3

 

Hi ericstrojan,

Javacool is looking into the damage that CWS does that causes his program to fail and install.

Keep an eye on this forum for any news: https://www.wilderssecurity.com/forumdisplay.php?f=23

Regards,

Pieter