Spywareblaster installation trouble

Discussion in 'SpywareBlaster & Other Forum' started by sbudke, May 31, 2004.

Thread Status:
Not open for further replies.
  1. sbudke

    sbudke Registered Member

    Joined:
    May 31, 2004
    Posts:
    10
    Hi, I'd really like to get spyware blaster up and running and completely clean up my computer. I've taken multiple steps. I'm concerned that everytime I run spybot search and destroy some of the same things keep coming back, even if I run it back to back with no activity in between. Is it eliminating them like it says, and then they are coming back?

    I have IE-spyad, webroot spysweeper, adaware, spybot search and destroy, pop up stoppers on my computer.

    I've done everything, read different threads and still can't get spywareblaster to work -when i install spywareblaster and try to run it i get this error "The program has been damaged, possibly by a bad sector of the hard drive or a virus. please reinstall it"

    What should I do to get it to work. Here is a copy of of my hijackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:48:18 PM, on 5/31/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\System32\hrjjfp.exe
    C:\PROGRA~1\SIMPLE~2\PHOTOS~1\data\xtras\mssysmgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\dellscrrc.exe
    C:\Documents and Settings\Steven Budke\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dwtovyd] C:\WINDOWS\dwtovyd.exe
    O4 - HKLM\..\Run: [tbufwfaqfksy] C:\WINDOWS\System32\hrjjfp.exe
    O4 - HKLM\..\Run: [wzirmh] C:\WINDOWS\wzirmh.exe
    O4 - HKLM\..\Run: [itir] C:\WINDOWS\itir.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~2\PHOTOS~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [dellscrrc] C:\WINDOWS\System32\dellscrrc.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.airsoftpacific.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab



    Any and all help is greatly appreciated, I'd really like to get my computer fixed up and protected.

    Thank you,
    Steve
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey sbudke :)

    Extensive thread on that subject here,

    https://www.wilderssecurity.com/showthread.php?t=26534

    As for your HJT log....someone authorized will be along shortly to assist you.
     
  3. sbudke

    sbudke Registered Member

    Joined:
    May 31, 2004
    Posts:
    10
    Thank you for such a fast reply. I look forward to further assistance with my hjt log as you mentioned. As far as the spywareblaster goes, I've read all the threads and spent a lot of time trying to figure out how to get it working and am unsure what to do. I certainly don't want to make things worse. From what I can gather some people have been able to correct the problem which leads to the same error message that I got and eventually install the program. My computer skills are minimal so from what I've read I haven't been able to copy what they've done. Would it be possible for someone to help me out and lead me directly to the solution? I've also gathered that some have given up and are waiting for 3.2- is this where I am stuck at? I'm willing to work with anyone to try and avoid that if possible. Does there happen to be an expected date for when 3.2 will be out?

    Once again I'd really like to thank all of those involved with creating the free software, and all of the help on the forums. What you are doing is greatly appreciated.

    -Steve
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Steve,

    The 3.2 update will be ready by JavaCool as soon as it's humanly possible.

    Having said that....I'll let others assist you with trying other solutions and what I'll offer is some suggestions. Each and every item of the SpywareBlaster program is important and the most important feature IMO is the ActiveX protection, followed closely by the list of sites that are added to the Restricted Zone. Those in my book are the 2 most important items when speaking of layered protection using Internet Explorer. For the time being you can substitute the list of sites that are added to the Restricted Zone by downloading a program called....IE-Spyad. As for the ActiveX protection....I have a file that can be merged into the registry that is the actual SpywareBlaster ActiveX component CLSIDs if you want to consider that. While the other features are important....those 2 are the most important and with them....your protection while using IE increases tremendously by at least having those two items.
     
  5. sbudke

    sbudke Registered Member

    Joined:
    May 31, 2004
    Posts:
    10
    Thank you for your continued help. I'd be very interested in the CLSIDs, and how to merge that into the registry. Just let me know what to do there and I'll give that a try.

    -Steve
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Steve,

    The attached file is strictly the ActiveX CLSID entries that SpywareBlaster adds with the latest 5\18\04 database and has been changed to a .txt extension. If you choose to download....save it to a temp directory of your choice, change the .txt to .reg and then double click the file and it will ask if you want to add it to the registry and you say yes. Hopefully with others help or when the 3.2 version becomes available....that will solve your problem totally.

    Edit: :doubt: Sorry Steve....the file is a few kb over the limit to be permittted to upload. I'll check in the AM and maybe we can hook up via e-mail unless you get it fixed before then
     
  7. sbudke

    sbudke Registered Member

    Joined:
    May 31, 2004
    Posts:
    10
    Bubba,

    Thanks, I'll check in the AM to work on that if I don't get it fixed. Very frequently something tries to change my homepage to about blank, spysweeper catches it, but it is annoying to always have to deal with that pop up to say do not change. Will the solution we are working towards stop this attempted change? If not what will? Thanks again.

    -Steve
     
  8. sbudke

    sbudke Registered Member

    Joined:
    May 31, 2004
    Posts:
    10
    I still haven't gotten anything figured out, any word on the CLSIDs? Also Very frequently something tries to change my homepage to about blank, spysweeper catches it, but it is annoying to always have to deal with that pop up to say do not change. Will the solution we are working towards stop this attempted change? If not what will? Thanks again.

    -Steve
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Steve,

    Sorry I didn't back with you about the CLSID's....it's been busy and no....the CLSID's will not stop what is presently occuring. :(

    Concerning...."something tries to change my homepage to about blank"....is this happening after a scan with Adaware ?

    If not....I looked at your first HighJackThis log and it appears to have a valid Home Page ? Since you are now mentioning about: blank....I'll ask you to visit the below link and after following the instructions....post a new log in that Forum.

    This link---> Please read before posting your log!

    Thanks
     
Loading...
Thread Status:
Not open for further replies.