Spywareblaster installation trouble

Hi, I'd really like to get spyware blaster up and running and completely clean up my computer. I've taken multiple steps. I'm concerned that everytime I run spybot search and destroy some of the same things keep coming back, even if I run it back to back with no activity in between. Is it eliminating them like it says, and then they are coming back?

I have IE-spyad, webroot spysweeper, adaware, spybot search and destroy, pop up stoppers on my computer.

I've done everything, read different threads and still can't get spywareblaster to work -when i install spywareblaster and try to run it i get this error "The program has been damaged, possibly by a bad sector of the hard drive or a virus. please reinstall it"

What should I do to get it to work. Here is a copy of of my hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 6:48:18 PM, on 5/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\hrjjfp.exe
C:\PROGRA~1\SIMPLE~2\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dellscrrc.exe
C:\Documents and Settings\Steven Budke\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dwtovyd] C:\WINDOWS\dwtovyd.exe
O4 - HKLM\..\Run: [tbufwfaqfksy] C:\WINDOWS\System32\hrjjfp.exe
O4 - HKLM\..\Run: [wzirmh] C:\WINDOWS\wzirmh.exe
O4 - HKLM\..\Run: [itir] C:\WINDOWS\itir.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~2\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [dellscrrc] C:\WINDOWS\System32\dellscrrc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.airsoftpacific.com/CFIDE/classes/CFJava.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab



Any and all help is greatly appreciated, I'd really like to get my computer fixed up and protected.

Thank you,
Steve

 

Hey sbudke

Extensive thread on that subject here,

https://www.wilderssecurity.com/showthread.php?t=26534

As for your HJT log....someone authorized will be along shortly to assist you.

 

Thank you for such a fast reply. I look forward to further assistance with my hjt log as you mentioned. As far as the spywareblaster goes, I've read all the threads and spent a lot of time trying to figure out how to get it working and am unsure what to do. I certainly don't want to make things worse. From what I can gather some people have been able to correct the problem which leads to the same error message that I got and eventually install the program. My computer skills are minimal so from what I've read I haven't been able to copy what they've done. Would it be possible for someone to help me out and lead me directly to the solution? I've also gathered that some have given up and are waiting for 3.2- is this where I am stuck at? I'm willing to work with anyone to try and avoid that if possible. Does there happen to be an expected date for when 3.2 will be out?

Once again I'd really like to thank all of those involved with creating the free software, and all of the help on the forums. What you are doing is greatly appreciated.

-Steve

 

Hey Steve,

The 3.2 update will be ready by JavaCool as soon as it's humanly possible.

Having said that....I'll let others assist you with trying other solutions and what I'll offer is some suggestions. Each and every item of the SpywareBlaster program is important and the most important feature IMO is the ActiveX protection, followed closely by the list of sites that are added to the Restricted Zone. Those in my book are the 2 most important items when speaking of layered protection using Internet Explorer. For the time being you can substitute the list of sites that are added to the Restricted Zone by downloading a program called....IE-Spyad. As for the ActiveX protection....I have a file that can be merged into the registry that is the actual SpywareBlaster ActiveX component CLSIDs if you want to consider that. While the other features are important....those 2 are the most important and with them....your protection while using IE increases tremendously by at least having those two items.

 

Thank you for your continued help. I'd be very interested in the CLSIDs, and how to merge that into the registry. Just let me know what to do there and I'll give that a try.

-Steve

 

Hey Steve,

The attached file is strictly the ActiveX CLSID entries that SpywareBlaster adds with the latest 5\18\04 database and has been changed to a .txt extension. If you choose to download....save it to a temp directory of your choice, change the .txt to .reg and then double click the file and it will ask if you want to add it to the registry and you say yes. Hopefully with others help or when the 3.2 version becomes available....that will solve your problem totally.

Edit: Sorry Steve....the file is a few kb over the limit to be permittted to upload. I'll check in the AM and maybe we can hook up via e-mail unless you get it fixed before then

 

Bubba,

Thanks, I'll check in the AM to work on that if I don't get it fixed. Very frequently something tries to change my homepage to about blank, spysweeper catches it, but it is annoying to always have to deal with that pop up to say do not change. Will the solution we are working towards stop this attempted change? If not what will? Thanks again.

-Steve

 

I still haven't gotten anything figured out, any word on the CLSIDs? Also Very frequently something tries to change my homepage to about blank, spysweeper catches it, but it is annoying to always have to deal with that pop up to say do not change. Will the solution we are working towards stop this attempted change? If not what will? Thanks again.

-Steve

 

Hey Steve,

Sorry I didn't back with you about the CLSID's....it's been busy and no....the CLSID's will not stop what is presently occuring.

Concerning...."something tries to change my homepage to about blank"....is this happening after a scan with Adaware ?

If not....I looked at your first HighJackThis log and it appears to have a valid Home Page ? Since you are now mentioning about: blank....I'll ask you to visit the below link and after following the instructions....post a new log in that Forum.

This link---> Please read before posting your log!

Thanks