 |  |  |  |  |  |  |  |
about:blank
 |
Hi all,
I'm struggling with coolwebsearch issue...
For diagnostic, I'm using Xsoftspy 3.41 that show me the following scanning result
CoolWebSearch Registry Key
iSearch Toolbar Registry Key
Winpup32 Registry Key
Winpup32 Registry Key
CWS.Oslogo Registry Key
CWS-mrhop Registry Value
CWS-mrhop Registry Value
I followed the 'jendej' history path (hjt .....cwshredder ...), but Xsoftspy still produce previous diagnostic...
Attached the hjt log; could anyone support me in understanding
a) if I have a problem
b) how can I fix
thanks a lot
hjt log :
Logfile of HijackThis v1.97.7
Scan saved at 12.04.17, on 07/07/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
c:\program files\acnu\acnupdatersvc.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daniweb.com/techtalkforums/sh...6&page=2&pp=15
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;<local>
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30690ED1-1E54-4021-9E61-24BCEBCC9BD5} - C:\WINDOWS\System32\jnlgfmk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSupCmd.exe" -inituser
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe"
O4 - Global Startup: BlackICE Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...175.0872222222
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506}
I'm struggling with coolwebsearch issue...
For diagnostic, I'm using Xsoftspy 3.41 that show me the following scanning result
CoolWebSearch Registry Key
iSearch Toolbar Registry Key
Winpup32 Registry Key
Winpup32 Registry Key
CWS.Oslogo Registry Key
CWS-mrhop Registry Value
CWS-mrhop Registry Value
I followed the 'jendej' history path (hjt .....cwshredder ...), but Xsoftspy still produce previous diagnostic...
Attached the hjt log; could anyone support me in understanding
a) if I have a problem
b) how can I fix
thanks a lot
hjt log :
Logfile of HijackThis v1.97.7
Scan saved at 12.04.17, on 07/07/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
c:\program files\acnu\acnupdatersvc.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daniweb.com/techtalkforums/sh...6&page=2&pp=15
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;<local>
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30690ED1-1E54-4021-9E61-24BCEBCC9BD5} - C:\WINDOWS\System32\jnlgfmk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSupCmd.exe" -inituser
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe"
O4 - Global Startup: BlackICE Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...175.0872222222
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506}
•
•
Join Date: Feb 2004
Posts: 10,107
Reputation: 
Solved Threads: 768
Where are you running hijackthis from? You need to have it somewhere that it can create backups, but not in a temporary folder.
Reboot then rescan with hijackthis & post that log plz.
Reboot then rescan with hijackthis & post that log plz.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Just a blank screen = ( (Monitors, Displays and Video Cards)
- new window in Internet Explorer is always blank (Web Browsers)
- PC going blank randonmly HELP (Windows NT / 2000 / XP)
- HELP!! comp froze and when i restarted it was blank! (Troubleshooting Dead Machines)
- IE 6 start page getting changed to about:blank (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: coolwebsearch virus and related problems
- Next Thread: Spyware Virus - Hijack Log Included
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
