about:blank

Expand Post »

Hi all,

I'm struggling with coolwebsearch issue...

For diagnostic, I'm using Xsoftspy 3.41 that show me the following scanning result
CoolWebSearch Registry Key
iSearch Toolbar Registry Key
Winpup32 Registry Key
Winpup32 Registry Key
CWS.Oslogo Registry Key
CWS-mrhop Registry Value
CWS-mrhop Registry Value

I followed the 'jendej' history path (hjt .....cwshredder ...), but Xsoftspy still produce previous diagnostic...

Attached the hjt log; could anyone support me in understanding
a) if I have a problem
b) how can I fix

thanks a lot

hjt log :

Logfile of HijackThis v1.97.7
Scan saved at 12.04.17, on 07/07/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
c:\program files\acnu\acnupdatersvc.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daniweb.com/techtalkforums/sh...6&page=2&pp=15
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;<local>
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30690ED1-1E54-4021-9E61-24BCEBCC9BD5} - C:\WINDOWS\System32\jnlgfmk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSupCmd.exe" -inituser
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe"
O4 - Global Startup: BlackICE Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...175.0872222222
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506}

Similar Threads

Just a blank screen = ( in Monitors, Displays and Video Cards
new window in Internet Explorer is always blank in Web Browsers
PC going blank randonmly HELP in Windows NT / 2000 / XP
HELP!! comp froze and when i restarted it was blank! in Troubleshooting Dead Machines
IE 6 start page getting changed to about:blank in Web Browsers

qwerty

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Jul 2004

Permalink

Jul 7th, 2004

Re: coolwebsearch virus and related problems

Where are you running hijackthis from? You need to have it somewhere that it can create backups, but not in a temporary folder.
Reboot then rescan with hijackthis & post that log plz.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: coolwebsearch virus and related problems

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Spyware Virus - Hijack Log Included

DaniWeb Message

Cancel Changes

User Name
Password