Jump to content


Photo

about:blank


  • Please log in to reply
4 replies to this topic

#1 musicman

musicman

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 12 July 2004 - 09:10 AM

To Rubber DuckY or who ever else can help -
I've been following the about:blank forum for several days, and have come to the conclusion that I must have the newer variant of the about:blank. When I run my Spy Sweeper (full version) it identifies this as CWS sp.html hijack. It identifies it, and says it's removed, but it returns eventually. After I run all of my sweeps - Spy Sweeper, Spybot, CWshredder, AdAware (I can only run a partial scan with AdAware - it locks up in the typelib registry scan), and about:buster v.1.27, it goes away for a couple of hours, then comes back. I clean it out again, and I'm good for a couple more hours. I've run all sweeps in regular and safe mode, and I have system restore disabled. I run Windows XP home edition. Any suggestions?
musicman

#2 musicman

musicman

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 12 July 2004 - 09:55 AM

Sorry - just realized I need to post my hijackthis - this is my log after I've run all of my sweeps
Logfile of HijackThis v1.97.7
Scan saved at 10:52:29 AM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://broadband.zoomtown.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Dan\Application Data\iptl.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://broadband.zoomtown.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://broadband.zoomtown.com
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...dir_Alt_Pub.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai..../v7/brix6ie.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7620.2651388889
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.bright...bin/actxcab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentra...oad/sonyctl.CAB

musicman

#3 drunken_snowman

drunken_snowman

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 12 July 2004 - 09:58 AM

PGPhantom - Deleted incorrect advice.

#4 musicman

musicman

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 12 July 2004 - 11:43 AM

Hello, Snowman,
First, thank you for the reply. I appreciate it. I've followed your directions, so we'll give it some time & see if it rears it's !@#$%& ugly head again. I couldn't run AdAware because for some reason it freezes around object 32000 - typelib registry (AdAware has not been able to help me with this). But I did run Spybot, about:buster, CWshredder, and Spy Sweeper after I deleted the AppInit_DLLs. I'll keep my fingers crossed. Thanks!
Musicman

#5 musicman

musicman

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 13 July 2004 - 12:23 PM

Hello again, Snowman,
It's been 26 hours since I tried your cure, and I've seen no more signs of this obnoxious pest. I'm not quite ready to celebrate yet, but I feel rather confident that your proceedure took care of the problem. So thanks for the advice, and hope you never run into another hijacker on your computer. Thanks also to everyone who runs this forum!!!!! :D
Musicman




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button