• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
musicman

about:blank

5 posts in this topic

To Rubber DuckY or who ever else can help -

I've been following the about:blank forum for several days, and have come to the conclusion that I must have the newer variant of the about:blank. When I run my Spy Sweeper (full version) it identifies this as CWS sp.html hijack. It identifies it, and says it's removed, but it returns eventually. After I run all of my sweeps - Spy Sweeper, Spybot, CWshredder, AdAware (I can only run a partial scan with AdAware - it locks up in the typelib registry scan), and about:buster v.1.27, it goes away for a couple of hours, then comes back. I clean it out again, and I'm good for a couple more hours. I've run all sweeps in regular and safe mode, and I have system restore disabled. I run Windows XP home edition. Any suggestions?

musicman

Share this post


Link to post
Share on other sites

Sorry - just realized I need to post my hijackthis - this is my log after I've run all of my sweeps

Logfile of HijackThis v1.97.7

Scan saved at 10:52:29 AM, on 7/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ahead\InCD\InCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Dan\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://broadband.zoomtown.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKCU\..\Run: [iinl] C:\Documents and Settings\Dan\Application Data\iptl.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://broadband.zoomtown.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://broadband.zoomtown.com

O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...dir_Alt_Pub.cab

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.../v7/brix6ie.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0608f01c16ba34316301/netzip/RdxIE6.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7620.2651388889

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

 

musicman

Share this post


Link to post
Share on other sites

Hello, Snowman,

First, thank you for the reply. I appreciate it. I've followed your directions, so we'll give it some time & see if it rears it's !@#$%& ugly head again. I couldn't run AdAware because for some reason it freezes around object 32000 - typelib registry (AdAware has not been able to help me with this). But I did run Spybot, about:buster, CWshredder, and Spy Sweeper after I deleted the AppInit_DLLs. I'll keep my fingers crossed. Thanks!

Musicman

Share this post


Link to post
Share on other sites

Hello again, Snowman,

It's been 26 hours since I tried your cure, and I've seen no more signs of this obnoxious pest. I'm not quite ready to celebrate yet, but I feel rather confident that your proceedure took care of the problem. So thanks for the advice, and hope you never run into another hijacker on your computer. Thanks also to everyone who runs this forum!!!!! :D

Musicman

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0