The following is a Logfile of HijackThis v1.98.2. I couldn't figure out how to post it to the HijackThis forum. If my inability to follow instructions in any way causes you inconvenience, please accept my apologies. Step 5 in How to post a HijackThis log is where you lost me. Where is the reply box? (5. Go back to the forum, Click in the Reply box then go to Edit> Paste)
As per Owen's instructions, I have scanned my computer with both Spybot and Ad Aware.
This damn Coolwebsearch/about: blank business has been causing me absolute grief for the last little while and any assistance rendered will be greatly appreciated.
If I need to submit this Logfile in a different way or to another location please forward me instructions.
Thank you. Jay.
Logfile of HijackThis v1.98.2
Scan saved at 5:58:25 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
You've done well there. The reply box is where you post your message which you have just used to post that message.
Could you please download Appinit. Unzip the file and double click the Appinit.bat file which is inside the zipped folder. This will create a log called Windows.txt.
In your next reply, don't use Quick Reply at the bottom, click Post Reply and below the reply box, click Manage Attachments. A window will appear. Click Browse and locate your Windows.txt log. Then click upload.
Owen, sorry but I obviously screwed up somewhere along the line. I realize this will be a complete pain in the butt for you, but can you reply with absolutely specific and detailed instructions on how you would like me to proceed. Just think of me as a four year old who is completely lacking in computer skills and you'll have some idea of who it is you are attempting to help out here.
Am I supposed to submit another hijackthis logfile using this Appinit? Did I submit the first one incorrectly? Please let me know.
Read this carefully and follow the instructions exactly:
Could you please download Appinit. Unzip the file and double click the Appinit.bat file which is inside the zipped folder. This will create a log called Windows.txt.
What you now need to do is come back here and click this thread and then click the Post Reply button that looks like this: and then scroll down a bit and click the Manage Attachments button. A new window will popup. There is a button called Browse. Click this and find and double click the windows.txt file. The Browse... window will disappear and then you need to click the Upload button.
Are you running XP Home or Pro and is your file system FAT32 or NTFS?
Look in My Computer. Right click the C drive and choose properties to find the File System .
Hello again,
Please download the attached file hiving_154.zip and then download CWShredder from here. Save them to a convenient location like your Desktop.
Unzip hiving_154.zip
Then disconnect from the internet. Beforehand I suggest you print this page and the article located here, you will need this information.
Now double click the hiving.bat file that you unzipped from hiving_154.zip
After you have run the file, then Reboot and boot into Safe Mode
Locate the file C:\Windows\System32\combmb.dll and take ownership of this file. The article that you printed out from the Microsoft website gives you instructions on how to do this.
Then rename the file from combmb.dll to badfile.dll then to badfile.txt. Then delete the file.
Now double click the CWShredder.exe file you downloaded earlier and click Fix and follow the prompts.
Then restart Hijack This and put a checkmark next to the following entries and click Fix Checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
Then reboot into normal mode and post a fresh log back here
I have done everything as per your instructions. Everything went like clock work until I restarted Hijack This in safe mode. None of the entries that you listed above were present. Therefore there was nothing for me to checkmark and click Fix Checked.
Does this mean that I have gotten rid of Coolwebsearch/about: blank by performing the steps prior to restarting Hijack This in safe mode?
If so, is my computer now immune to Coolwebsearch/about:blank or would I have to purge my system again if I happen to come into contact with the same/new variant. If my system is still at risk, is there anything I can do to protect myself from this particular type of spyware?
After running Adaware and Spybot please find my latest logfile below.
Thanks again. Jay.
Logfile of HijackThis v1.98.2
Scan saved at 5:26:40 PM, on 9/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
and then scroll down a bit and click the Manage Attachments button. A new window will popup. There is a button called Browse. Click this and find and double click the windows.txt file. The Browse... window will disappear and then you need to click the Upload button.