[dsyers]

I have had a Dell Dimension 2400 desktop for about 2 1/2 yrs now. It has Windows XP Home edition. I also have Verizon Online DSL service for my Internet. For several months now I have been unable to access the internet using the Verizon online with MSN link but have had to use the Inernet Explorer link (the Blue E) to access the net, which I don't really like but it gets the job done. Also more recently I have been unable to open my display settings or my Musicmatch Jukebox. I had AOL Instant Messenger 5.7 (I think) for a while but then I started getting a message at startup saying it experienced an internal error and must close (the same message that Verizon Online w/MSN was giving me). Then a few days later I got a window at AIM startup offering me a free upgrade to version 5.9 and when I agreed and the Installer started up, a window popped up stating that it has detected Windows 95 and that this version of AIM cannot run on Win 95. I have since downloded version 4.8 of AIM until I can rectify this. I currently do have the latest version of SpySweeper and AdAware Personal on my computer which I run every so often. The SpySweeper usually detects the CWS-AboutBlank virus in my computer daily and requires a reboot to remove.
Anyway, those are my issues and how they developed, and my computer is quite slow. I don't know how Windows 95 is in my system, but has anyone else experienced this problem? And can it be corrected, hopefully with ease ?

[Advertisements]

Hi dsyers! Welcome to G2G!

I highly doubt that you are getting CWS-AboutBlank on a daily basis. More then likely it is not being completely removed. Spysweeper and Ad-aware are not the best spyware/malware removal tools out. The better ones are Spyboy and MS Antispyware. I myself find that using both of then in unison, Spybot scan first and then MS Antispyware works alot of the time. I also use CleanUp! to make sure all temp files that possibly could be the source of reoccurring spyware. Ewido is also a good program that removes alot of hard to remove malware that others can't remove completely.

What I suggest you do is go to the Malware Forum and check out the START HERE first. If you are still having problems after doing all the self-checks, then post a HJT log in THAT FORUM.

If, after given a clean bill of health from the malware experts, you are still having problems, then please return to THIS thread.

Good luck!

Fenor

[Fenor]

Hi dsyers! Welcome to G2G!

I highly doubt that you are getting CWS-AboutBlank on a daily basis. More then likely it is not being completely removed. Spysweeper and Ad-aware are not the best spyware/malware removal tools out. The better ones are Spyboy and MS Antispyware. I myself find that using both of then in unison, Spybot scan first and then MS Antispyware works alot of the time. I also use CleanUp! to make sure all temp files that possibly could be the source of reoccurring spyware. Ewido is also a good program that removes alot of hard to remove malware that others can't remove completely.

What I suggest you do is go to the Malware Forum and check out the START HERE first. If you are still having problems after doing all the self-checks, then post a HJT log in THAT FORUM.

If, after given a clean bill of health from the malware experts, you are still having problems, then please return to THIS thread.

Good luck!

Fenor

[ScHwErV]

Actually SpySweeper by Webroot is one of the best antimalware applications available, however, CWS requires specific steps and removal tools to remove, so your best bet is to post a HiJackThis log in the Malware Removal Forum.

ScHwErV

[dsyers]

Here is a copy of the HJT and Ewido log. I have done CleanUp! and Ad-aware SE. I was unable to use CWShredder. I get the following message "C:\Documents and Settings/David Syers\Desktop\CWShredder.exe" is not a valid WIN32 application. I also installed Ewido Security Suite which cleaned up a lot of junk. I also checked on Dell Diagnostic and Repairs Utilities which recommended running the Dr.Watson tool by entering DRWATSN32 in the Run command. When I tried the computer stated it could not locate DRWATSN32. I have also done a Disk Celaup and Disk Defragment however I don't see any changes on my computer. I still think that for some strange reason my system is running on Windows 95 eventhough the software is Windows XP. I still am unable to open my Musicmatch Jukebox or my Display setting in the control panel.

Here is the HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:52 PM, on 10/06/05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\rundll32.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\AIM95\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\David Syers\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.search-an...com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {30A5A9EE-5A29-4CD9-A37B-5D2BA645A531} - C:\WINDOWS\System32\jpnb.dll (file missing)
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: http://www.youbet.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.d...mlbst8408_x.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet...s/ybrequest.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet...ls/YBUICtrl.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B967F021-5C85-4D3C-9191-078B161D20B0}: NameServer = 141.155.0.68 151.203.0.84
O18 - Filter: text/html - {FEF22C80-68D3-4183-9778-20BCACA59A50} - C:\WINDOWS\System32\jpnb.dll
O18 - Filter: text/plain - {FEF22C80-68D3-4183-9778-20BCACA59A50} - C:\WINDOWS\System32\jpnb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Here is the Ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:17:29 AM, 10/03/05
+ Report-Checksum: 7F92A18F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/QDow_AS2.dll\\.Owner -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/QDow_AS2.dll\\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/QDow_AS2.dll\\.Owner -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/QDow_AS2.dll\\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-397017923-1160095872-1507438158-1007\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-397017923-1160095872-1507438158-1007_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
C:\Documents and Settings\David Syers\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-305f4c99-480a717f.class -> Dialer.Generic : Cleaned with backup
C:\Program Files\FileSubmit\swissalpsscreensaver.zip\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\FileSubmit\swissalpsscreensaver.zip\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
C:\Program Files\FileSubmit\zepss.exe\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\FileSubmit\zepss.exe\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
C:\Program Files\Upromise_RemindU\disp1050.exe -> Spyware.WebRebates : Cleaned with backup
C:\temporary\install201.exe -> Trojan.SecondThought.ao : Cleaned with backup
C:\WINDOWS\b4offy.sys -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS333.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\SysUpdContainer.dll -> TrojanSpy.Agent.h : Cleaned with backup
C:\WINDOWS\Fonts\waveip.exe -> TrojanSpy.Agent.p : Cleaned with backup
C:\WINDOWS\loadnew.exe -> TrojanDownloader.Harnig.al : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\rxyhdy.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\SYSTEM32\0z7n2u.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\SYSTEM32\5d6f.exe -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\b4offy.sys -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\CAMOCX22.exe -> Spyware.IEDriver : Cleaned with backup
C:\WINDOWS\SYSTEM32\msiaih.dll -> Spyware.Ipend : Cleaned with backup
C:\WINDOWS\SYSTEM32\msnimk.gif -> Spyware.Ipend : Cleaned with backup
C:\WINDOWS\SYSTEM32\prjtect.exe -> Trojan.KillAV.dw : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\TCPService2i.exe -> TrojanDownloader.Esepor.a : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\xdldr17.exe -> TrojanDownloader.Small.Fo : Cleaned with backup


::Report End

[Neil Jones]

I can see at least four pieces of spyware in your Hijack This log that your other program hasn't spotted, one of which is going to be fun to get of.

Anyway, I'm not quite sure where you've got AIM 5.9 from, considering the latest version I can find is v5.5.

For Dr Watson in XP, best thing to do is Start -> Programs -> Accessories -> System Tools -> System Information and then Dr Watson on the Tools Menu.

Also be aware that AIM95.exe can either be AOL's intstant messenger OR it can also be a piece of spyware.

[dsyers]

Thank you for your response, Niel. As far as the AIM95.exe goes, I think that should be legit since I downlodaed AIM from the AOL Instant Messenger website. Then again I'm not that computer savvy, so I'm not sure. That's why I'm on this website to begin with . By the way, I do find this website to be an awesome service. A friend recommended it to me and I'm trying it out. Not only will my issues hoepfully be resolved but it will be a learning experience for me about computers. Anyway, moving on.
I did like you said and I went into Programs>Accessories>System tools>System information etc but Dr. Watson does not show up in the tools menu. Actually when I go to System Tools and click it, it opens up the Dell Help and Support Center (should that be?). From there I click on tools and I get the following links under 'TOOLS':

Your Dell Computer
My Computer Information
System Restore
Remote Assistance
Network Diagnostics
Disk Cleanup
Disk Defragmenter
Advanced System Information
System Confiuration Utility

That is all. No link to Dr. Watson. Again, I'm not a big computer person, but for me this further solidifies my theory that I might be running on Window 95 even though Windows XP is the software that came with computer. I don't think Dr. Watson was a feature on Windows 95. My old computer ran on Win 95 and I don't remember Dr. Watson, but then again I never really looked for it either .

Now you did mention that you saw 4 pieces of spyware that my other program didn't detect. Can you recommend a way of getting rid of them? And what am I looking for exactly?

Below I am including some information about my computer (from the Tools menu) that might give some answers. I don't see anything, but maybe you will:

1. Your Dell Computer

Dell Computer Corporation

Dimension 2400
Service Tag 3DB3X31
Express Service Code 7335065917
Processor Intel® Pentium® 4 CPU 2.40GHz
Processor Speed 2.34 GHz
Memory (RAM) 384 MB
Operating System Microsoft Windows XP Home Edition
Operating System Version 5.1.2600

2. My Computer Information - General

Specifications
Dell Computer Corporation
System Model: Dimension 2400
BIOS Version: Dell Computer Corporation A03


Operating System
Microsoft Windows XP Home Edition
Version: 5.1.2600
Service Pack: 1.0
Location: C:\WINDOWS
PID: 55277-OEM-0011903-00102
Hot Fix: Q817472


Memory (RAM)
Capacity: 384 MB


Processor
Intel® Pentium® 4 CPU 2.40GHz
Version: x86 Family 15 Model 2 Stepping 9
Speed: 2392 MHz


General Computer Info
System Name: DAVID
Domain: MSHOME
Time Zone: Eastern Daylight Time
Connection: Workstation (standalone)
Proxy Server: None
IP Address: 192.168.1.47
162.83.221.163
IPX Address: Not Enabled


Local Disk
Total Capacity: 37.24 GB
Sum of Hard Disks: (C: )
Used: 20.71 GB

Free: 16.52 GB

I can also if need be, cut and paste the 'Error Log' that is stored on my computer, but it is vvveeerrryyyyyy long. I've been having issues with this computer for a while now and have just been too [bleep] lazy to work on fixing it since the functions I needed were operable and because I procrastinate on having to deal with this stuff, since it is usually tedious, frustrating and I'm not that educated with this stuff.

Anyway, Niel, I appreciate any help you can give me. Thanx!

David