Viruses, Spyware and...

Can't remove "about:blank" homepage. Please help.

•

Join Date: May 2003

Posts: 865

Reputation: TallCool1 is a jewel in the rough

Solved Threads: 43

TallCool1

Offline

Practically a Posting Shark

Re: Can't remove "about:blank" homepage. Please help.

#11

Apr 18th, 2004

•

Originally Posted by jbroad70

I think that I've removed all of the viruses from my PC- the about:blank homepage problem seems to be fixed (once again). Here's my latest hijack this report- please let me know if you see anything weird in there.

Nope, you are still hijacked by a morphing program that changes the DLL name each time it installs. You are going to have to go deeper to rid yourself of this one.

* First, turn off System Restore before removing stuff. Some of your problems may be sneaking back in that way.

* Then make sure that HijackThis is the only thing running.

* Next, go into the folder C:\Windows\Prefetch, and look at the files there. Are any of them suspect? List the files here. You may even want to reboot your computer into Safe Mode and then delete all the files in your Prefetch folder at this time, just to be safe. Viruses hide there.

* While you are in Safe Mode, go into the C:\WINNT\system32 folder and remove those wierd-named DLL files that have been piling up.

* I would also manually clean out your Temporary Internet Files, as well. See Microsoft's Really Hidden Files for more on this issue (warning: potentially offensive site-name and email address). Though the article was written for Windows 98, it still applies.

Here's some more prevention tools:

SpywareBlaster -- blocks malware installation. Not a removal tool, helps keep adware and spyware off your PC by blocking ActiveX for known malware. Updates available on a regular basis.

IE-SPYAD: Restricted Sites List for Internet Explorer. Registry add-in that moves known malware sites to the "Restricted" zone in IE to block the nasties.

XP Anti-Spy -- turn off the "phone home" functions in XP. Did you know that Windows XP, by default, monitors your computer usage and reports back to Microsoft? Slow it down, at least, with this tool.

Try again to remove these. Note that it's the same old stuff with a new name:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\efje.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://c:\winnt\system32\fcakddh.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\efje.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\efje.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\efje.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\efje.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

-- Michael Rudas

How To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.

•

Join Date: Apr 2004

Posts: 44

Reputation: LoriL1212 is an unknown quantity at this point

Solved Threads: 0

LoriL1212

Offline

Light Poster

Re: Can't remove "about:blank" homepage. Please help.

#12

Apr 18th, 2004

I stand corrected... thank you Michael.

I have been assessing logs for a year, and never had any recurring problems when it came to the (obfuscated) entries.

However, I am enlightened today.

Lori Leach :: zenful creations :: kudos :: musings :: flickr

•

Join Date: Apr 2004

Posts: 7

Reputation: jbroad70 is an unknown quantity at this point

Solved Threads: 0

jbroad70

Offline

Newbie Poster

Re: Can't remove "about:blank" homepage. Please help.

#13

Apr 18th, 2004

Thanks for the advice. I'm not sure that I have a system restore feature due to the fact that I have Windows 2000 and not XP. Is there something different I should do?

•

Join Date: May 2003

Posts: 865

Reputation: TallCool1 is a jewel in the rough

Solved Threads: 43

TallCool1

Offline

Practically a Posting Shark

Re: Can't remove "about:blank" homepage. Please help.

#14

Apr 19th, 2004

•

Originally Posted by jbroad70

Thanks for the advice. I'm not sure that I have a system restore feature due to the fact that I have Windows 2000 and not XP. Is there something different I should do?

Good point. It was not clear which NT version you are using, since you didn't provide that information. There are some differences under W2k. Try looking here or here, for starters.

-- Michael Rudas

•

Join Date: Apr 2004

Posts: 44

Reputation: LoriL1212 is an unknown quantity at this point

Solved Threads: 0

LoriL1212

Offline

Light Poster

Re: Can't remove "about:blank" homepage. Please help.

#15

Apr 19th, 2004

I think I now know what your problem is, and the source of the 'morphing' DLL... can you run Adaware again, and post the results log here so I can see something - Thanks!

Lori Leach :: zenful creations :: kudos :: musings :: flickr

•

Join Date: Apr 2004

Posts: 7

Reputation: jbroad70 is an unknown quantity at this point

Solved Threads: 0

jbroad70

Offline

Newbie Poster

Re: Can't remove "about:blank" homepage. Please help.

#16

Apr 24th, 2004

HI,

Sorry I've been away for a while. Here is my Ad-aware results log. I still have the About:Blank changing homepage problem so any help would be appreciated. Thanks.

Listing running processes
��
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 4-23-2004 2:11:48 AM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:11:59 AM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:03 AM
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:03 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 2/25/2004 11:59:07 PM
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:11 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 12/7/1999 12:00:00 PM
#:6 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:12 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:7 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-23-2004 2:12:12 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 4/19/2004 11:03:20 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 7/17/2003 4:16:38 PM
#:8 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ThreadCreationTime : 4-23-2004 2:12:20 AM
BasePriority : Normal
FileSize : 1360 KB
FileVersion : 1,0,23,5
ProductVersion : 1,0,23,5
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Connectivity Service
InternalName : acsd
OriginalFilename : acsd.exe
ProductName : AOL Connectivity Service
Created on : 12/13/2003 7:09:30 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 10/30/2003 10:48:46 PM
#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 4-23-2004 2:12:22 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 12/7/1999 12:00:00 PM
#:10 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 4-23-2004 2:12:23 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 4/19/2004 11:02:10 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 11/15/2002 12:41:26 AM
#:11 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 4-23-2004 2:12:29 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 4/19/2004 9:52:33 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 8/14/2002 11:03:00 AM
#:12 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:31 AM
BasePriority : Normal
FileSize : 66 KB
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 4/19/2004 11:42:17 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:13 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:32 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 4/19/2004 11:43:01 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:14 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ThreadCreationTime : 4-23-2004 2:12:33 AM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright (C) 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 4/19/2004 9:54:58 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 8/14/2002 11:00:00 AM
#:15 [wanmpsvc.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 4-23-2004 2:12:35 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 5/24/2003 12:23:45 AM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 8/27/2003 3:27:44 PM
#:16 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 4-23-2004 2:12:36 AM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 4/19/2004 11:41:39 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:17 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:38 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 12/7/1999 12:00:00 PM
#:18 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 4-23-2004 2:14:22 AM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 4/19/2004 11:44:02 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 6/19/2003 7:05:04 PM
#:19 [symtray.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-23-2004 2:14:30 AM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 2003.6.57
ProductVersion : 2003.6.57
Copyright : Copyright (c) 1997-2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
OriginalFilename : SymTray.exe
ProductName : Norton SystemWorks
Created on : 4/19/2004 11:03:47 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 9/30/2002 2:46:14 AM
#:20 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-23-2004 2:14:48 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 4/20/2004 1:57:36 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 12/2/2003 9:11:04 PM
#:21 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ThreadCreationTime : 4-23-2004 2:15:17 AM
BasePriority : Normal
FileSize : 639 KB
FileVersion : 2.1.0.23
ProductVersion : 1.0.0.0
Copyright : Copyright (c) 2001-2003 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
ProductName : Spy Sweeper
Created on : 4/19/2004 7:37:41 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 7/10/2003 8:26:00 PM
#:22 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 4-24-2004 4:58:10 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/15/2004 4:43:47 PM
Last accessed : 4/24/2004 4:58:08 PM
Last modified : 7/13/2003 3:00:20 AM
Memory scan result :
��
New objects : 0
Objects found so far: 0

Started registry scan
��
CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
��
New objects : 1
Objects found so far: 1

Started deep registry scan
��
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{7FEF4CCD-E64B-41D5-8F40-5DEEE4B24653}

CoolWebSearch Object recognized!
Type : File
Data : ppjij.dll
Object : c:\winnt\system32\
FileSize : 36 KB
Created on : 4/24/2004 4:31:15 PM
Last accessed : 4/24/2004 4:31:15 PM
Last modified : 4/24/2004 4:31:15 PM

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B08FE1CA-26B1-4CE8-AFBC-8F1DB7023AC2}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FEF4CCD-E64B-41D5-8F40-5DEEE4B24653}

Deep registry scan result :
��
New objects : 5
Objects found so far: 7

��
Tracking Cookie Object recognized!
Type : File
Data : administrator@zedo[2].txt
Object : C:\Documents and Settings\administrator\Cookies\
Created on : 4/23/2004 7:18:58 PM
Last accessed : 4/24/2004 5:03:06 PM
Last modified : 4/23/2004 7:18:59 PM

��

Deep scanning and examining files (C

��

Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
��
Hosts file scan result:
��
1 entries scanned.
New objects :0
Objects found so far: 8

Performing conditional scans..
��
Conditional scan result:
��
New objects : 0
Objects found so far: 8

12:03:53 PM Scan complete
Summary of this scan
��
Total scanning time :00:05:11:578
Objects scanned :43394
Objects identified :8
Objects ignored :0
New objects :8

•

Join Date: Apr 2004

Posts: 7

Reputation: jbroad70 is an unknown quantity at this point

Solved Threads: 0

jbroad70

Offline

Newbie Poster

Re: Can't remove "about:blank" homepage. Please help.

#17

Apr 24th, 2004

HI,
Sorry I've been away for a while. Here is my Ad-aware results log.

Listing running processes
��
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 4-23-2004 2:11:48 AM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:11:59 AM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:03 AM
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:03 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 2/25/2004 11:59:07 PM
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:11 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 12/7/1999 12:00:00 PM
#:6 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:12 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:7 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-23-2004 2:12:12 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 4/19/2004 11:03:20 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 7/17/2003 4:16:38 PM
#:8 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ThreadCreationTime : 4-23-2004 2:12:20 AM
BasePriority : Normal
FileSize : 1360 KB
FileVersion : 1,0,23,5
ProductVersion : 1,0,23,5
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Connectivity Service
InternalName : acsd
OriginalFilename : acsd.exe
ProductName : AOL Connectivity Service
Created on : 12/13/2003 7:09:30 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 10/30/2003 10:48:46 PM
#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 4-23-2004 2:12:22 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 12/7/1999 12:00:00 PM
#:10 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 4-23-2004 2:12:23 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 4/19/2004 11:02:10 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 11/15/2002 12:41:26 AM
#:11 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 4-23-2004 2:12:29 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 4/19/2004 9:52:33 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 8/14/2002 11:03:00 AM
#:12 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:31 AM
BasePriority : Normal
FileSize : 66 KB
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 4/19/2004 11:42:17 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:13 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:32 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 4/19/2004 11:43:01 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:14 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ThreadCreationTime : 4-23-2004 2:12:33 AM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright (C) 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 4/19/2004 9:54:58 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 8/14/2002 11:00:00 AM
#:15 [wanmpsvc.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 4-23-2004 2:12:35 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 5/24/2003 12:23:45 AM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 8/27/2003 3:27:44 PM
#:16 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 4-23-2004 2:12:36 AM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 4/19/2004 11:41:39 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 6/19/2003 7:05:04 PM
#:17 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 4-23-2004 2:12:38 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 4/24/2004 4:26:36 PM
Last modified : 12/7/1999 12:00:00 PM
#:18 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 4-23-2004 2:14:22 AM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 4/19/2004 11:44:02 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 6/19/2003 7:05:04 PM
#:19 [symtray.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-23-2004 2:14:30 AM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 2003.6.57
ProductVersion : 2003.6.57
Copyright : Copyright (c) 1997-2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
OriginalFilename : SymTray.exe
ProductName : Norton SystemWorks
Created on : 4/19/2004 11:03:47 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 9/30/2002 2:46:14 AM
#:20 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-23-2004 2:14:48 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 4/20/2004 1:57:36 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 12/2/2003 9:11:04 PM
#:21 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ThreadCreationTime : 4-23-2004 2:15:17 AM
BasePriority : Normal
FileSize : 639 KB
FileVersion : 2.1.0.23
ProductVersion : 1.0.0.0
Copyright : Copyright (c) 2001-2003 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
ProductName : Spy Sweeper
Created on : 4/19/2004 7:37:41 PM
Last accessed : 4/24/2004 4:26:34 PM
Last modified : 7/10/2003 8:26:00 PM
#:22 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 4-24-2004 4:58:10 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/15/2004 4:43:47 PM
Last accessed : 4/24/2004 4:58:08 PM
Last modified : 7/13/2003 3:00:20 AM
Memory scan result :
��
New objects : 0
Objects found so far: 0

Started registry scan
��
CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
��
New objects : 1
Objects found so far: 1

Started deep registry scan
��
CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{7FEF4CCD-E64B-41D5-8F40-5DEEE4B24653}

CoolWebSearch Object recognized!
Type : File
Data : ppjij.dll
Object : c:\winnt\system32\
FileSize : 36 KB
Created on : 4/24/2004 4:31:15 PM
Last accessed : 4/24/2004 4:31:15 PM
Last modified : 4/24/2004 4:31:15 PM

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B08FE1CA-26B1-4CE8-AFBC-8F1DB7023AC2}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FEF4CCD-E64B-41D5-8F40-5DEEE4B24653}

Deep registry scan result :
��
New objects : 5
Objects found so far: 7

��
Tracking Cookie Object recognized!
Type : File
Data : administrator@zedo[2].txt
Object : C:\Documents and Settings\administrator\Cookies\
Created on : 4/23/2004 7:18:58 PM
Last accessed : 4/24/2004 5:03:06 PM
Last modified : 4/23/2004 7:18:59 PM

��

Deep scanning and examining files (C

•

Join Date: Nov 2004

Posts: 2

Reputation: mcleanmarg is an unknown quantity at this point

Solved Threads: 0

mcleanmarg mcleanmarg is offline

Offline

Newbie Poster

Re: Can't remove "about:blank" homepage. Please help.

#18

Nov 17th, 2004

•

Originally Posted by MAD_DOG

Looks to me liked you got really hi-jacked good luck to you.

What have you tried already? Does it seem accept your change and then change back to about; blank? If so, when does it change back?

•

Join Date: Nov 2004

Posts: 2

Reputation: mcleanmarg is an unknown quantity at this point

Solved Threads: 0

mcleanmarg mcleanmarg is offline

Offline

Newbie Poster

Re: Can't remove "about:blank" homepage. Please help.

#19

Nov 17th, 2004

What have you tried to do already?

Did you delete unknown browser objects?

Does is seem to accept your change and then change back to about:blank?

If yes, when?