943,731 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Homepage changed to about:blank can't change back
Ad:
You are currently viewing page 3 of this multi-page discussion thread; Jump to the first page
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

Nope no improvement the website is still there...
Feeling like giveing up,if i leave it like this will anything happen?
Reputation Points: 10
Solved Threads: 0
Light Poster
mysticwepx is offline Offline
30 posts
since Jul 2009
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

I think that Thunder may be the case of your problems.
What exactly is that bit of software for and are you happy to uninstall it?
If you are happy to uninstall it, get revo uninstaller from here - http://www.revouninstaller.com/
Use it's most aggressive setting.
Reputation Points: 125
Solved Threads: 193
Nearly a Posting Maven
Rik from RCE is offline Offline
2,205 posts
since May 2009
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

Thunder software is to help me dl file faster and watch movie onlie.
I have uninstall it and useing the revouninstaller and restart the com it still the same
If i leave it like this is it bad?
Reputation Points: 10
Solved Threads: 0
Light Poster
mysticwepx is offline Offline
30 posts
since Jul 2009
Permalink
Jul 19th, 2009
1

Re: Homepage changed to about:blank can't change back

It's not bad as such, but it's not correct.

One more thing to try, internet settings, homepage, set it to http:\www.google.com and see if it helps.
I noticed in your combofix log that something has set it to hxxp:\www.google.com.
Reputation Points: 125
Solved Threads: 193
Nearly a Posting Maven
Rik from RCE is offline Offline
2,205 posts
since May 2009
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

hmm still the same
Reputation Points: 10
Solved Threads: 0
Light Poster
mysticwepx is offline Offline
30 posts
since Jul 2009
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

Rik from RCE Thanks you very much for hleping till so far,i guess i'm giveing up.
Reputation Points: 10
Solved Threads: 0
Light Poster
mysticwepx is offline Offline
30 posts
since Jul 2009
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

I must admit to being stumped too.
Reputation Points: 125
Solved Threads: 193
Nearly a Posting Maven
Rik from RCE is offline Offline
2,205 posts
since May 2009
Permalink
Jul 19th, 2009
0

Re: Homepage changed to about:blank can't change back

Can you post the log from combofix's first run. You will find it in C:\qoobox folder.

Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it.

Reboot and see if the redirect still occurs.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Jul 20th, 2009
0

Re: Homepage changed to about:blank can't change back

The problem is still there after i restart my com
This the new log that i run combofix again the old 1 is at second page

ComboFix 09-07-19.04 - Owner -07-20 星期一 14:51.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1696 [GMT -7:00]
执行位置: d:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( 2009-06-20 至 2009-07-20 的新的档案 )))))))))))))))))))))))))))))))
.

2009-07-20 21:43 . 2009-07-20 21:43 16384 ----atw- d:\temp\Perflib_Perfdata_7d4.dat
2009-07-20 21:37 . 2009-07-20 21:37 -------- d-----w- d:\program files\Common Files\Thunder Network
2009-07-20 21:37 . 2009-07-20 21:37 -------- d-----w- d:\program files\Thunder Network
2009-07-20 07:18 . 2009-07-20 07:18 -------- d-----w- d:\program files\VS Revo Group
2009-07-20 04:50 . 2009-07-20 04:50 -------- d-----w- d:\program files\CCleaner
2009-07-20 03:20 . 2009-04-30 21:22 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2009-07-20 03:20 . 2009-04-30 21:22 1985024 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-07-20 03:20 . 2009-04-30 21:22 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2009-07-20 03:20 . 2009-04-30 21:22 11064832 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-07-19 23:32 . 2009-07-19 23:32 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Google
2009-07-19 23:31 . 2009-07-19 23:32 -------- d-----w- d:\program files\Google
2009-07-19 09:35 . 2009-07-20 05:46 -------- d-----w- d:\temp\_avast4_
2009-07-19 03:24 . 2009-07-19 03:24 -------- d-----w- d:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 03:24 . 2009-07-19 03:24 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 06:42 . 2009-07-20 21:29 -------- d-----w- d:\program files\QvodPlayer
2009-07-14 02:37 . 2009-07-14 02:37 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-07-05 05:01 . 2009-07-05 05:01 -------- d-----w- d:\documents and settings\Owner\Application Data\AVS4YOU
2009-07-05 05:01 . 2009-07-05 05:01 -------- d-----w- d:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-05 05:00 . 2009-07-05 05:01 -------- d-----w- d:\program files\Common Files\AVSMedia
2009-07-05 05:00 . 2008-08-13 18:22 974848 ----a-w- d:\windows\system32\mfc70.dll
2009-07-05 05:00 . 2008-08-13 18:22 487424 ----a-w- d:\windows\system32\msvcp70.dll
2009-07-05 05:00 . 2009-07-05 05:01 -------- d-----w- d:\program files\AVS4YOU
2009-07-05 05:00 . 2008-08-13 18:22 1700352 ----a-w- d:\windows\system32\GdiPlus.dll
2009-07-05 05:00 . 2008-08-13 18:22 24576 ----a-w- d:\windows\system32\msxml3a.dll
2009-07-05 04:52 . 2009-07-05 04:52 -------- d-----w- d:\documents and settings\Owner\Application Data\Red Kawa
2009-07-05 04:52 . 2009-07-06 21:49 -------- d-----w- d:\program files\WeFi
2009-07-05 04:51 . 2009-07-05 04:51 5931872 ----a-w- d:\documents and settings\Owner\Application Data\OpenCandy\WeFiSetup_5_141_4.exe
2009-07-05 04:51 . 2009-07-05 04:51 -------- d-----w- d:\documents and settings\Owner\Application Data\OpenCandy
2009-07-05 04:51 . 2009-07-05 04:51 -------- d-----w- d:\program files\Red Kawa
2009-07-05 04:47 . 2009-07-05 04:47 -------- d-----w- d:\program files\E-Zsoft
2009-07-05 04:24 . 2009-07-05 04:24 -------- d-----w- d:\program files\DVDVideoSoft
2009-07-05 03:55 . 2009-07-05 03:55 -------- d-----w- d:\documents and settings\Owner\Application Data\ImTOO Software Studio
2009-07-05 03:48 . 2002-01-05 22:37 344064 ----a-w- d:\windows\system32\msvcr70.dll
2009-07-05 03:48 . 2009-07-05 04:24 -------- d-----w- d:\program files\Common Files\DVDVideoSoft
2009-07-03 10:49 . 2009-07-03 10:49 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-07-02 23:35 . 2009-07-02 23:35 -------- d-----w- d:\program files\AviSynth 2.5
2009-07-02 23:32 . 2009-07-02 23:32 -------- d-----w- d:\program files\MSBuild
2009-07-02 23:29 . 2009-07-20 03:26 -------- d-----w- d:\windows\system32\XPSViewer
2009-07-02 23:29 . 2009-07-02 23:29 -------- d-----w- d:\program files\Reference Assemblies
2009-07-02 23:28 . 2006-06-29 20:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-07-02 22:07 . 2009-07-02 22:07 -------- d-----w- d:\program files\GVOD
2009-07-01 08:53 . 2009-07-01 08:53 1060864 ----a-w- d:\windows\system32\MFC71.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 07:22 . 2009-05-12 08:36 3740 ----a-w- d:\windows\system32\cid_store.dat
2009-07-20 05:48 . 2009-05-11 20:11 22016 ----a-w- d:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 22:21 . 2009-05-12 00:34 139584 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 22:21 . 2009-05-12 00:34 189104 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-07-19 02:10 . 2009-05-11 21:24 -------- d-----w- d:\program files\Warcraft III
2009-07-17 12:06 . 2009-05-11 21:43 -------- d-----w- d:\program files\MpcStar
2009-07-16 16:13 . 2009-05-16 04:06 -------- d-----w- d:\program files\Garena
2009-07-05 04:01 . 2009-05-13 00:23 -------- d-----w- d:\program files\Windows Media Connect 2
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-06-08 06:32 . 2009-06-08 06:32 -------- d-----w- d:\documents and settings\Owner\Application Data\DragonicaSCB
2009-06-08 05:42 . 2009-06-08 05:42 -------- d-----w- d:\program files\IAHGames
2009-06-08 05:37 . 2009-05-16 06:00 -------- d-----w- d:\program files\Windows Live
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- d:\windows\system32\quartz.dll
2009-05-29 08:59 . 2009-05-26 05:20 -------- d-----w- d:\documents and settings\Owner\Application Data\Skype
2009-05-29 08:59 . 2009-05-26 05:29 -------- d-----w- d:\documents and settings\Owner\Application Data\skypePM
2009-05-26 05:29 . 2009-05-26 05:29 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----r- d:\program files\Skype
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----w- d:\program files\Common Files\Skype
2009-05-25 02:25 . 2009-05-25 02:25 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-05-25 02:25 . 2009-05-25 02:25 -------- d-----w- d:\program files\Java
2009-05-25 02:25 . 2009-05-25 02:25 152576 ----a-w- d:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-24 23:24 . 2009-05-12 00:34 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-05-24 22:09 . 2009-05-24 22:09 22328 ----a-w- d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-24 22:09 22328 ----a-w- d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-11 20:40 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-05-24 21:47 . 2009-05-24 21:47 -------- d-----w- d:\program files\Activision
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- d:\windows\system32\wininet.dll
2009-05-13 00:45 . 2009-05-11 19:45 76487 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 08:44 . 2009-05-12 08:44 0 ----a-w- d:\windows\nsreg.dat
2009-05-12 08:33 . 2009-05-12 08:33 20 ----a-w- d:\windows\system32\pub_store.dat
2009-05-11 21:41 . 2009-05-11 21:27 77641 ----a-w- d:\windows\War3Unin.dat
2009-05-11 21:41 . 2009-05-11 21:27 2829 ----a-w- d:\windows\War3Unin.pif
2009-05-11 21:41 . 2009-05-11 21:27 139264 ----a-w- d:\windows\War3Unin.exe
2009-05-11 19:43 . 2009-05-11 19:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- d:\windows\system32\localspl.dll
2009-05-04 20:09 . 2009-05-12 08:32 89600 ----a-w- d:\windows\system32\atl71.dll
2009-05-04 20:09 . 2009-05-12 08:32 499712 ----a-w- d:\windows\system32\msvcp71.dll
2009-05-04 20:09 . 2009-05-12 08:32 348160 ----a-w- d:\windows\system32\msvcr71.dll
2009-07-19 10:08 . 2009-07-14 02:36 137208 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-04 20:14 . 2009-07-20 21:37 36864 ----a-w- d:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-05-04 20:14 . 2009-07-20 21:37 53248 ----a-w- d:\program files\mozilla firefox\components\ThunderComponent.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 d:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-04 12:00 359040 C1783498EDB152656303B5D5BCABD86C d:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 4AFB3B0919649F95C1964AA1FAD27D73 d:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-08-24 13574144]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-08-24 86016]
"razer"="d:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"QuickTime Task"="d:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-05-11 282624]
"PSPVideoConverter_upgrade"="d:\program files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" [2009-03-25 495616]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-08-24 1657376]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2007-08-20 16384512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2009-5-11 13:40 1684736]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 Razerlow;Razerlow USB Filter Driver;d:\windows\system32\drivers\Razerlow.sys [2009-5-11 14:04 13225]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com.sg/
mStart Page = about:blank
IE: ê1ó???à×???? - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ê1ó???à×????è?2?á′?ó - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷下载 - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\program files\Thunder Network\Thunder\Thunder.exe
Trusted Zone: photobucket.com
FF - ProfilePath - d:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hdcqx96q.default\
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- 火狐配置文件 ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 14:53
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'explorer.exe'(3608)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
完成时间: 2009-07-20 14:54
ComboFix-quarantined-files.txt 2009-07-20 21:54
ComboFix2.txt 2009-07-20 05:57

Pre-Run: 14,262,792,192 bytes free
Post-Run: 14,243,262,464 bytes free

231 --- E O F --- 2009-05-16 17:22

Thank in advance
Reputation Points: 10
Solved Threads: 0
Light Poster
mysticwepx is offline Offline
30 posts
since Jul 2009
Permalink
Jul 20th, 2009
0

Re: Homepage changed to about:blank can't change back

That is still the second log. You need to post the first one.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: need help
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: HiJack this





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC