943,771 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Homepage changed to about:blank can't change back
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jun 18th, 2004
0

Homepage changed to about:blank can't change back

Expand Post »
Well this is my first time in the forums So hello to everybody.

Now onto my problem:

My Homepage is set to about:Blank( a search for... site) and everytime i change it back to may normal homepage it changes back to that about:Blank.

Ran ad-aware, spy-bot, AVG not seems capable of fixing it. This problem appeared right after my AVG detected a backdoor.agent.BA.

Here's my hijackthislog

Logfile of HijackThis v1.97.7
Scan saved at 23:20:11, on 18/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\START95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WINPPPOVERETHERNET.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
C:\ARQUIVOS DE PROGRAMAS\BACKUP PLUS\BACKTIME.EXE
C:\ARQUIVOS DE PROGRAMAS\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\ARQUIVOS DE PROGRAMAS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=HPFSCHED
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1.3\SDHELPER.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: (no name) - {A8E27892-DC30-4AA6-95F8-ED91A50B5BD7} - C:\WINDOWS\SYSTEM\CMGEHEA.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"
O4 - HKLM\..\Run: [cgipost] C:\Arquivos de programas\Registro Speedy\cgipost.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [z-WrDialer] C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WrDialer.exe
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKLM\..\Run: [GbPluginBb] RunDll32.exe C:\WINDOWS\DOWNLO~1\GBIEH.DLL,Gbieh
O4 - HKLM\..\Run: [Tau Monitor] C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ESDR.lnk = C:\Arquivos de programas\ESdr\ESDR.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Restart.exe
O4 - Startup: TIMED BACKUPS MANAGER STARTUP.LNK = C:\Arquivos de programas\Backup Plus\BackTime.exe
O4 - Startup: OPENOFFICE.ORG 1.1.0.LNK = C:\Arquivos de programas\OpenOffice.org1.1.0\program\quickstart.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\ARQUIVOS DE PROGRAMAS\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...814.6823611111
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorU...iveInstall.cab
O16 - DPF: {842E24F3-70BF-11D7-97CD-0080ADB93CB9} (NetTrader.NetTraderQuotes) - https://www10.bancodobrasil.com.br/d.../NetTrader.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab

Thanks in advance
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kusagi is offline Offline
11 posts
since Jun 2004
Permalink
Jun 19th, 2004
0

Re: Homepage changed to about:blank can't change back

Hi & welcome to the forums. Lets see if we can't help.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {A8E27892-DC30-4AA6-95F8-ED91A50B5BD7} - C:\WINDOWS\SYSTEM\CMGEHEA.DLL

Go here for an on-line scan & set it to autoclean for you.

Reboot & post another log plz.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Jun 19th, 2004
0

Re: Homepage changed to about:blank can't change back

Ok did all you asked for.

Here's the new log

Logfile of HijackThis v1.97.7
Scan saved at 16:34:08, on 19/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\START95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WINPPPOVERETHERNET.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARQUIVOS DE PROGRAMAS\BACKUP PLUS\BACKTIME.EXE
C:\ARQUIVOS DE PROGRAMAS\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\HIJACKTHIS\HIJACKTHIS.EXE

F1 - win.ini: run=HPFSCHED
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1.3\SDHELPER.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: (no name) - {3BFC6975-E337-4873-94AA-8771D9CB10CA} - C:\WINDOWS\SYSTEM\CMGEHEA.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"
O4 - HKLM\..\Run: [cgipost] C:\Arquivos de programas\Registro Speedy\cgipost.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [z-WrDialer] C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WrDialer.exe
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKLM\..\Run: [GbPluginBb] RunDll32.exe C:\WINDOWS\DOWNLO~1\GBIEH.DLL,Gbieh
O4 - HKLM\..\Run: [Tau Monitor] C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ESDR.lnk = C:\Arquivos de programas\ESdr\ESDR.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Restart.exe
O4 - Startup: TIMED BACKUPS MANAGER STARTUP.LNK = C:\Arquivos de programas\Backup Plus\BackTime.exe
O4 - Startup: OPENOFFICE.ORG 1.1.0.LNK = C:\Arquivos de programas\OpenOffice.org1.1.0\program\quickstart.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\ARQUIVOS DE PROGRAMAS\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...814.6823611111
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorU...iveInstall.cab
O16 - DPF: {842E24F3-70BF-11D7-97CD-0080ADB93CB9} (NetTrader.NetTraderQuotes) - https://www10.bancodobrasil.com.br/d.../NetTrader.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kusagi is offline Offline
11 posts
since Jun 2004
Permalink
Jun 19th, 2004
0

Re: Homepage changed to about:blank can't change back

Ops. sorry was in a bit of a hurry so forgot to reboot before running hijackthis again here's the proper log

Logfile of HijackThis v1.97.7
Scan saved at 18:26:53, on 19/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\START95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WINPPPOVERETHERNET.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\BACKUP PLUS\BACKTIME.EXE
C:\ARQUIVOS DE PROGRAMAS\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE
C:\ARQUIVOS DE PROGRAMAS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=HPFSCHED
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1.3\SDHELPER.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: (no name) - {3BFC6975-E337-4873-94AA-8771D9CB10CA} - C:\WINDOWS\SYSTEM\CMGEHEA.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"
O4 - HKLM\..\Run: [cgipost] C:\Arquivos de programas\Registro Speedy\cgipost.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [z-WrDialer] C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WrDialer.exe
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKLM\..\Run: [GbPluginBb] RunDll32.exe C:\WINDOWS\DOWNLO~1\GBIEH.DLL,Gbieh
O4 - HKLM\..\Run: [Tau Monitor] C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ESDR.lnk = C:\Arquivos de programas\ESdr\ESDR.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Restart.exe
O4 - Startup: TIMED BACKUPS MANAGER STARTUP.LNK = C:\Arquivos de programas\Backup Plus\BackTime.exe
O4 - Startup: OPENOFFICE.ORG 1.1.0.LNK = C:\Arquivos de programas\OpenOffice.org1.1.0\program\quickstart.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\ARQUIVOS DE PROGRAMAS\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...814.6823611111
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorU...iveInstall.cab
O16 - DPF: {842E24F3-70BF-11D7-97CD-0080ADB93CB9} (NetTrader.NetTraderQuotes) - https://www10.bancodobrasil.com.br/d.../NetTrader.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kusagi is offline Offline
11 posts
since Jun 2004
Permalink
Jun 19th, 2004
0

Re: Homepage changed to about:blank can't change back

Reboot into safe mode following the instructions here & navigate to & delete the following:

C:\WINDOWS\TEMP< contents of folder

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Reboot normally after doing the above then post a fresh log plz.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Jun 19th, 2004
0

Re: Homepage changed to about:blank can't change back

Ok did all thse thngs here's the fresh log:

Logfile of HijackThis v1.97.7
Scan saved at 23:56:00, on 19/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\START95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WINPPPOVERETHERNET.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\ARQUIVOS DE PROGRAMAS\BACKUP PLUS\BACKTIME.EXE
C:\ARQUIVOS DE PROGRAMAS\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=HPFSCHED
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1.3\SDHELPER.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: (no name) - {3BFC6975-E337-4873-94AA-8771D9CB10CA} - C:\WINDOWS\SYSTEM\CMGEHEA.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"
O4 - HKLM\..\Run: [cgipost] C:\Arquivos de programas\Registro Speedy\cgipost.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [z-WrDialer] C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WrDialer.exe
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKLM\..\Run: [GbPluginBb] RunDll32.exe C:\WINDOWS\DOWNLO~1\GBIEH.DLL,Gbieh
O4 - HKLM\..\Run: [Tau Monitor] C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ESDR.lnk = C:\Arquivos de programas\ESdr\ESDR.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Restart.exe
O4 - Startup: TIMED BACKUPS MANAGER STARTUP.LNK = C:\Arquivos de programas\Backup Plus\BackTime.exe
O4 - Startup: OPENOFFICE.ORG 1.1.0.LNK = C:\Arquivos de programas\OpenOffice.org1.1.0\program\quickstart.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\ARQUIVOS DE PROGRAMAS\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...814.6823611111
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorU...iveInstall.cab
O16 - DPF: {842E24F3-70BF-11D7-97CD-0080ADB93CB9} (NetTrader.NetTraderQuotes) - https://www10.bancodobrasil.com.br/d.../NetTrader.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kusagi is offline Offline
11 posts
since Jun 2004
Permalink
Jun 20th, 2004
0

Re: Homepage changed to about:blank can't change back

Try the same fix again, then Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot.

To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.

Then disable system restore & re-enable it following the instruction here.

Note that all previous restore points will be lost.

Reboot after doing this & post another log please.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Jun 20th, 2004
0

Re: Homepage changed to about:blank can't change back

Ok here's the log

Logfile of HijackThis v1.97.7
Scan saved at 11:32:26, on 20/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\START95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WINPPPOVERETHERNET.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\BACKUP PLUS\BACKTIME.EXE
C:\ARQUIVOS DE PROGRAMAS\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE
C:\ARQUIVOS DE PROGRAMAS\HIJACKTHIS\HIJACKTHIS.EXE

F1 - win.ini: run=HPFSCHED
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1.3\SDHELPER.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"
O4 - HKLM\..\Run: [cgipost] C:\Arquivos de programas\Registro Speedy\cgipost.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [z-WrDialer] C:\ARQUIVOS DE PROGRAMAS\SPEEDY\WrDialer.exe
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKLM\..\Run: [GbPluginBb] RunDll32.exe C:\WINDOWS\DOWNLO~1\GBIEH.DLL,Gbieh
O4 - HKLM\..\Run: [Tau Monitor] C:\ARQUIVOS DE PROGRAMAS\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\ARQUIVOS DE PROGRAMAS\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinConnection] C:\ARQUIVOS DE PROGRAMAS\WINCO\WINCONNECTION\start95.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ESDR.lnk = C:\Arquivos de programas\ESdr\ESDR.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Restart.exe
O4 - Startup: TIMED BACKUPS MANAGER STARTUP.LNK = C:\Arquivos de programas\Backup Plus\BackTime.exe
O4 - Startup: OPENOFFICE.ORG 1.1.0.LNK = C:\Arquivos de programas\OpenOffice.org1.1.0\program\quickstart.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\ARQUIVOS DE PROGRAMAS\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: &Google Search - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...814.6823611111
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorU...iveInstall.cab
O16 - DPF: {842E24F3-70BF-11D7-97CD-0080ADB93CB9} (NetTrader.NetTraderQuotes) - https://www10.bancodobrasil.com.br/d.../NetTrader.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kusagi is offline Offline
11 posts
since Jun 2004
Permalink
Jun 21st, 2004
0

Re: Homepage changed to about:blank can't change back

That looks clear now. Has the problem gone?
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Jun 25th, 2004
0

Re: Homepage changed to about:blank can't change back

Yes it's gone now. Thanks for the help.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kusagi is offline Offline
11 posts
since Jun 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: "C:\system32\bridge.dll module cannot be located" problem
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Almost rid of About:blank, but still something there





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC