C:\WINNT3\system32\msblank.html as my homepage and cant be deleted - Harv120
Please could you help me?
C:\WINNT3\system32\msblank.html keeps on showing up as my homepage every time I load Internet Explorer. What do I need to do?
I have downloaded and updated Ad-aware SE personal and Spy-bot Search and destroy. Both have been run but i still is happening.
Any help would be very helpful.
Thank you
Logfile of HijackThis v1.99.1
Scan saved at 15:12:42, on 11/09/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT3\System32\smss.exe
C:\WINNT3\system32\winlogon.exe
C:\WINNT3\system32\services.exe
C:\WINNT3\system32\lsass.exe
C:\WINNT3\System32\Ati2evxx.exe
C:\WINNT3\system32\svchost.exe
C:\WINNT3\system32\spoolsv.exe
C:\WINNT3\System32\svchost.exe
C:\WINNT3\system32\regsvc.exe
C:\WINNT3\system32\MSTask.exe
C:\WINNT3\system32\stisvc.exe
C:\WINNT3\system32\ZoneLabs\vsmon.exe
C:\WINNT3\system32\Ati2evxx.exe
C:\WINNT3\Explorer.exe
C:\WINNT3\System32\WBEM\WinMgmt.exe
C:\WINNT3\System32\mspmspsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT3\System32\popcorn72.exe
C:\WINNT3\System32\gsicon.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT3\System32\msblank.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R3 - URLSearchHook: (no name) - {707F40FA-4C89-FE44-A0C9-588BA6F8BBCB} - MsNetHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {9401C07C-61CA-FA08-FF6C-4846E0E6479F} - C:\WINNT3\msia32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT3\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT3\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [gsicon] gsicon.exe
O4 - HKCU\..\Run: [Jetsoft Development Company AcBtnMgr] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKCU\..\Run: [Jetsoft Development Company ACMonitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKCU\..\Run: [Lexmark PrinTray] C:\WINNT3\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.95.218.83/users/sex/web/cool.chm::/on.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125521172106
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AAB79C5-A6B9-4964-9D49-4C5B6D0ED169}: NameServer = 195.95.218.3 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5F80BE2-806D-4D2E-8BD7-EB97005B7AE3}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 195.95.218.3,85.255.112.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT3\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT3\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT3\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT3\system32\ZoneLabs\vsmon.exe
C:\WINNT3\system32\msblank.html keeps on showing up as my homepage every time I load Internet Explorer. What do I need to do?
I have downloaded and updated Ad-aware SE personal and Spy-bot Search and destroy. Both have been run but i still is happening.
Any help would be very helpful.
Thank you
Logfile of HijackThis v1.99.1
Scan saved at 15:12:42, on 11/09/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT3\System32\smss.exe
C:\WINNT3\system32\winlogon.exe
C:\WINNT3\system32\services.exe
C:\WINNT3\system32\lsass.exe
C:\WINNT3\System32\Ati2evxx.exe
C:\WINNT3\system32\svchost.exe
C:\WINNT3\system32\spoolsv.exe
C:\WINNT3\System32\svchost.exe
C:\WINNT3\system32\regsvc.exe
C:\WINNT3\system32\MSTask.exe
C:\WINNT3\system32\stisvc.exe
C:\WINNT3\system32\ZoneLabs\vsmon.exe
C:\WINNT3\system32\Ati2evxx.exe
C:\WINNT3\Explorer.exe
C:\WINNT3\System32\WBEM\WinMgmt.exe
C:\WINNT3\System32\mspmspsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT3\System32\popcorn72.exe
C:\WINNT3\System32\gsicon.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT3\System32\msblank.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R3 - URLSearchHook: (no name) - {707F40FA-4C89-FE44-A0C9-588BA6F8BBCB} - MsNetHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {9401C07C-61CA-FA08-FF6C-4846E0E6479F} - C:\WINNT3\msia32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT3\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT3\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [gsicon] gsicon.exe
O4 - HKCU\..\Run: [Jetsoft Development Company AcBtnMgr] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKCU\..\Run: [Jetsoft Development Company ACMonitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKCU\..\Run: [Lexmark PrinTray] C:\WINNT3\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.95.218.83/users/sex/web/cool.chm::/on.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125521172106
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AAB79C5-A6B9-4964-9D49-4C5B6D0ED169}: NameServer = 195.95.218.3 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5F80BE2-806D-4D2E-8BD7-EB97005B7AE3}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 195.95.218.3,85.255.112.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT3\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT3\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT3\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT3\system32\ZoneLabs\vsmon.exe
0
This discussion has been closed.
Comments
Open "My Computer">click TOOLS>click FOLDER OPTIONS>click the "View" tab>tick "show hidden files and folders" and uncheck hide file extensions>click apply, ok and then exit.
Place a checkmark next to these entries and then click Fix Checked. Be sure you close all other open windows before proceeding:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT3\System32\msblank.html
O2 - BHO: Class - {9401C07C-61CA-FA08-FF6C-4846E0E6479F} - C:\WINNT3\msia32.dll (file missing)
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT3\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.95.218.83/users/sex/web/cool.chm::/on.exe
Delete these files or folders if they exist:
C:\WINNT3\System32\msblank.html
C:\WINNT3\msia32.dll
C:\WINNT3\System32\popcorn72.exe
Download the trial version of ewido security suite. Save the setup file to a convenient location. Run the setup file for ewido and then open it when setup is complete. Update ewido with the latest signatures. Run ewido and remove all infected objects.
Post a new log when finished.
I have made the changes and the problem has stopped although my internet is alot slower than usual and sometimes doesnt work at all. If you spot anything else wrong in this log please reply. Thanks again
Logfile of HijackThis v1.99.1
Scan saved at 16:38:52, on 15/09/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT3\System32\smss.exe
C:\WINNT3\system32\csrss.exe
C:\WINNT3\system32\winlogon.exe
C:\WINNT3\system32\services.exe
C:\WINNT3\system32\lsass.exe
C:\WINNT3\System32\Ati2evxx.exe
C:\WINNT3\system32\svchost.exe
C:\WINNT3\system32\spoolsv.exe
C:\WINNT3\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT3\system32\regsvc.exe
C:\WINNT3\system32\MSTask.exe
C:\WINNT3\system32\stisvc.exe
C:\WINNT3\system32\Ati2evxx.exe
C:\WINNT3\Explorer.exe
C:\WINNT3\System32\gsicon.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\WINNT3\System32\WBEM\WinMgmt.exe
C:\WINNT3\System32\mspmspsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - {707F40FA-4C89-FE44-A0C9-588BA6F8BBCB} - MsNetHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT3\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [gsicon] gsicon.exe
O4 - HKCU\..\Run: [Jetsoft Development Company AcBtnMgr] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKCU\..\Run: [Jetsoft Development Company ACMonitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKCU\..\Run: [Lexmark PrinTray] C:\WINNT3\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125521172106
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 69.50.161.131,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AAB79C5-A6B9-4964-9D49-4C5B6D0ED169}: NameServer = 69.50.161.131 85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5F80BE2-806D-4D2E-8BD7-EB97005B7AE3}: NameServer = 69.50.161.131,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 69.50.161.131,85.255.112.14
O17 - HKLM\System\CS3\Services\Tcpip\..\{1FA2204A-7B7C-4FB6-8AE0-F0EA4DCAB6CA}: NameServer = 69.50.161.131,85.255.112.14
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT3\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT3\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT3\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT3\system32\ZoneLabs\vsmon.exe