Owen Please help with about blank Hijack this included

  1. 28-01-2005  #1
    addickted to charlton
    addickted to charlton is offline Newbie

    Owen Please help with about blank Hijack this included

    It seems looking at all the other postings that about blank is a real nuisance and 1 I have been trying to get rid of. We have Sophos installed, Spycatcher, spyferret, spybot etc. None of them seem to do what they claim although spycatcher did e-mail me asking to send a highjack listing, but have not come back since. We use endeavour for our home page but it keeps coming up with about blank and changing every time, also various Virus warning messages, although when we do a sweep with sophos, it says no virusus found.
    PLEASE PLEASE HELP. I have posted this earlier but no reply as yet, please forgive for posting again as desparate
    Attached is a copy of the Highjack info. We are on Windows XP

    Logfile of HijackThis v1.99.0
    Scan saved at 14:07:14, on 27/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Sophos\Remote Update\cachemgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\TapeWare\TWWINSDR.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\SpyCatcher\DeleteSatellite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sophos\Remote Update\imonitor.exe
    C:\Program Files\SpyCatcher\Protector.exe
    C:\Program Files\SpyCatcher\Scheduler daemon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis199Final[www.click-now.net]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.endeavour.co.uk/endeavour/logon.do
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Hilary\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.endeavour.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.endeavour.co.uk/endeavour/logon.do
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Hilary\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {37BE8082-C0D4-4E5A-B8C8-707822157905} - C:\WINDOWS\system32\cfcg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OLP-Tray] C:\PROGRA~1\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
    O4 - HKLM\..\Run: [SpyFerret] C:\Program Files\SpyFerret\sfrt.exe /updaterun O4 - HKLM\..\RunOnce: [SpyFerret] C:\Program Files\SpyFerret\sfrt.exe /autocheck O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 3.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Filter: text/html - {8C6EB047-D85E-4762-85B2-A8993EDC0CC6} - C:\WINDOWS\system32\cfcg.dll O18 - Filter: text/plain - {8C6EB047-D85E-4762-85B2-A8993EDC0CC6} - C:\WINDOWS\system32\cfcg.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Sophos Cache Manager - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: TapeWare - Unknown - C:\Program Files\TapeWare\TWWINSDR.EXE

    --------------------------------------------------------------------------------
    Last edited by addickted to charlton : Today at 06:54 PM.

  3. 28-01-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Duplicated thread. Thread locked.
Closed Thread
« Virus and About Blank problems | about:blank »