Tech Support Forum - View Single Post

tinusvr · 04-16-2005, 07:49 AM

Pancake thanks for the reply and help.

I carried out all the steps that you sugessted and it seems that with your help the about:blank problem is cleared.

This is the new Highjack this Analyzer file that I created after completing all the steps in your response.

Thanks all for the help and responses. Please let me know if I need to clear more entries.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:19:57 AM, on 4/16/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\IP VPN Remote Services\cvpnd.exe
C:\BOSSDE\DEClntNT.EXE
C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINNT\System32\RASLOGON.EXE
C:\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fabrics1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = f1aussm001.fabrics1.com:8002
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.bp.com;*.fabrics1.com;*.*.bp.com;*.*.*.bp.com;*.amoco.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX
O4 - HKLM\..\Run: [IBMPMSVC] C:\WINNT\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [iRAS Logon Tool Current User Settings] C:\Program Files\BP\iRAS\ACU.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [RASLogon] %SystemRoot%\System32\RASLOGON.EXE
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon
O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .dmn: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL
O12 - Plugin for .dmo: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL
O12 - Plugin for .dmu: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL
O14 - IERESET.INF: START_PAGE_URL=http://ffbunet.fabrics1.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwgc.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {6BF35011-3AE5-44D3-A8BB-73ED462A0BC0} (EZUploader Control) - http://www.ezprints.com/software/ezuploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fabrics1.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fabrics1.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fabrics1.com
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\System32\ccsrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\IP VPN Remote Services\cvpnd.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\CWShreder\CWShredder.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: BOSS DiagWin Client (DEClntService) - Unknown owner - C:\BOSSDE\DEClntNT.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Impact Server - 3C Software, Inc. - C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe

End of KRC HijackThis Analyzer Log.
====================================================================

04-16-2005, 07:49 AM	#5 (permalink)
tinusvr Registered User Join Date: Apr 2005 Posts: 9 OS: NT200	about:blank Broweser Highjacker New Log Pancake thanks for the reply and help. I carried out all the steps that you sugessted and it seems that with your help the about:blank problem is cleared. This is the new Highjack this Analyzer file that I created after completing all the steps in your response. Thanks all for the help and responses. Please let me know if I need to clear more entries. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 7:19:57 AM, on 4/16/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\Network ICE\BlackICE\blackd.exe C:\Program Files\IP VPN Remote Services\cvpnd.exe C:\BOSSDE\DEClntNT.EXE C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe C:\WINNT\System32\RASLOGON.EXE C:\HighJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fabrics1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = f1aussm001.fabrics1.com:8002 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .bp.com;.fabrics1.com;..bp.com;...bp.com;.amoco.com;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX O4 - HKLM\..\Run: [IBMPMSVC] C:\WINNT\System32\ibmpmsvc.exe -helper O4 - HKLM\..\Run: [iRAS Logon Tool Current User Settings] C:\Program Files\BP\iRAS\ACU.exe O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe" O4 - HKLM\..\Run: [RASLogon] %SystemRoot%\System32\RASLOGON.EXE O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll O12 - Plugin for .dmn: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O12 - Plugin for .dmo: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O12 - Plugin for .dmu: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O14 - IERESET.INF: START_PAGE_URL=http://ffbunet.fabrics1.com/ O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwgc.ops.placeware.com/etc/...uicksilver.cab O16 - DPF: {6BF35011-3AE5-44D3-A8BB-73ED462A0BC0} (EZUploader Control) - http://www.ezprints.com/software/ezuploader.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fabrics1.com O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\System32\ccsrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\IP VPN Remote Services\cvpnd.exe O23 - Service: CWShredder Service - InterMute, Inc. - C:\CWShreder\CWShredder.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: BOSS DiagWin Client (DEClntService) - Unknown owner - C:\BOSSDE\DEClntNT.EXE O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: Impact Server - 3C Software, Inc. - C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe End of KRC HijackThis Analyzer Log. ====================================================================