Jump to content


Photo

2 Topics Merged - What is this? - Duplicate Deleted...


  • Please log in to reply
4 replies to this topic

#1 Webbie

Webbie

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 24 May 2007 - 05:40 PM

Edit: Duplicate Topic deleted... Stick to 1 Topic per computer... If you start any more new topics for this problem, you will lose the privilege to post in this forum...


I'll try to give the short version and facts. New here and not a computer techie. Have a new computer with Vista and IE7. Work for a company from home
and sign on to a their siebel system. Previously had (have) a windows 98se put have used daughters xp. Had minor spyware long ago and use adaware weekly.
When starting on Vista this week I had a problem getting it to run on that company's software which I won't go into here, downloaded Java and problem solved.
But........ The other day started getting this about blank page anytime I entered something into their system and though it takes the info, I have to go around about
way to see it. It is not affecting anything else on my computer as far as I can tell (had not changed my home page) and if I hook up my 98 and go to their site it does
not do it-no about blank.The thing is a few days before when I was having the other problem I mentioned above I un did windows defender, firewall and pop blocker
(only about a day) plus put all my security settings to enable. Yesterday I downloaded adaware and ran it and had some critical but did not remove the aboutblank.
Tried cwshredder also and it did not. Downloaded Spybot which have never used before and it has came up with one entry in RED. My question is here is can I safely
remove it, as I said I am not familiar with spybot and don't want to remove anything that is needed.
Here is what it says.
Microsoft.Windows.security.internet explorer- 1 entry
HKey_USERS\1-5-21-1015622350-708935824.11...

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by Budfred, 25 May 2007 - 10:37 PM.


#2 Webbie

Webbie

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 25 May 2007 - 11:38 AM

I'll try to give the short version and facts. New here and not a computer techie. Have a new computer with Vista and IE7. Work for a company from home
and sign on to a their siebel system. Previously had (have) a windows 98se put have used daughters xp. Had minor spyware long ago and use adaware weekly.
When starting on Vista this week I had a problem getting it to run on that company's software which I won't go into here, downloaded Java and problem solved.
But........ The other day started getting this about blank page anytime I entered something into their system and though it takes the info, I have to go around about
way to see it. It is not affecting anything else on my computer as far as I can tell (had not changed my home page) and if I hook up my 98 and go to their site it does
not do it-no about blank.The thing is a few days before when I was having the other problem I mentioned above I un did windows defender, firewall and pop blocker
(only about a day) plus put all my security settings to enable. Yesterday I downloaded adaware and ran it and had some minor criticals but did not remove the aboutblank.
Tried cwshredder also and it did not. Downloaded Spybot which have never used before and it has came up with one entry in RED. So I deleted the entrie thinking that was it but no it is still doing it.
The thing is I have never downloaded their software as I said have a shortcut on my desktop and go
to their site but I even tried redoing the short cut with new web address and still it does it.
Just a aboutblank blank page comes up when I try to enter something on their site (which I have to do a lot) and when I sign on their appears to be a second sign on page underneath it after I enter it.
Don't understand why it is on their software only and why it doesn't do it on my 98 and never has for over a year. Any suggestions???? Have never used the HiJack this to get a log.

Webbie

Your duplicate topic has been merged here in your original. Please stay with this topic and do not open another. - Indrid_Cold

Edited by Indrid_Cold, 25 May 2007 - 05:10 PM.


#3 Webbie

Webbie

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 25 May 2007 - 07:00 PM

Ok didn't see it moved anywhere and I guess in goes in the removal forum but new here and not sure how to do that. Ran the HiJack This- first time so guess it's right. One thing before I copy it below is that a pop up came up on highjack this that said "For some reason you system denied write access to the host file and "If any highjacked domains are in the file hyjack this may not be able to fix it". Then I cllick out and
the report came up. It is below.

Logfile of HijackThis v1.99.1
Scan saved at 7:49:48 PM, on 5/25/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\EHTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Debbie J\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Edit: You were specifically asked NOT to start another topic and you chose to do so anyway... Do NOT do so again if you wish to post on this forum...

Edited by Budfred, 25 May 2007 - 10:35 PM.


#4 Webbie

Webbie

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 26 May 2007 - 09:25 PM

First of all I have been to the site a total of three times and since my post stated moved but showed nowhere except as a sticky at the top of this forum so after getting the needed information I posted another thread since it was not on any forum but as a sticky. In addition. I have never heard of a site that restricts you to post on only one forum. But please remove my registration information as I do not wish to be associated with someone of such erratic and rude behavior especially to someone that is new to the site as I am sure you will this. Ta Ta.

Edited by Webbie, 26 May 2007 - 09:27 PM.


#5 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 27 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button