I will try to give the short version. Have a new computer(3 weeks) with Vista premium. Have a aboutblank spyware that I can not get rid of.
Problem is it is not affecting my personal home page but a home page of a site that I go to daily (siebel software that I use daily working for a company).
After signing on I get the see the aboutblank flash in my address bar- but it does not change the home page but when I select a option on the site a aboutblank
comes up and covers the page and is in my taskbar. Prior to the new computer used a win98 and it worked fine on the site- no about blank and I can go to
my 98 and use it and it does not do it-so it has to be on my computer and nothing to do with the site. It has not affected my bellsouth personal home page.
I have tried cwshredder, spybot, adaware and many others and it does not remove it.
I have enclosed the hijackthis scan. One other thing- on highjackthis when I select config- it says start up page aboutblank.
WebDeb
Logfile of HijackThis v1.99.1
Scan saved at 3:09:44 PM, on 6/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Debbie J\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AdwareAway - C:\Windows\SYSTEM32\ScanAtStartup.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
1
Hijackthis log included
Started by WebDeb, Jun 12 2007 05:16 AM
18 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 12 June 2007 - 12:54 PM
That version of hijackthis you have isn't really compatible with vista.
Please download this version here and post a log with it:
http://www.filehippo...oad_hijackthis/
Please download this version here and post a log with it:
http://www.filehippo...oad_hijackthis/
#3 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 12 June 2007 - 02:06 PM
Hello,
Ok enclosed is the new scan.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:04:29 AM, on 6/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Debbie J\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: AdwareAway - C:\Windows\SYSTEM32\ScanAtStartup.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7592 bytes
Ok enclosed is the new scan.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:04:29 AM, on 6/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Debbie J\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: AdwareAway - C:\Windows\SYSTEM32\ScanAtStartup.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7592 bytes
#4 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 12 June 2007 - 02:16 PM
You really need to get an antivirus on this computer.
AVG and Avast both have free versions of their programs that work with vista.
Download Superantispyware
AVG and Avast both have free versions of their programs that work with vista.
Download Superantispyware
- Load Superantispyware and click the check for updates button.
- Once the update is finished click the scan your computer button.
- Check Perform Complete Scan and then next.
- Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
- Make sure that they all have a check next to them and press next.
- Click finish and you will be taken back to the main interface.
- Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
- Copy and paste the log onto the forum.
#5 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 12 June 2007 - 05:18 PM
The log file is enclosed below but need to update you first- As far as anti virus goes yes I have planned to get one and did install Norton's at first but when I started having trouble I deleted it
because I then had heard some bad things about Norton's.
Also last night after my 1st post I ran ad aware which removed 250 entries and the one I just did removed 49. I had not ran any except specific in about a week. Always used ad aware on my 98 as years past had a lot but never did but a few later on but I also used easy cleaner and the registry cleaner but was always leery about it and then afraid to use it on Vista and not that knowledgeable with the registry.
One thing I just noticed is when I went on the site (started work at 12:00), I no longer have the about blank (first time in 2 weeks). However a window explorer pop up comes up and says (which has never) a window is trying to close and ask if I want it to.
Kind of makes me think it is still there.
Do you know how I can stop that pop up request.
Also, easy cleaner shows a whole lot of invalid registry entries that I don't know if I should delete.
I have never used CCleaner but would like to try the registry removal but am kind of afraid to use any. Is it safe?
Below is the scan log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/12/2007 at 12:15 PM
Application Version : 3.8.1002
Core Rules Database Version : 3252
Trace Rules Database Version: 1263
Scan type : Complete Scan
Total Scan Time : 00:32:00
Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 7364
Registry threats detected : 0
File items scanned : 58178
File threats detected : 49
Adware.Tracking Cookie
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@clickbank[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@tribalfusion[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@advertising[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@doubleclick[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@2o7[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@atdmt[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@bluestreak[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@tremor.adbureau[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@www.googleadservices[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@mediaplex[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@ad.m5prod[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@overture[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@zedo[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@ad1.m5-systems[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@revsci[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@3.adbrite[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@ad.m5prod[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@ad1.m5-systems[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@adopt.specificclick[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@ads.revsci[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@anad.tacoda[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@anat.tacoda[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@azjmp[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@burstnet[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@data3.perf.overture[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@i-sex-toy.blogspot[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@i.screensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@imrworldwide[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@interclick[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@popularscreensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@precisionclick[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@screensavers.funutilities[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@screensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@thetopscreensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@tracking.foxnews[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.3dstats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.burstbeacon[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[3].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[4].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[5].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.screensavers[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www1.addfreestats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www3.addfreestats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www5.addfreestats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www6.addfreestats[1].txt
C:\Users\Debbie Jackson\AppData\Roaming\Microsoft\Windows\Cookies\debbie_jackson@ad.m5prod[2].txt
C:\Users\Debbie Jackson\AppData\Roaming\Microsoft\Windows\Cookies\debbie_jackson@advertising[1].txt
because I then had heard some bad things about Norton's.
Also last night after my 1st post I ran ad aware which removed 250 entries and the one I just did removed 49. I had not ran any except specific in about a week. Always used ad aware on my 98 as years past had a lot but never did but a few later on but I also used easy cleaner and the registry cleaner but was always leery about it and then afraid to use it on Vista and not that knowledgeable with the registry.
One thing I just noticed is when I went on the site (started work at 12:00), I no longer have the about blank (first time in 2 weeks). However a window explorer pop up comes up and says (which has never) a window is trying to close and ask if I want it to.
Kind of makes me think it is still there.
Do you know how I can stop that pop up request.
Also, easy cleaner shows a whole lot of invalid registry entries that I don't know if I should delete.
I have never used CCleaner but would like to try the registry removal but am kind of afraid to use any. Is it safe?
Below is the scan log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/12/2007 at 12:15 PM
Application Version : 3.8.1002
Core Rules Database Version : 3252
Trace Rules Database Version: 1263
Scan type : Complete Scan
Total Scan Time : 00:32:00
Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 7364
Registry threats detected : 0
File items scanned : 58178
File threats detected : 49
Adware.Tracking Cookie
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@clickbank[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@tribalfusion[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@advertising[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@doubleclick[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@2o7[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@atdmt[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@bluestreak[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@tremor.adbureau[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@www.googleadservices[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@mediaplex[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@ad.m5prod[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@overture[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@zedo[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@ad1.m5-systems[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\debbie_j@revsci[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@3.adbrite[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@ad.m5prod[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@ad1.m5-systems[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@adopt.specificclick[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@ads.revsci[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@anad.tacoda[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@anat.tacoda[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@azjmp[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@burstnet[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@data3.perf.overture[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@i-sex-toy.blogspot[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@i.screensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@imrworldwide[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@interclick[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@popularscreensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@precisionclick[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@screensavers.funutilities[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@screensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@thetopscreensavers[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@tracking.foxnews[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.3dstats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.burstbeacon[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[3].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[4].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.googleadservices[5].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www.screensavers[2].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www1.addfreestats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www3.addfreestats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www5.addfreestats[1].txt
C:\Users\Debbie J\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie_j@www6.addfreestats[1].txt
C:\Users\Debbie Jackson\AppData\Roaming\Microsoft\Windows\Cookies\debbie_jackson@ad.m5prod[2].txt
C:\Users\Debbie Jackson\AppData\Roaming\Microsoft\Windows\Cookies\debbie_jackson@advertising[1].txt
#6 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 12 June 2007 - 06:00 PM
Stay away from registry cleaners. They often cause more problems then they fix.
The issues cleaner is in CCleaner has been very safe though and I use it all the time. Easy Cleaner while a decent program the registry cleaner seems pretty aggresive.
Nothing was found in that spyware scan except tracking cookies which are nothing to worry about.
I'm starting to think your problem may be more of an incompatibility or settings error with internet explorer then anything.
Open hijackthis and run a system scan. Then check off the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Check the below one only if you didn't add it:
O1 - Hosts: ::1 localhost
Then press "fix checked" and exit hijackthis.
---------
Then open Internet Explorer and go to tools>internet options> advanced> and press Reset.
This will set change everything in the browser back to default.
Let me know if it fixes it.
----------
Some people are saying the new norton 2007 is better then the old versions. I haven't tried it and probably wont.
If your using anything before 2007 I wouldn't bother and to be honest I would pick one of the free AV's above norton any day. But that choice is of course yours.
Any AV is better then no AV.
The issues cleaner is in CCleaner has been very safe though and I use it all the time. Easy Cleaner while a decent program the registry cleaner seems pretty aggresive.
Nothing was found in that spyware scan except tracking cookies which are nothing to worry about.
I'm starting to think your problem may be more of an incompatibility or settings error with internet explorer then anything.
Open hijackthis and run a system scan. Then check off the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Check the below one only if you didn't add it:
O1 - Hosts: ::1 localhost
Then press "fix checked" and exit hijackthis.
---------
Then open Internet Explorer and go to tools>internet options> advanced> and press Reset.
This will set change everything in the browser back to default.
Let me know if it fixes it.
----------
Some people are saying the new norton 2007 is better then the old versions. I haven't tried it and probably wont.
If your using anything before 2007 I wouldn't bother and to be honest I would pick one of the free AV's above norton any day. But that choice is of course yours.
Any AV is better then no AV.
#7 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 12 June 2007 - 07:35 PM
Ok, I haven't ran the hijack yet but will since I am working have to do this in between.
Regarding it being a compatible issue -I had first thought that but talked to several people
at Siebel when I first had the problem and they told me that they were compatible with Vista
and IE7 but had a problem early on. The thing is though it did not change their home page to another site just that a about blank page did come up and it would take over any open tab I had in the toolbar. It also did not let the form I was entering enter right.- But it is now. Odd because the only things that were removed since I worked on it yesterday was cookies from ad aware and then those from Superantispyware and I had used ad aware about 4 days ago and then it removed cookies also but the next day the aboutblank was still there. Don't know what was done to make it go away but it has.
I was messing around with the user control last night and started to use a standard control but change my mind as I am not certain which is best. But I suppose the superantispyware could of found a cookie that adaware and sypbot didn't. I did originally think it was a securtiy issue but was told aboutblank is spyware.
But that pop up is now comming up saying a page is trying to enter and do I want to allow it- if I click yes it does normal-right, it's just annoying.
I will try to do the hijack removal as soon as possible and post back.
Debweb
Regarding it being a compatible issue -I had first thought that but talked to several people
at Siebel when I first had the problem and they told me that they were compatible with Vista
and IE7 but had a problem early on. The thing is though it did not change their home page to another site just that a about blank page did come up and it would take over any open tab I had in the toolbar. It also did not let the form I was entering enter right.- But it is now. Odd because the only things that were removed since I worked on it yesterday was cookies from ad aware and then those from Superantispyware and I had used ad aware about 4 days ago and then it removed cookies also but the next day the aboutblank was still there. Don't know what was done to make it go away but it has.
I was messing around with the user control last night and started to use a standard control but change my mind as I am not certain which is best. But I suppose the superantispyware could of found a cookie that adaware and sypbot didn't. I did originally think it was a securtiy issue but was told aboutblank is spyware.
But that pop up is now comming up saying a page is trying to enter and do I want to allow it- if I click yes it does normal-right, it's just annoying.
I will try to do the hijack removal as soon as possible and post back.
Debweb
#8 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 12 June 2007 - 07:55 PM
About blank isn't always spyware. It was a sign of an old infection from years ago but its not that common anymore.
If you open any browser and type in about:blank you just get a blank page. I think I have figured out what the issue was though.
IE7 has security functions that older versions do not. I think it was just blocking whatever it was you needed it to do.(which is why when you said allow, the pages load up fine.) Also IE7 has tabs which will open as about:blank if you don't tell it to do otherwise in tools>internet options>tabs- settings> you can change new tabs to open your home page.
IE7 can be a funky browser if your not used to it. Maybe you should try firefox. Its a little closer function wise at default to the older versions of IE.(but it is very customizable and can do everything IE7 can and more) It may just give you less grief:
http://www.mozilla.com/en-US/firefox/
It has cool features like spell checking, extensions(add ons that really make the browser great), themes(change the appearance, tabs(like IE7) and much more. Its worth the try if you haven't ever used it before.
Also the things I had you do will reset your homepage and everything. So don't freak out if it opens about:blank.
If you open any browser and type in about:blank you just get a blank page. I think I have figured out what the issue was though.
IE7 has security functions that older versions do not. I think it was just blocking whatever it was you needed it to do.(which is why when you said allow, the pages load up fine.) Also IE7 has tabs which will open as about:blank if you don't tell it to do otherwise in tools>internet options>tabs- settings> you can change new tabs to open your home page.
IE7 can be a funky browser if your not used to it. Maybe you should try firefox. Its a little closer function wise at default to the older versions of IE.(but it is very customizable and can do everything IE7 can and more) It may just give you less grief:
http://www.mozilla.com/en-US/firefox/
It has cool features like spell checking, extensions(add ons that really make the browser great), themes(change the appearance, tabs(like IE7) and much more. Its worth the try if you haven't ever used it before.
Also the things I had you do will reset your homepage and everything. So don't freak out if it opens about:blank.
#9 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 13 June 2007 - 03:39 AM
Hello,
Well I deleted all the things you listed for highjack this and then reset the security in IE. I did have a problem because (different one that I had originally) but solved it
as I forgot I had listed their site on the allow pop up in IE. I went back to the site and it is working right.
I understand what you are saying about the security in IE7 and that could of caused the about blank but the only thing is as I said it has been doing it up until
today for almost 2 weeks and was yesterday. I was trying to think and the only things I did from the time it was there and was not was run ad aware and then
the program you gave superantispyware, other than I did create a standard user account for myself but decided to continue using the administrator one.
That is the thing I dis like about Vista- too many little things that I don't understand and really don't see any advantage to them. I did use foxfire for a while
on my old computer and agree it is much better as I never had spyware when I used it but unfortunally IE is one of the requirements of the job and that site.
Well I don't know if the superantispyware solved the problem or not as I assume it could of been a cookie attached to that site. But I do want to Thank You for
your help and time- greatly appreciated. I have had Vista and new computer for just over three weeks and it has been one thing or another and the aboutblank
was making me crazy since I have to use that site daily. Hopefully it will stay fixed.
Thanks again,
WebDeb
Well I deleted all the things you listed for highjack this and then reset the security in IE. I did have a problem because (different one that I had originally) but solved it
as I forgot I had listed their site on the allow pop up in IE. I went back to the site and it is working right.
I understand what you are saying about the security in IE7 and that could of caused the about blank but the only thing is as I said it has been doing it up until
today for almost 2 weeks and was yesterday. I was trying to think and the only things I did from the time it was there and was not was run ad aware and then
the program you gave superantispyware, other than I did create a standard user account for myself but decided to continue using the administrator one.
That is the thing I dis like about Vista- too many little things that I don't understand and really don't see any advantage to them. I did use foxfire for a while
on my old computer and agree it is much better as I never had spyware when I used it but unfortunally IE is one of the requirements of the job and that site.
Well I don't know if the superantispyware solved the problem or not as I assume it could of been a cookie attached to that site. But I do want to Thank You for
your help and time- greatly appreciated. I have had Vista and new computer for just over three weeks and it has been one thing or another and the aboutblank
was making me crazy since I have to use that site daily. Hopefully it will stay fixed.
Thanks again,
WebDeb
#10 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 13 June 2007 - 03:50 AM
Well sorry I couldn't give you a more definite solution but at least its fixed.
If you have any problems in the future don't hesitate to come back.
If you have any problems in the future don't hesitate to come back.
#11 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 19 June 2007 - 10:52 PM
Here we go again........ It stayed gone for a day or two (though not certain) but is now doing same thing
only a little different. It is now also showing up in my address bar when I change pages from just about
any site, were before it was just on the site I use for employment.
For instance if I google something and click on a site the aboutblank flashes in my address bar before
it goes to the site. Yet I can be on bellsouth home page and click a link and it does not do it.
I have ran the superantispyware program again a few times and noticed that a couple of times a prompt has
came up when I opened it saying a aboutblank is trying to change your home page and do I want to allow it.
I also re ran the hijack this and re deleted the things that was listed below for me to delete as they were
again on there. But I reran it again today and only 2 of them came back yet it is still doing it.
Also, if I go to internet options my home page says current is bellsouth (which I use) the default says msn
but then if I click on blank page it says aboutblank. Have tried to delete that many times and it won't.
I also un enabled the tab browsing long ago.
Really confused and frustrated on what this is. As I said before I had heard IE settings can cause a aboutblank
page but this just appears as though it is the spyware Trojan though I have ran so many different ones to get
rid of it, without success. Any other suggestions?
WebDeb
only a little different. It is now also showing up in my address bar when I change pages from just about
any site, were before it was just on the site I use for employment.
For instance if I google something and click on a site the aboutblank flashes in my address bar before
it goes to the site. Yet I can be on bellsouth home page and click a link and it does not do it.
I have ran the superantispyware program again a few times and noticed that a couple of times a prompt has
came up when I opened it saying a aboutblank is trying to change your home page and do I want to allow it.
I also re ran the hijack this and re deleted the things that was listed below for me to delete as they were
again on there. But I reran it again today and only 2 of them came back yet it is still doing it.
Also, if I go to internet options my home page says current is bellsouth (which I use) the default says msn
but then if I click on blank page it says aboutblank. Have tried to delete that many times and it won't.
I also un enabled the tab browsing long ago.
Really confused and frustrated on what this is. As I said before I had heard IE settings can cause a aboutblank
page but this just appears as though it is the spyware Trojan though I have ran so many different ones to get
rid of it, without success. Any other suggestions?
WebDeb
#12 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 19 June 2007 - 11:06 PM
Right click your copy of hijackthis and click rename. Then change the name to cc.
Then create a new hijackthis log and post it.
Then create a new hijackthis log and post it.
#13 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 20 June 2007 - 12:00 AM
Hear it is.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:59:30 PM, on 6/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Debbie J\Desktop\cc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://mx.olpgroup.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7160 bytes
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:59:30 PM, on 6/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Debbie J\Desktop\cc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://mx.olpgroup.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7160 bytes
#14 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 20 June 2007 - 12:38 AM
I don't know what the problem is but I don't think its spyware. Your log is clean.
Did you try disabling the user account control feature of vista?
Did you try disabling the user account control feature of vista?
#15 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 20 June 2007 - 03:11 AM
No I started to but have not done that. As I said under interntet options-home page-use blank it says aboutblank, do you know how that can be deleted?
Also in Highjackthis RO search assistant and RO custom search is 2 of the ones you had me delete before that came back- why?
WebDeb
Also in Highjackthis RO search assistant and RO custom search is 2 of the ones you had me delete before that came back- why?
WebDeb
#16 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 20 June 2007 - 03:13 AM
Those are settings for internet explorer(they will come back no matter what you do)
try disabling UAC and let me know if it still happens.
try disabling UAC and let me know if it still happens.
#17 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 20 June 2007 - 03:42 AM
Well I disabled the UAC and it is now NOT doing it. Checked the site that I use and it is not there now either.
That good but why would that be and is that suppose to be disabled-will it hurt anything?
I did notice that under use blank aboutblank is sill listed though, does that mean it is still there and this is
a work around?
That good but why would that be and is that suppose to be disabled-will it hurt anything?
I did notice that under use blank aboutblank is sill listed though, does that mean it is still there and this is
a work around?
#18 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 20 June 2007 - 03:46 AM
Like I said from the beginning I dont know anything about vista. I just know what I've read from various complaints.
UAC is basically security related.(keeps you from running with admin privileges all the time to avoid viruses, ect.) Most people I know have said they disabled it to avoid various annoyances from having to log in to everything they do.
Maybe its a security feature in IE7 related to UAC? Just play around with the settings and let me know if you figure it out.
UAC is basically security related.(keeps you from running with admin privileges all the time to avoid viruses, ect.) Most people I know have said they disabled it to avoid various annoyances from having to log in to everything they do.
Maybe its a security feature in IE7 related to UAC? Just play around with the settings and let me know if you figure it out.
#19 OFFLINE
-
- Members
-
- 10 posts
Member
Posted 20 June 2007 - 04:39 AM
Well unfortunately I don't know much about Vista either but what I do know if comparing to xp is that the things they have
added to Vista are not beneficial to the normal user. Just moved things around and added more clutter just to make it annoying.
This was my thought before this problem even started.
Well thanks and I will let you know if I ever find out what actually caused it.
WebDeb
added to Vista are not beneficial to the normal user. Just moved things around and added more clutter just to make it annoying.
This was my thought before this problem even started.
Well thanks and I will let you know if I ever find out what actually caused it.
WebDeb
