Author Topic: About Blank  (Read 9520 times)

0 Members and 1 Guest are viewing this topic.

Offline rondlac

  • Jr. Member
  • **
  • Posts: 27
  • I'm a llama!
Re: About Blank
« Reply #15 on: January 28, 2005, 10:50:06 PM »
Eddy,
Did as directed: ran a scan, selected items called out in your analysis sheet, ran the 'fix' then ran another scan to review the results of the fix.  None of the 'fixed items' came back, got 4 new ones though and the computer problems are still there, maybe even a little bit stronger.  There are some sites I cannot get into, like locked out.  Internet maneuvering goes from slow to stop to 'I ain't gonna let you go there'.  Off line there doesn't seem to b a problem.  Any ideas?

rondlac
Compaq Presario 5660   
Pent II  450Mhz      
RAM: 384MB
OS: Win Me
Browsers: IE6 SP1, Firefox 1.0.3
Anti Virus: Avast 4.6 (Home Edition)
Email Client: Eudora 6.2

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85383
  • No support PMs thanks
Re: About Blank
« Reply #16 on: January 28, 2005, 11:32:06 PM »
Post a new hijacklog or use the on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline rondlac

  • Jr. Member
  • **
  • Posts: 27
  • I'm a llama!
Re: About Blank
« Reply #17 on: January 29, 2005, 06:24:19 AM »
DavidR,
Below is another HJT log.  I did an analysis myself but no fixes.  I found 4 nasty, 2 possible nasty and 1 unknown.
The 4 nasty speak for themselves, the 2 possible nasty: first one is R1-HKLM... I only use Netscape for the email and the second O14-IERESET.INF:... I have no idea what that is (aol did not make my computer).
When I took the action to fix the items in the analysis Eddy set to me I lost the JAVA from my Internet Explorer and tried to download a replacemet from Sun Microsystems and can't use it because my security settings are too high for ActiveX to be used.  The settings when changed keep going back to default.  Can I undo the last set of fixes? and How can I pick out the 'nasty' I fixed and caused the loss of JAVA?

Logfile of HijackThis v1.99.0
Scan saved at 11:42:58 PM, on 01/28/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\UTILITY DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

Compaq Presario 5660   
Pent II  450Mhz      
RAM: 384MB
OS: Win Me
Browsers: IE6 SP1, Firefox 1.0.3
Anti Virus: Avast 4.6 (Home Edition)
Email Client: Eudora 6.2

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85383
  • No support PMs thanks
Re: About Blank
« Reply #18 on: January 29, 2005, 02:17:06 PM »
You seem to be getting the hang of it now, most of the R0 or R1s can go unless you have specifically set them up.

Being an ME user you are limited to using IE6 SP1 and not the stronger 'Internet Explorer v6.00 SP2 (6.00.2900.2180)' as this can only be applied for WinXP SP2 users. This makes browsing with your current IE6 SP1 more vulnerable.

There is no real way round this other than upgrade your OS or try a browser that is a little more secure. The browser switch/try is the lessor of two evils, I would suggest you give firefox a try.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: About Blank
« Reply #19 on: January 29, 2005, 04:12:25 PM »
At least the system is clean now. So it is not malware causing the current problems.

Offline rondlac

  • Jr. Member
  • **
  • Posts: 27
  • I'm a llama!
Re: About Blank
« Reply #20 on: January 29, 2005, 08:00:47 PM »
Eddy,
Negative, not clean...nasties keep coming back, system is loaded with spyware & adware (243 entries-mostly registry), trojan is still there...hkey_current_user\software\accelerationsoftwareinternationalcorporation and browser is screwed up plenty.
I got the spyware & adware population data through a free pest scan from Zone Labs, yea, another item for the black list.  I went through your signature web site and learned a lot, however I'm a still a long way from home.  I need to clean out the crap and corruption that is still in my registry and repair IE.  I would prefer staying with IE for now, so much learning and too many changes would surely screw things up.
Removing the trojan is the first thing I need to learn how to do and registry clean up second.

rondlac
Compaq Presario 5660   
Pent II  450Mhz      
RAM: 384MB
OS: Win Me
Browsers: IE6 SP1, Firefox 1.0.3
Anti Virus: Avast 4.6 (Home Edition)
Email Client: Eudora 6.2

Offline rondlac

  • Jr. Member
  • **
  • Posts: 27
  • I'm a llama!
Re: About Blank
« Reply #21 on: January 29, 2005, 08:18:06 PM »
Eddy,
How do you register onto the HijackThis forum?  The registration form is in German.  I need it translated, my Favorites listing for the site that translates web sites was one of the items wiped out by the trojan.  Do you have any help?

rondlac
Compaq Presario 5660   
Pent II  450Mhz      
RAM: 384MB
OS: Win Me
Browsers: IE6 SP1, Firefox 1.0.3
Anti Virus: Avast 4.6 (Home Edition)
Email Client: Eudora 6.2