HijackThis problem

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Greetings all,

Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM

Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
when I launch this it opens the splash screen.
If I hit on the top option 'Do Scan & Save Logfile' the process starts but
the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
enumeration " overprinted in Red. (I do have various bank URLs in my IE
Trusted Zone).

Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
Task' I can then continue.

All other applications seem to work fine, no virus detected (by f-prot),
ad-aware & spybot reports 'alexa' otherwise clear.

I have not submitted the HJT Logfile because, although it is produced, it is
blank (size 0 bytes).

Any ideas?

Rednelle
25 answers Last reply
More about hijackthis problem
  1. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Instead of choosing the option to "Do Scan and save logfile", try the option to just
    open the program; then just do a scan, and see if that works. If it does, then save
    a logfile when done.
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > Greetings all,
    >
    > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
    >
    > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
    > when I launch this it opens the splash screen.
    > If I hit on the top option 'Do Scan & Save Logfile' the process starts but
    > the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
    > enumeration " overprinted in Red. (I do have various bank URLs in my IE
    > Trusted Zone).
    >
    > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
    > Task' I can then continue.
    >
    > All other applications seem to work fine, no virus detected (by f-prot),
    > ad-aware & spybot reports 'alexa' otherwise clear.
    >
    > I have not submitted the HJT Logfile because, although it is produced, it is
    > blank (size 0 bytes).
    >
    > Any ideas?
    >
    > Rednelle
    >
    >
    >
  2. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    HijackThis Tutorial:
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > Greetings all,
    >
    > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
    >
    > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
    > when I launch this it opens the splash screen.
    > If I hit on the top option 'Do Scan & Save Logfile' the process starts but
    > the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
    > enumeration " overprinted in Red. (I do have various bank URLs in my IE
    > Trusted Zone).
    >
    > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
    > Task' I can then continue.
    >
    > All other applications seem to work fine, no virus detected (by f-prot),
    > ad-aware & spybot reports 'alexa' otherwise clear.
    >
    > I have not submitted the HJT Logfile because, although it is produced, it is
    > blank (size 0 bytes).
    >
    > Any ideas?
    >
    > Rednelle
    >
    >
    >
  3. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Glen,

    Thanks for both your responses.

    Launching HJT, just to scan, produced the same result as before -
    application freeze in O15 section.
    I read your tutorial, O15 section, looked at the 4 HighKeys, and found
    hundreds of entries under Domains and Ranges.
    As an experiment, after saving the old .reg file, I deleted them all - and
    then ran HJT. HJT worked as advertised.
    Logfile 7K posted separately, for expert analysis.

    Thanks for your help thus far.

    Rednelle

    "glee" <glee29@spamindspring.com> wrote in message
    news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > HijackThis Tutorial:
    > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > http://dts-l.org/goodpost.htm
    >
    >
    > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > Greetings all,
    > >
    > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
    > >
    > > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe
    and
    > > when I launch this it opens the splash screen.
    > > If I hit on the top option 'Do Scan & Save Logfile' the process starts
    but
    > > the blue progress bar stops at about 95% travel with " O15 - Trusted
    Zone
    > > enumeration " overprinted in Red. (I do have various bank URLs in my IE
    > > Trusted Zone).
    > >
    > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
    > > Task' I can then continue.
    > >
    > > All other applications seem to work fine, no virus detected (by f-prot),
    > > ad-aware & spybot reports 'alexa' otherwise clear.
    > >
    > > I have not submitted the HJT Logfile because, although it is produced,
    it is
    > > blank (size 0 bytes).
    > >
    > > Any ideas?
    > >
    > > Rednelle
    > >
    > >
    > >
    >
  4. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    What you probably found, under the Domains sub-key in the Registry, were Restricted
    sites, which AFAIK Hijack This does not look at. It is the entries under Ranges
    that would contain the Trusted Zone sites:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings\ZoneMap\Ranges
    and possibly
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings\ZoneMap\Ranges

    You can safely delete entries from Ranges, as there is no pressing need to have any
    site in Trusted Zone....if needed, you can manually add sites through IE> Tools
    menu> Security tab. Some find it helpful to add sites like Windows Update to the
    Trusted Zone.

    Was the Ranges key very large?

    Out of curiosity, where did you post you HJ log?
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > Glen,
    >
    > Thanks for both your responses.
    >
    > Launching HJT, just to scan, produced the same result as before -
    > application freeze in O15 section.
    > I read your tutorial, O15 section, looked at the 4 HighKeys, and found
    > hundreds of entries under Domains and Ranges.
    > As an experiment, after saving the old .reg file, I deleted them all - and
    > then ran HJT. HJT worked as advertised.
    > Logfile 7K posted separately, for expert analysis.
    >
    > Thanks for your help thus far.
    >
    > Rednelle
    >
    > "glee" <glee29@spamindspring.com> wrote in message
    > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > HijackThis Tutorial:
    > > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    > > --
    > > Glen Ventura, MS MVP Shell/User, A+
    > > http://dts-l.org/goodpost.htm
    > >
    > >
    > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > Greetings all,
    > > >
    > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
    > > >
    > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe
    > and
    > > > when I launch this it opens the splash screen.
    > > > If I hit on the top option 'Do Scan & Save Logfile' the process starts
    > but
    > > > the blue progress bar stops at about 95% travel with " O15 - Trusted
    > Zone
    > > > enumeration " overprinted in Red. (I do have various bank URLs in my IE
    > > > Trusted Zone).
    > > >
    > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
    > > > Task' I can then continue.
    > > >
    > > > All other applications seem to work fine, no virus detected (by f-prot),
    > > > ad-aware & spybot reports 'alexa' otherwise clear.
    > > >
    > > > I have not submitted the HJT Logfile because, although it is produced,
    > it is
    > > > blank (size 0 bytes).
    > > >
    > > > Any ideas?
    > > >
    > > > Rednelle
    > > >
    > > >
    > > >
    > >
    >
    >
  5. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    glee says...

    > What you probably found, under the Domains sub-key in
    > the Registry, were Restricted sites, which AFAIK Hijack
    > This does not look at. It is the entries under Ranges
    > that would contain the Trusted Zone sites:
    > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
    > ion\Internet Settings\ZoneMap\Ranges
    > and possibly
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
    > sion\Internet Settings\ZoneMap\Ranges

    > You can safely delete entries from Ranges, as there is
    > no pressing need to have any site in Trusted Zone....if
    > needed, you can manually add sites through IE> Tools
    > menu> Security tab. Some find it helpful to add sites
    > like Windows Update to the Trusted Zone.

    Until recently I've been running IE 5.5, and used the
    Trusted Zone for specific sites for which I wanted to allow
    persistent cookies. The security level was set to Medium
    just like the Internet Zone, so the only difference was
    cookies. Now with IE6 I may have to do it differently,
    but...

    My HJT log includes one Range entry along with the list of
    named sites I had entered:

    O15 - Trusted IP range: http://207.211.39.119

    Doing a reverse lookup on this, I find nothing. Of course I
    can just delete it, but now I'm curious. In fact, this IP
    does not show up in the list of trusted sites I see in
    Tools/Security.

    Any way to tell who this is, or how it got there? Does this
    mean I've been keylogged from the beginning? :-)
  6. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Go here:
    http://www.aumha.org/search.htm
    and in the upper right of the page, put in the IP address in the AumHa Whois Search
    box (just the number, without the http)

    For 207.211.39.119 it reports:

    OrgName: ClearBlue Technologies
    OrgID: CLEAR-1
    Address: 125 Elwood Davis Road
    City: Syracuse
    StateProv: NY
    PostalCode: 13219
    Country: US
    NetRange: 207.211.0.0 - 207.211.255.255
    CIDR: 207.211.0.0/16
    NetName: APPLIEDT-207-211
    NetHandle: NET-207-211-0-0-1
    Parent: NET-207-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.APPLIEDTHEORY.COM
    NameServer: NS2.APPLIEDTHEORY.COM
    NameServer: NS3.APPLIEDTHEORY.COM
    Comment:
    RegDate:
    Updated: 2002-09-06
    TechHandle: NDA5-ARIN
    TechName: DNS Administration
    TechPhone: 1-315-453-2912
    TechEmail: Hostmaster@appliedtheory.com
    OrgTechHandle: HOSTM2-ARIN
    OrgTechName: Hostmaster
    OrgTechPhone: 1-315-453-2912
    OrgTechEmail: hostmaster@clearblue.com
    ARIN WHOIS database last updated 2005-07-14 19: 10
    Enter ? for additional hints on searching ARIN's WHOIS database.
    </paste>
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
    news:Q7PCe.64883$R21.9027@lakeread06...
    > glee says...
    >
    > > What you probably found, under the Domains sub-key in
    > > the Registry, were Restricted sites, which AFAIK Hijack
    > > This does not look at. It is the entries under Ranges
    > > that would contain the Trusted Zone sites:
    > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
    > > ion\Internet Settings\ZoneMap\Ranges
    > > and possibly
    > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
    > > sion\Internet Settings\ZoneMap\Ranges
    >
    > > You can safely delete entries from Ranges, as there is
    > > no pressing need to have any site in Trusted Zone....if
    > > needed, you can manually add sites through IE> Tools
    > > menu> Security tab. Some find it helpful to add sites
    > > like Windows Update to the Trusted Zone.
    >
    > Until recently I've been running IE 5.5, and used the
    > Trusted Zone for specific sites for which I wanted to allow
    > persistent cookies. The security level was set to Medium
    > just like the Internet Zone, so the only difference was
    > cookies. Now with IE6 I may have to do it differently,
    > but...
    >
    > My HJT log includes one Range entry along with the list of
    > named sites I had entered:
    >
    > O15 - Trusted IP range: http://207.211.39.119
    >
    > Doing a reverse lookup on this, I find nothing. Of course I
    > can just delete it, but now I'm curious. In fact, this IP
    > does not show up in the list of trusted sites I see in
    > Tools/Security.
    >
    > Any way to tell who this is, or how it got there? Does this
    > mean I've been keylogged from the beginning? :-)
    >
    >
  7. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Thanks for the info. None of that rings a bell, and google doesn't
    help. So I'll just delete it.

    glee says...
    >
    >
    >Go here:
    >http://www.aumha.org/search.htm
    >and in the upper right of the page, put in the IP address in the
    AumHa Whois
    >Search
    >box (just the number, without the http)
    >
    >For 207.211.39.119 it reports:
    >
    > OrgName: ClearBlue Technologies
    > OrgID: CLEAR-1
    > Address: 125 Elwood Davis Road
    > City: Syracuse
    > StateProv: NY
    > PostalCode: 13219
    > Country: US
    > NetRange: 207.211.0.0 - 207.211.255.255
    > CIDR: 207.211.0.0/16
    > NetName: APPLIEDT-207-211
    > NetHandle: NET-207-211-0-0-1
    > Parent: NET-207-0-0-0-0
    > NetType: Direct Allocation
    > NameServer: NS1.APPLIEDTHEORY.COM
    > NameServer: NS2.APPLIEDTHEORY.COM
    > NameServer: NS3.APPLIEDTHEORY.COM
    > Comment:
    > RegDate:
    > Updated: 2002-09-06
    > TechHandle: NDA5-ARIN
    > TechName: DNS Administration
    > TechPhone: 1-315-453-2912
    > TechEmail: Hostmaster@appliedtheory.com
    > OrgTechHandle: HOSTM2-ARIN
    > OrgTechName: Hostmaster
    > OrgTechPhone: 1-315-453-2912
    > OrgTechEmail: hostmaster@clearblue.com
    > ARIN WHOIS database last updated 2005-07-14 19: 10
    > Enter ? for additional hints on searching ARIN's WHOIS database.
    ></paste>
    >--
    >Glen Ventura, MS MVP Shell/User, A+
    >http://dts-l.org/goodpost.htm
    >
    >
    >"Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
    >news:Q7PCe.64883$R21.9027@lakeread06...
    >> glee says...
    >>
    >> > What you probably found, under the Domains sub-key in
    >> > the Registry, were Restricted sites, which AFAIK Hijack
    >> > This does not look at. It is the entries under Ranges
    >> > that would contain the Trusted Zone sites:
    >> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
    >> > ion\Internet Settings\ZoneMap\Ranges
    >> > and possibly
    >> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
    >> > sion\Internet Settings\ZoneMap\Ranges
    >>
    >> > You can safely delete entries from Ranges, as there is
    >> > no pressing need to have any site in Trusted Zone....if
    >> > needed, you can manually add sites through IE> Tools
    >> > menu> Security tab. Some find it helpful to add sites
    >> > like Windows Update to the Trusted Zone.
    >>
    >> Until recently I've been running IE 5.5, and used the
    >> Trusted Zone for specific sites for which I wanted to allow
    >> persistent cookies. The security level was set to Medium
    >> just like the Internet Zone, so the only difference was
    >> cookies. Now with IE6 I may have to do it differently,
    >> but...
    >>
    >> My HJT log includes one Range entry along with the list of
    >> named sites I had entered:
    >>
    >> O15 - Trusted IP range: http://207.211.39.119
    >>
    >> Doing a reverse lookup on this, I find nothing. Of course I
    >> can just delete it, but now I'm curious. In fact, this IP
    >> does not show up in the list of trusted sites I see in
    >> Tools/Security.
    >>
    >> Any way to tell who this is, or how it got there? Does this
    >> mean I've been keylogged from the beginning? :-)
    >>
    >>
    >
  8. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Using Google, I managed to come up with a couple of dead links which
    formerly arrived at a couple of different online forums.

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "glee" <glee29@spamindspring.com> wrote in message
    news:eTjvzr6iFHA.1048@tk2msftngp13.phx.gbl...
    > Go here:
    > http://www.aumha.org/search.htm
    > and in the upper right of the page, put in the IP address in the AumHa
    > Whois Search
    > box (just the number, without the http)
    >
    > For 207.211.39.119 it reports:
    >
    > OrgName: ClearBlue Technologies
    > OrgID: CLEAR-1
    > Address: 125 Elwood Davis Road
    > City: Syracuse
    > StateProv: NY
    > PostalCode: 13219
    > Country: US
    > NetRange: 207.211.0.0 - 207.211.255.255
    > CIDR: 207.211.0.0/16
    > NetName: APPLIEDT-207-211
    > NetHandle: NET-207-211-0-0-1
    > Parent: NET-207-0-0-0-0
    > NetType: Direct Allocation
    > NameServer: NS1.APPLIEDTHEORY.COM
    > NameServer: NS2.APPLIEDTHEORY.COM
    > NameServer: NS3.APPLIEDTHEORY.COM
    > Comment:
    > RegDate:
    > Updated: 2002-09-06
    > TechHandle: NDA5-ARIN
    > TechName: DNS Administration
    > TechPhone: 1-315-453-2912
    > TechEmail: Hostmaster@appliedtheory.com
    > OrgTechHandle: HOSTM2-ARIN
    > OrgTechName: Hostmaster
    > OrgTechPhone: 1-315-453-2912
    > OrgTechEmail: hostmaster@clearblue.com
    > ARIN WHOIS database last updated 2005-07-14 19: 10
    > Enter ? for additional hints on searching ARIN's WHOIS database.
    > </paste>
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > http://dts-l.org/goodpost.htm
    >
    >
    > "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
    > news:Q7PCe.64883$R21.9027@lakeread06...
    >> glee says...
    >>
    >> > What you probably found, under the Domains sub-key in
    >> > the Registry, were Restricted sites, which AFAIK Hijack
    >> > This does not look at. It is the entries under Ranges
    >> > that would contain the Trusted Zone sites:
    >> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
    >> > ion\Internet Settings\ZoneMap\Ranges
    >> > and possibly
    >> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
    >> > sion\Internet Settings\ZoneMap\Ranges
    >>
    >> > You can safely delete entries from Ranges, as there is
    >> > no pressing need to have any site in Trusted Zone....if
    >> > needed, you can manually add sites through IE> Tools
    >> > menu> Security tab. Some find it helpful to add sites
    >> > like Windows Update to the Trusted Zone.
    >>
    >> Until recently I've been running IE 5.5, and used the
    >> Trusted Zone for specific sites for which I wanted to allow
    >> persistent cookies. The security level was set to Medium
    >> just like the Internet Zone, so the only difference was
    >> cookies. Now with IE6 I may have to do it differently,
    >> but...
    >>
    >> My HJT log includes one Range entry along with the list of
    >> named sites I had entered:
    >>
    >> O15 - Trusted IP range: http://207.211.39.119
    >>
    >> Doing a reverse lookup on this, I find nothing. Of course I
    >> can just delete it, but now I'm curious. In fact, this IP
    >> does not show up in the list of trusted sites I see in
    >> Tools/Security.
    >>
    >> Any way to tell who this is, or how it got there? Does this
    >> mean I've been keylogged from the beginning? :-)
    >>
    >>
    >
  9. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Glen,

    The HKCU Ranges key was large. I realise now that I was probably looking at
    entries put there by (me) / IE_SPYAD.

    I posted the HJT logfile to 'bleepingcomputer' but there has been no reply -
    probably because of some mistake I made.

    I'll try and send you a copy of the HJT file; what remains doesn't look
    obviously bad to me, but then I am no expert.

    Thanks for all your help.

    Rednelle


    "glee" <glee29@spamindspring.com> wrote in message
    news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > What you probably found, under the Domains sub-key in the Registry, were
    Restricted
    > sites, which AFAIK Hijack This does not look at. It is the entries under
    Ranges
    > that would contain the Trusted Zone sites:
    > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings\ZoneMap\Ranges
    > and possibly
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings\ZoneMap\Ranges
    >
    > You can safely delete entries from Ranges, as there is no pressing need to
    have any
    > site in Trusted Zone....if needed, you can manually add sites through IE>
    Tools
    > menu> Security tab. Some find it helpful to add sites like Windows Update
    to the
    > Trusted Zone.
    >
    > Was the Ranges key very large?
    >
    > Out of curiosity, where did you post you HJ log?
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > http://dts-l.org/goodpost.htm
    >
    >
    > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > news:dbedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > Glen,
    > >
    > > Thanks for both your responses.
    > >
    > > Launching HJT, just to scan, produced the same result as before -
    > > application freeze in O15 section.
    > > I read your tutorial, O15 section, looked at the 4 HighKeys, and found
    > > hundreds of entries under Domains and Ranges.
    > > As an experiment, after saving the old .reg file, I deleted them all -
    and
    > > then ran HJT. HJT worked as advertised.
    > > Logfile 7K posted separately, for expert analysis.
    > >
    > > Thanks for your help thus far.
    > >
    > > Rednelle
    > >
    > > "glee" <glee29@spamindspring.com> wrote in message
    > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > > HijackThis Tutorial:
    > > >
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    > > > --
    > > > Glen Ventura, MS MVP Shell/User, A+
    > > > http://dts-l.org/goodpost.htm
    > > >
    > > >
    > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > > Greetings all,
    > > > >
    > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB
    RAM
    > > > >
    > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
    HijackThis.exe
    > > and
    > > > > when I launch this it opens the splash screen.
    > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
    starts
    > > but
    > > > > the blue progress bar stops at about 95% travel with " O15 - Trusted
    > > Zone
    > > > > enumeration " overprinted in Red. (I do have various bank URLs in my
    IE
    > > > > Trusted Zone).
    > > > >
    > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I
    'End
    > > > > Task' I can then continue.
    > > > >
    > > > > All other applications seem to work fine, no virus detected (by
    f-prot),
    > > > > ad-aware & spybot reports 'alexa' otherwise clear.
    > > > >
    > > > > I have not submitted the HJT Logfile because, although it is
    produced,
    > > it is
    > > > > blank (size 0 bytes).
    > > > >
    > > > > Any ideas?
    > > > >
    > > > > Rednelle
    > > > >
    > > > >
    > > > >
    > > >
    > >
    > >
    >
  10. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Did you try running HijackThis in Safe Mode?
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    Rednelle wrote:
    > Greetings all,
    >
    > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
    >
    > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
    > when I launch this it opens the splash screen.
    > If I hit on the top option 'Do Scan & Save Logfile' the process starts but
    > the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
    > enumeration " overprinted in Red. (I do have various bank URLs in my IE
    > Trusted Zone).
    >
    > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
    > Task' I can then continue.
    >
    > All other applications seem to work fine, no virus detected (by f-prot),
    > ad-aware & spybot reports 'alexa' otherwise clear.
    >
    > I have not submitted the HJT Logfile because, although it is produced, it
    > is
    > blank (size 0 bytes).
    >
    > Any ideas?
    >
    > Rednelle
  11. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the AumHa forums
    and website, who highly recommends it:

    "It is a frequently-updated Registry patch that adds a long list of known
    advertisers, marketers, and spyware pushers to the Restricted sites zone of
    Internet Explorer. This filters much known adware and other malware from
    your computer from the beginning - a more proactive approach than only using
    adware-removing programs after the fact."

    So, yes....the large Restricted sites zone would be from that application. Are you
    sure it was the restricted sites that were causing your problem? How large was the
    Trusted Zone section, in the Registry key I mentioned earlier?

    I have not seen your HJT log, but I don't frequent the Bleeping forums. Post it on
    the forums at aumha.net, where I check in regularly....along with PA Bear and his
    merry band of experts. You must first register at the site, but that does not take
    long.

    Copy the log files and paste them into a new post here:
    http://forum.aumha.org/viewforum.php?f=30
    (Another good forum is: http://castlecops.com/forum67.html )

    In your post, please state your problem, if any, and what you've done so far to fix
    it.

    See the "housekeeping" you should complete before you post your log:
    http://aumha.org/forum/viewtopic.php?t=4075

    A tutorial for using Hijack This is located here:
    http://tomcoyote.com/hjt/
    and an in-depth tutorial is here:
    http://aumha.org/a/hjttutor.htm
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > Glen,
    >
    > The HKCU Ranges key was large. I realise now that I was probably looking at
    > entries put there by (me) / IE_SPYAD.
    >
    > I posted the HJT logfile to 'bleepingcomputer' but there has been no reply -
    > probably because of some mistake I made.
    >
    > I'll try and send you a copy of the HJT file; what remains doesn't look
    > obviously bad to me, but then I am no expert.
    >
    > Thanks for all your help.
    >
    > Rednelle
    >
    >
    > "glee" <glee29@spamindspring.com> wrote in message
    > news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > What you probably found, under the Domains sub-key in the Registry, were
    > Restricted
    > > sites, which AFAIK Hijack This does not look at. It is the entries under
    > Ranges
    > > that would contain the Trusted Zone sites:
    > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
    > > Settings\ZoneMap\Ranges
    > > and possibly
    > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
    > > Settings\ZoneMap\Ranges
    > >
    > > You can safely delete entries from Ranges, as there is no pressing need to
    > have any
    > > site in Trusted Zone....if needed, you can manually add sites through IE>
    > Tools
    > > menu> Security tab. Some find it helpful to add sites like Windows Update
    > to the
    > > Trusted Zone.
    > >
    > > Was the Ranges key very large?
    > >
    > > Out of curiosity, where did you post you HJ log?
    > > --
    > > Glen Ventura, MS MVP Shell/User, A+
    > > http://dts-l.org/goodpost.htm
    > >
    > >
    > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > news:dbedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > Glen,
    > > >
    > > > Thanks for both your responses.
    > > >
    > > > Launching HJT, just to scan, produced the same result as before -
    > > > application freeze in O15 section.
    > > > I read your tutorial, O15 section, looked at the 4 HighKeys, and found
    > > > hundreds of entries under Domains and Ranges.
    > > > As an experiment, after saving the old .reg file, I deleted them all -
    > and
    > > > then ran HJT. HJT worked as advertised.
    > > > Logfile 7K posted separately, for expert analysis.
    > > >
    > > > Thanks for your help thus far.
    > > >
    > > > Rednelle
    > > >
    > > > "glee" <glee29@spamindspring.com> wrote in message
    > > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > > > HijackThis Tutorial:
    > > > >
    > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    > > > > --
    > > > > Glen Ventura, MS MVP Shell/User, A+
    > > > > http://dts-l.org/goodpost.htm
    > > > >
    > > > >
    > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > > > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > > > Greetings all,
    > > > > >
    > > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB
    > RAM
    > > > > >
    > > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
    > HijackThis.exe
    > > > and
    > > > > > when I launch this it opens the splash screen.
    > > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
    > starts
    > > > but
    > > > > > the blue progress bar stops at about 95% travel with " O15 - Trusted
    > > > Zone
    > > > > > enumeration " overprinted in Red. (I do have various bank URLs in my
    > IE
    > > > > > Trusted Zone).
    > > > > >
    > > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I
    > 'End
    > > > > > Task' I can then continue.
    > > > > >
    > > > > > All other applications seem to work fine, no virus detected (by
    > f-prot),
    > > > > > ad-aware & spybot reports 'alexa' otherwise clear.
    > > > > >
    > > > > > I have not submitted the HJT Logfile because, although it is
    > produced,
    > > > it is
    > > > > > blank (size 0 bytes).
    > > > > >
    > > > > > Any ideas?
    > > > > >
    > > > > > Rednelle
    > > > > >
    > > > > >
    > > > > >
    > > > >
    > > >
    > > >
    > >
    >
    >
  12. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Hi Robert,

    No, I didn't try HJT in Safe Mode.

    As I said in a previous post, once the HKCU Range keys were deleted HJT ran
    to completion, and the log seems fine.

    Would IE-SPYAD be responsible for the hundreds of entries (restricted sites)
    in this part of the registry?
    What is your opinion of this utility?

    Rednelle


    "PA Bear" <PABearMVP@gmail.com> wrote in message
    news:#uJLqB8iFHA.2772@TK2MSFTNGP12.phx.gbl...
    > Did you try running HijackThis in Safe Mode?
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-Windows (IE/OE) & Security
  13. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Glen,

    I'll register with AumHa Forums and send you the latest log.
    OldTimer on BleepingComputer read the first HJT log and gave advice - which
    worked well.

    I can't provide good answers to your detailed questions; I've lost my notes
    and can't remember now exactly how many line items there were under HKLM and
    HKCU ...... ZoneMap > Domains and Ranges (4 areas); nor what was in which
    zone.
    It seemed like hundreds. I had installed IE-SPYAD a year or two ago which,
    as you say, would have added Restricted sites. I deliberately added about 6
    bank URLs to IE > Tools > Security > Trusted sites. Anything else would have
    arrived unintentionally.

    However; all now seems well.

    If, after reloading IE-SPYAD, I find the HJT freezes again in Section O-15
    I will let you and the community know.

    Thanks again for your help.

    Rednelle


    "glee" <glee29@spamindspring.com> wrote in message
    news:OaKjzQ#iFHA.3960@TK2MSFTNGP12.phx.gbl...
    > Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the
    AumHa forums
    > and website, who highly recommends it:
    >
    > "It is a frequently-updated Registry patch that adds a long list of known
    > advertisers, marketers, and spyware pushers to the Restricted sites zone
    of
    > Internet Explorer. This filters much known adware and other malware from
    > your computer from the beginning - a more proactive approach than only
    using
    > adware-removing programs after the fact."
    >
    > So, yes....the large Restricted sites zone would be from that application.
    Are you
    > sure it was the restricted sites that were causing your problem? How
    large was the
    > Trusted Zone section, in the Registry key I mentioned earlier?
    >
    > I have not seen your HJT log, but I don't frequent the Bleeping forums.
    Post it on
    > the forums at aumha.net, where I check in regularly....along with PA Bear
    and his
    > merry band of experts. You must first register at the site, but that does
    not take
    > long.
    >
    > Copy the log files and paste them into a new post here:
    > http://forum.aumha.org/viewforum.php?f=30
    > (Another good forum is: http://castlecops.com/forum67.html )
    >
    > In your post, please state your problem, if any, and what you've done so
    far to fix
    > it.
    >
    > See the "housekeeping" you should complete before you post your log:
    > http://aumha.org/forum/viewtopic.php?t=4075
    >
    > A tutorial for using Hijack This is located here:
    > http://tomcoyote.com/hjt/
    > and an in-depth tutorial is here:
    > http://aumha.org/a/hjttutor.htm
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > http://dts-l.org/goodpost.htm
    >
    >
    > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > news:dbgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > > Glen,
    > >
    > > The HKCU Ranges key was large. I realise now that I was probably looking
    at
    > > entries put there by (me) / IE_SPYAD.
    > >
    > > I posted the HJT logfile to 'bleepingcomputer' but there has been no
    reply -
    > > probably because of some mistake I made.
    > >
    > > I'll try and send you a copy of the HJT file; what remains doesn't look
    > > obviously bad to me, but then I am no expert.
    > >
    > > Thanks for all your help.
    > >
    > > Rednelle
    > >
    > >
    > > "glee" <glee29@spamindspring.com> wrote in message
    > > news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > > What you probably found, under the Domains sub-key in the Registry,
    were
    > > Restricted
    > > > sites, which AFAIK Hijack This does not look at. It is the entries
    under
    > > Ranges
    > > > that would contain the Trusted Zone sites:
    > > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
    > > > Settings\ZoneMap\Ranges
    > > > and possibly
    > > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
    > > > Settings\ZoneMap\Ranges
    > > >
    > > > You can safely delete entries from Ranges, as there is no pressing
    need to
    > > have any
    > > > site in Trusted Zone....if needed, you can manually add sites through
    IE>
    > > Tools
    > > > menu> Security tab. Some find it helpful to add sites like Windows
    Update
    > > to the
    > > > Trusted Zone.
    > > >
    > > > Was the Ranges key very large?
    > > >
    > > > Out of curiosity, where did you post you HJ log?
    > > > --
    > > > Glen Ventura, MS MVP Shell/User, A+
    > > > http://dts-l.org/goodpost.htm
    > > >
    > > >
    > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > > news:dbedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > > Glen,
    > > > >
    > > > > Thanks for both your responses.
    > > > >
    > > > > Launching HJT, just to scan, produced the same result as before -
    > > > > application freeze in O15 section.
    > > > > I read your tutorial, O15 section, looked at the 4 HighKeys, and
    found
    > > > > hundreds of entries under Domains and Ranges.
    > > > > As an experiment, after saving the old .reg file, I deleted them
    all -
    > > and
    > > > > then ran HJT. HJT worked as advertised.
    > > > > Logfile 7K posted separately, for expert analysis.
    > > > >
    > > > > Thanks for your help thus far.
    > > > >
    > > > > Rednelle
    > > > >
    > > > > "glee" <glee29@spamindspring.com> wrote in message
    > > > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > > > > HijackThis Tutorial:
    > > > > >
    > > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    > > > > > --
    > > > > > Glen Ventura, MS MVP Shell/User, A+
    > > > > > http://dts-l.org/goodpost.htm
    > > > > >
    > > > > >
    > > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > > > > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > > > > Greetings all,
    > > > > > >
    > > > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with
    192MB
    > > RAM
    > > > > > >
    > > > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
    > > HijackThis.exe
    > > > > and
    > > > > > > when I launch this it opens the splash screen.
    > > > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
    > > starts
    > > > > but
    > > > > > > the blue progress bar stops at about 95% travel with " O15 -
    Trusted
    > > > > Zone
    > > > > > > enumeration " overprinted in Red. (I do have various bank URLs
    in my
    > > IE
    > > > > > > Trusted Zone).
    > > > > > >
    > > > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If
    I
    > > 'End
    > > > > > > Task' I can then continue.
    > > > > > >
    > > > > > > All other applications seem to work fine, no virus detected (by
    > > f-prot),
    > > > > > > ad-aware & spybot reports 'alexa' otherwise clear.
    > > > > > >
    > > > > > > I have not submitted the HJT Logfile because, although it is
    > > produced,
    > > > > it is
    > > > > > > blank (size 0 bytes).
    > > > > > >
    > > > > > > Any ideas?
    > > > > > >
    > > > > > > Rednelle
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > >
    > >
    >
  14. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > snip
    > If, after reloading IE-SPYAD, I find the HJT freezes again in Section O-15
    > I will let you and the community know.

    OK, that is info that needs to be passed onto the fellow who makes IE_SPYAD. I will
    try to get the info to his attention, and see if there are any other reports of the
    problem. Thanks.
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    > "glee" <glee29@spamindspring.com> wrote in message
    > news:OaKjzQ#iFHA.3960@TK2MSFTNGP12.phx.gbl...
    > > Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the
    > AumHa forums
    > > and website, who highly recommends it:
    > >
    > > "It is a frequently-updated Registry patch that adds a long list of known
    > > advertisers, marketers, and spyware pushers to the Restricted sites zone
    > of
    > > Internet Explorer. This filters much known adware and other malware from
    > > your computer from the beginning - a more proactive approach than only
    > using
    > > adware-removing programs after the fact."
    > >
    > > So, yes....the large Restricted sites zone would be from that application.
    > Are you
    > > sure it was the restricted sites that were causing your problem? How
    > large was the
    > > Trusted Zone section, in the Registry key I mentioned earlier?
    > >
    > > I have not seen your HJT log, but I don't frequent the Bleeping forums.
    > Post it on
    > > the forums at aumha.net, where I check in regularly....along with PA Bear
    > and his
    > > merry band of experts. You must first register at the site, but that does
    > not take
    > > long.
    > >
    > > Copy the log files and paste them into a new post here:
    > > http://forum.aumha.org/viewforum.php?f=30
    > > (Another good forum is: http://castlecops.com/forum67.html )
    > >
    > > In your post, please state your problem, if any, and what you've done so
    > far to fix
    > > it.
    > >
    > > See the "housekeeping" you should complete before you post your log:
    > > http://aumha.org/forum/viewtopic.php?t=4075
    > >
    > > A tutorial for using Hijack This is located here:
    > > http://tomcoyote.com/hjt/
    > > and an in-depth tutorial is here:
    > > http://aumha.org/a/hjttutor.htm
    > > --
    > > Glen Ventura, MS MVP Shell/User, A+
    > > http://dts-l.org/goodpost.htm
    > >
    > >
    > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > news:dbgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > > > Glen,
    > > >
    > > > The HKCU Ranges key was large. I realise now that I was probably looking
    > at
    > > > entries put there by (me) / IE_SPYAD.
    > > >
    > > > I posted the HJT logfile to 'bleepingcomputer' but there has been no
    > reply -
    > > > probably because of some mistake I made.
    > > >
    > > > I'll try and send you a copy of the HJT file; what remains doesn't look
    > > > obviously bad to me, but then I am no expert.
    > > >
    > > > Thanks for all your help.
    > > >
    > > > Rednelle
    > > >
    > > >
    > > > "glee" <glee29@spamindspring.com> wrote in message
    > > > news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > > > What you probably found, under the Domains sub-key in the Registry,
    > were
    > > > Restricted
    > > > > sites, which AFAIK Hijack This does not look at. It is the entries
    > under
    > > > Ranges
    > > > > that would contain the Trusted Zone sites:
    > > > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
    > > > > Settings\ZoneMap\Ranges
    > > > > and possibly
    > > > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
    > > > > Settings\ZoneMap\Ranges
    > > > >
    > > > > You can safely delete entries from Ranges, as there is no pressing
    > need to
    > > > have any
    > > > > site in Trusted Zone....if needed, you can manually add sites through
    > IE>
    > > > Tools
    > > > > menu> Security tab. Some find it helpful to add sites like Windows
    > Update
    > > > to the
    > > > > Trusted Zone.
    > > > >
    > > > > Was the Ranges key very large?
    > > > >
    > > > > Out of curiosity, where did you post you HJ log?
    > > > > --
    > > > > Glen Ventura, MS MVP Shell/User, A+
    > > > > http://dts-l.org/goodpost.htm
    > > > >
    > > > >
    > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > > > news:dbedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > > > Glen,
    > > > > >
    > > > > > Thanks for both your responses.
    > > > > >
    > > > > > Launching HJT, just to scan, produced the same result as before -
    > > > > > application freeze in O15 section.
    > > > > > I read your tutorial, O15 section, looked at the 4 HighKeys, and
    > found
    > > > > > hundreds of entries under Domains and Ranges.
    > > > > > As an experiment, after saving the old .reg file, I deleted them
    > all -
    > > > and
    > > > > > then ran HJT. HJT worked as advertised.
    > > > > > Logfile 7K posted separately, for expert analysis.
    > > > > >
    > > > > > Thanks for your help thus far.
    > > > > >
    > > > > > Rednelle
    > > > > >
    > > > > > "glee" <glee29@spamindspring.com> wrote in message
    > > > > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
    > > > > > > HijackThis Tutorial:
    > > > > > >
    > > > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
    > > > > > > --
    > > > > > > Glen Ventura, MS MVP Shell/User, A+
    > > > > > > http://dts-l.org/goodpost.htm
    > > > > > >
    > > > > > >
    > > > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > > > > > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
    > > > > > > > Greetings all,
    > > > > > > >
    > > > > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with
    > 192MB
    > > > RAM
    > > > > > > >
    > > > > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
    > > > HijackThis.exe
    > > > > > and
    > > > > > > > when I launch this it opens the splash screen.
    > > > > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
    > > > starts
    > > > > > but
    > > > > > > > the blue progress bar stops at about 95% travel with " O15 -
    > Trusted
    > > > > > Zone
    > > > > > > > enumeration " overprinted in Red. (I do have various bank URLs
    > in my
    > > > IE
    > > > > > > > Trusted Zone).
    > > > > > > >
    > > > > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If
    > I
    > > > 'End
    > > > > > > > Task' I can then continue.
    > > > > > > >
    > > > > > > > All other applications seem to work fine, no virus detected (by
    > > > f-prot),
    > > > > > > > ad-aware & spybot reports 'alexa' otherwise clear.
    > > > > > > >
    > > > > > > > I have not submitted the HJT Logfile because, although it is
    > > > produced,
    > > > > > it is
    > > > > > > > blank (size 0 bytes).
    > > > > > > >
    > > > > > > > Any ideas?
    > > > > > > >
    > > > > > > > Rednelle
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > >
    > > >
    > >
    >
    >
  15. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    It's Robear, please. <w>

    It's not unusual to run HijackThis or any of the other anti-malware tools in
    Safe Mode if they freeze when scanning in normal (Windows) mode.

    IIRC the HijackThis entries in question pointed to sites in Trust Sites
    zone, not Restricted Sites, and so MVP Eric Howe's IE-SpyAd would not be
    responsible, no. Some hijackers are well-known for putting
    undesirable/unwanted domains in Trusted Sites zone.

    I agree with Jim Eshelman that IE-SpyAd is a useful tool to avoid
    hijackware. I use it in combination with SpywareBlaster and MVP Mike
    Burgess' custom hosts file.

    Like all such tools, keep IE-SpyAd up-to-date:
    https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    Rednelle wrote:
    > Hi Robert,
    >
    > No, I didn't try HJT in Safe Mode.
    >
    > As I said in a previous post, once the HKCU Range keys were deleted HJT
    > ran
    > to completion, and the log seems fine.
    >
    > Would IE-SPYAD be responsible for the hundreds of entries (restricted
    > sites)
    > in this part of the registry?
    > What is your opinion of this utility?
    >
    >> Did you try running HijackThis in Safe Mode?
  16. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > I'll register with AumHa Forums and send you the latest log.
    > OldTimer on BleepingComputer read the first HJT log and gave advice - which
    > worked well.

    If you are already receiving replies at Bleeping, I don't suggest starting a thread
    elsewhere until you have concluded there, lest you confuse the issue with multiple
    advice counteracting each other. Too many cooks......
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm
  17. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Glen,

    Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and then
    ran HJT again - it froze at O-15 again.
    Perhaps there is currently a limit on the number of lines in a HJT logfile?
    Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.

    Rednelle

    "glee" <glee29@spamindspring.com> wrote in message
    news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
    > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > > snip
    > > If, after reloading IE-SPYAD, I find the HJT freezes again in Section
    O-15
    > > I will let you and the community know.
    >
    > OK, that is info that needs to be passed onto the fellow who makes
    IE_SPYAD. I will
    > try to get the info to his attention, and see if there are any other
    reports of the
    > problem. Thanks.
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > http://dts-l.org/goodpost.htm
  18. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the issue is
    addressed in the ReadMe for IE-SPYAD:

    https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt

    See the section titled: "Why does HijackThis! freeze after I install IE-SPYAD?"

    <quote>
    Why does HijackThis! freeze after I install IE-SPYAD?
    -----------------------------------------------------

    If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may notice that
    HJT appears to
    "freeze" or "hang" while scanning your system. In actuality, HJT has not conked out,
    nor is there a
    problem with IE-SPYAD. What's happening is this:

    HJT processes and scans the Registry for all Internet Explorer Security Zone
    entries. Internet
    Explorer stores entries for all security zones in the same "Domains" Registry key,
    and HJT scans
    this very same key when inspecting your system. Since IE-SPYAD adds over 8000
    entires for the
    Restricted sites zone, HJT has a lot of entries to sort through, and that simply
    takes time. HJT
    isn't actually frozen; it's only momentarily bogged down while processing all those
    zone entries.

    If you wait a bit, HJT will eventually present you with the buttons that you expect.
    Depending on
    the speed of your processor and the amount of memory your computer has, this could
    take a few
    seconds to a minute.

    If the wait proves to be too long, then uninstall IE-SPYAD before you run HJT, and
    reinstall it
    after HJT finishes.
    --------------------------------------------------
    </quote>
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "Rednelle" <rednelle31@btinternet.com> wrote in message
    news:dbjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
    > Glen,
    >
    > Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and then
    > ran HJT again - it froze at O-15 again.
    > Perhaps there is currently a limit on the number of lines in a HJT logfile?
    > Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.
    >
    > Rednelle
    >
    > "glee" <glee29@spamindspring.com> wrote in message
    > news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
    > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > > > snip
    > > > If, after reloading IE-SPYAD, I find the HJT freezes again in Section
    > O-15
    > > > I will let you and the community know.
    > >
    > > OK, that is info that needs to be passed onto the fellow who makes
    > IE_SPYAD. I will
    > > try to get the info to his attention, and see if there are any other
    > reports of the
    > > problem. Thanks.
    > > --
    > > Glen Ventura, MS MVP Shell/User, A+
    > > http://dts-l.org/goodpost.htm
    >
    >
  19. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    <applause> Good work, glee! First I've heard of this.

    FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
    running HijackThis v1.99.1 in WinXP SP2.
    --
    ~Robear

    glee wrote:
    > I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
    > issue is addressed in the ReadMe for IE-SPYAD:
    >
    > https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
    >
    > See the section titled: "Why does HijackThis! freeze after I install
    > IE-SPYAD?"
    >
    > <quote>
    > Why does HijackThis! freeze after I install IE-SPYAD?
    > -----------------------------------------------------
    >
    > If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
    > notice that HJT appears to
    > "freeze" or "hang" while scanning your system. In actuality, HJT has not
    > conked out, nor is there a
    > problem with IE-SPYAD. What's happening is this:
    >
    > HJT processes and scans the Registry for all Internet Explorer Security
    > Zone
    > entries. Internet
    > Explorer stores entries for all security zones in the same "Domains"
    > Registry key, and HJT scans
    > this very same key when inspecting your system. Since IE-SPYAD adds over
    > 8000 entires for the
    > Restricted sites zone, HJT has a lot of entries to sort through, and that
    > simply takes time. HJT
    > isn't actually frozen; it's only momentarily bogged down while processing
    > all those zone entries.
    >
    > If you wait a bit, HJT will eventually present you with the buttons that
    > you expect. Depending on
    > the speed of your processor and the amount of memory your computer has,
    > this could take a few
    > seconds to a minute.
    >
    > If the wait proves to be too long, then uninstall IE-SPYAD before you run
    > HJT, and reinstall it
    > after HJT finishes.
    > --------------------------------------------------
    > </quote>
    >
    > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > news:dbjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
    >> Glen,
    >>
    >> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
    >> then
    >> ran HJT again - it froze at O-15 again.
    >> Perhaps there is currently a limit on the number of lines in a HJT
    >> logfile?
    >> Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.
    >>
    >> Rednelle
    >>
    >> "glee" <glee29@spamindspring.com> wrote in message
    >> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
    >>> "Rednelle" <rednelle31@btinternet.com> wrote in message
    >>> news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    >>>> snip
    >>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
    >> O-15
    >>>> I will let you and the community know.
    >>>
    >>> OK, that is info that needs to be passed onto the fellow who makes
    >> IE_SPYAD. I will
    >>> try to get the info to his attention, and see if there are any other
    >> reports of the
    >>> problem. Thanks.
    >>> --
    >>> Glen Ventura, MS MVP Shell/User, A+
    >>> http://dts-l.org/goodpost.htm
  20. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    After finding out that you and JAE use IE-SpyAd, I may try it myself. Can't get
    much better recommendations than that. ;-) In fact, it may be what I need to add
    to the machines at work too.

    Is there a way to view the list of sites it adds to Restricted, prior to installing,
    do you know?
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "PA Bear" <PABearMVP@gmail.com> wrote in message
    news:%23MjinOKjFHA.3064@TK2MSFTNGP15.phx.gbl...
    > <applause> Good work, glee! First I've heard of this.
    >
    > FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
    > running HijackThis v1.99.1 in WinXP SP2.
    > --
    > ~Robear
    >
    > glee wrote:
    > > I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
    > > issue is addressed in the ReadMe for IE-SPYAD:
    > >
    > > https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
    > >
    > > See the section titled: "Why does HijackThis! freeze after I install
    > > IE-SPYAD?"
    > >
    > > <quote>
    > > Why does HijackThis! freeze after I install IE-SPYAD?
    > > -----------------------------------------------------
    > >
    > > If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
    > > notice that HJT appears to
    > > "freeze" or "hang" while scanning your system. In actuality, HJT has not
    > > conked out, nor is there a
    > > problem with IE-SPYAD. What's happening is this:
    > >
    > > HJT processes and scans the Registry for all Internet Explorer Security
    > > Zone
    > > entries. Internet
    > > Explorer stores entries for all security zones in the same "Domains"
    > > Registry key, and HJT scans
    > > this very same key when inspecting your system. Since IE-SPYAD adds over
    > > 8000 entires for the
    > > Restricted sites zone, HJT has a lot of entries to sort through, and that
    > > simply takes time. HJT
    > > isn't actually frozen; it's only momentarily bogged down while processing
    > > all those zone entries.
    > >
    > > If you wait a bit, HJT will eventually present you with the buttons that
    > > you expect. Depending on
    > > the speed of your processor and the amount of memory your computer has,
    > > this could take a few
    > > seconds to a minute.
    > >
    > > If the wait proves to be too long, then uninstall IE-SPYAD before you run
    > > HJT, and reinstall it
    > > after HJT finishes.
    > > --------------------------------------------------
    > > </quote>
    > >
    > > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > > news:dbjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
    > >> Glen,
    > >>
    > >> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
    > >> then
    > >> ran HJT again - it froze at O-15 again.
    > >> Perhaps there is currently a limit on the number of lines in a HJT
    > >> logfile?
    > >> Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.
    > >>
    > >> Rednelle
    > >>
    > >> "glee" <glee29@spamindspring.com> wrote in message
    > >> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
    > >>> "Rednelle" <rednelle31@btinternet.com> wrote in message
    > >>> news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > >>>> snip
    > >>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
    > >> O-15
    > >>>> I will let you and the community know.
    > >>>
    > >>> OK, that is info that needs to be passed onto the fellow who makes
    > >> IE_SPYAD. I will
    > >>> try to get the info to his attention, and see if there are any other
    > >> reports of the
    > >>> problem. Thanks.
    > >>> --
    > >>> Glen Ventura, MS MVP Shell/User, A+
    > >>> http://dts-l.org/goodpost.htm
    >
  21. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    You can right-click on ie-ads.reg > Edit > and take a look/see. (Check your
    inbox.)

    Tip: Put your glasses on!

    BTW you'll prolly want IE-SpyAd2, glee.
    --
    ~Robear

    glee wrote:
    > After finding out that you and JAE use IE-SpyAd, I may try it myself.
    > Can't get much better recommendations than that. ;-) In fact, it may
    > be
    > what I need to add to the machines at work too.
    >
    > Is there a way to view the list of sites it adds to Restricted, prior to
    > installing, do you know?
    >
    > "PA Bear" <PABearMVP@gmail.com> wrote in message
    > news:%23MjinOKjFHA.3064@TK2MSFTNGP15.phx.gbl...
    >> <applause> Good work, glee! First I've heard of this.
    >>
    >> FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
    >> running HijackThis v1.99.1 in WinXP SP2.
    >> --
    >> ~Robear
    >>
    >> glee wrote:
    >>> I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
    >>> issue is addressed in the ReadMe for IE-SPYAD:
    >>>
    >>> https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
    >>>
    >>> See the section titled: "Why does HijackThis! freeze after I install
    >>> IE-SPYAD?"
    >>>
    >>> <quote>
    >>> Why does HijackThis! freeze after I install IE-SPYAD?
    >>> -----------------------------------------------------
    >>>
    >>> If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
    >>> notice that HJT appears to
    >>> "freeze" or "hang" while scanning your system. In actuality, HJT has not
    >>> conked out, nor is there a
    >>> problem with IE-SPYAD. What's happening is this:
    >>>
    >>> HJT processes and scans the Registry for all Internet Explorer Security
    >>> Zone
    >>> entries. Internet
    >>> Explorer stores entries for all security zones in the same "Domains"
    >>> Registry key, and HJT scans
    >>> this very same key when inspecting your system. Since IE-SPYAD adds over
    >>> 8000 entires for the
    >>> Restricted sites zone, HJT has a lot of entries to sort through, and
    >>> that
    >>> simply takes time. HJT
    >>> isn't actually frozen; it's only momentarily bogged down while
    >>> processing
    >>> all those zone entries.
    >>>
    >>> If you wait a bit, HJT will eventually present you with the buttons that
    >>> you expect. Depending on
    >>> the speed of your processor and the amount of memory your computer has,
    >>> this could take a few
    >>> seconds to a minute.
    >>>
    >>> If the wait proves to be too long, then uninstall IE-SPYAD before you
    >>> run
    >>> HJT, and reinstall it
    >>> after HJT finishes.
    >>> --------------------------------------------------
    >>> </quote>
    >>>
    >>> "Rednelle" <rednelle31@btinternet.com> wrote in message
    >>> news:dbjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
    >>>> Glen,
    >>>>
    >>>> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
    >>>> then
    >>>> ran HJT again - it froze at O-15 again.
    >>>> Perhaps there is currently a limit on the number of lines in a HJT
    >>>> logfile?
    >>>> Moral; uninstall IE-SPYAD before you use HijackThis - for the time
    >>>> being.
    >>>>
    >>>> Rednelle
    >>>>
    >>>> "glee" <glee29@spamindspring.com> wrote in message
    >>>> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
    >>>>> "Rednelle" <rednelle31@btinternet.com> wrote in message
    >>>>> news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    >>>>>> snip
    >>>>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
    >>>> O-15
    >>>>>> I will let you and the community know.
    >>>>>
    >>>>> OK, that is info that needs to be passed onto the fellow who makes
    >>>> IE_SPYAD. I will
    >>>>> try to get the info to his attention, and see if there are any other
    >>>> reports of the
    >>>>> problem. Thanks.
    >>>>> --
    >>>>> Glen Ventura, MS MVP Shell/User, A+
    >>>>> http://dts-l.org/goodpost.htm
  22. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Thanks, BRobear!

    ....glen

    "PA Bear" <PABearMVP@gmail.com> wrote in message
    news:%23RsI%23TMjFHA.708@TK2MSFTNGP09.phx.gbl...
    > You can right-click on ie-ads.reg > Edit > and take a look/see. (Check your
    > inbox.)
    >
    > Tip: Put your glasses on!
    >
    > BTW you'll prolly want IE-SpyAd2, glee.
    > --
    > ~Robear
    >
    > glee wrote:
    > > After finding out that you and JAE use IE-SpyAd, I may try it myself.
    > > Can't get much better recommendations than that. ;-) In fact, it may
    > > be
    > > what I need to add to the machines at work too.
    > >
    > > Is there a way to view the list of sites it adds to Restricted, prior to
    > > installing, do you know?
    > >
    > > "PA Bear" <PABearMVP@gmail.com> wrote in message
    > > news:%23MjinOKjFHA.3064@TK2MSFTNGP15.phx.gbl...
    > >> <applause> Good work, glee! First I've heard of this.
    > >>
    > >> FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
    > >> running HijackThis v1.99.1 in WinXP SP2.
    > >> --
    > >> ~Robear
    > >>
    > >> glee wrote:
    > >>> I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
    > >>> issue is addressed in the ReadMe for IE-SPYAD:
    > >>>
    > >>> https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
    > >>>
    > >>> See the section titled: "Why does HijackThis! freeze after I install
    > >>> IE-SPYAD?"
    > >>>
    > >>> <quote>
    > >>> Why does HijackThis! freeze after I install IE-SPYAD?
    > >>> -----------------------------------------------------
    > >>>
    > >>> If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
    > >>> notice that HJT appears to
    > >>> "freeze" or "hang" while scanning your system. In actuality, HJT has not
    > >>> conked out, nor is there a
    > >>> problem with IE-SPYAD. What's happening is this:
    > >>>
    > >>> HJT processes and scans the Registry for all Internet Explorer Security
    > >>> Zone
    > >>> entries. Internet
    > >>> Explorer stores entries for all security zones in the same "Domains"
    > >>> Registry key, and HJT scans
    > >>> this very same key when inspecting your system. Since IE-SPYAD adds over
    > >>> 8000 entires for the
    > >>> Restricted sites zone, HJT has a lot of entries to sort through, and
    > >>> that
    > >>> simply takes time. HJT
    > >>> isn't actually frozen; it's only momentarily bogged down while
    > >>> processing
    > >>> all those zone entries.
    > >>>
    > >>> If you wait a bit, HJT will eventually present you with the buttons that
    > >>> you expect. Depending on
    > >>> the speed of your processor and the amount of memory your computer has,
    > >>> this could take a few
    > >>> seconds to a minute.
    > >>>
    > >>> If the wait proves to be too long, then uninstall IE-SPYAD before you
    > >>> run
    > >>> HJT, and reinstall it
    > >>> after HJT finishes.
    > >>> --------------------------------------------------
    > >>> </quote>
    > >>>
    > >>> "Rednelle" <rednelle31@btinternet.com> wrote in message
    > >>> news:dbjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
    > >>>> Glen,
    > >>>>
    > >>>> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
    > >>>> then
    > >>>> ran HJT again - it froze at O-15 again.
    > >>>> Perhaps there is currently a limit on the number of lines in a HJT
    > >>>> logfile?
    > >>>> Moral; uninstall IE-SPYAD before you use HijackThis - for the time
    > >>>> being.
    > >>>>
    > >>>> Rednelle
    > >>>>
    > >>>> "glee" <glee29@spamindspring.com> wrote in message
    > >>>> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
    > >>>>> "Rednelle" <rednelle31@btinternet.com> wrote in message
    > >>>>> news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > >>>>>> snip
    > >>>>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
    > >>>> O-15
    > >>>>>> I will let you and the community know.
    > >>>>>
    > >>>>> OK, that is info that needs to be passed onto the fellow who makes
    > >>>> IE_SPYAD. I will
    > >>>>> try to get the info to his attention, and see if there are any other
    > >>>> reports of the
    > >>>>> problem. Thanks.
    > >>>>> --
    > >>>>> Glen Ventura, MS MVP Shell/User, A+
    > >>>>> http://dts-l.org/goodpost.htm
    >
  23. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Thanks guys,

    AL1 I'll not register with AumHa Forums this time round.

    The end.

    Rednelle


    "glee" <glee29@spamindspring.com> wrote in message
    news:#fnCyuJjFHA.3300@TK2MSFTNGP10.phx.gbl...
    > "Rednelle" <rednelle31@btinternet.com> wrote in message
    > news:dbisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > > I'll register with AumHa Forums and send you the latest log.
    > > OldTimer on BleepingComputer read the first HJT log and gave advice -
    which
    > > worked well.
    >
    > If you are already receiving replies at Bleeping, I don't suggest starting
    a thread
    > elsewhere until you have concluded there, lest you confuse the issue with
    multiple
    > advice counteracting each other. Too many cooks......
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > http://dts-l.org/goodpost.htm
    >
    >
  24. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Robear, many thanks.

    Rednelle

    "PA Bear" <PABearMVP@gmail.com> wrote in message
    news:#pix8wIjFHA.3960@TK2MSFTNGP12.phx.gbl...
    > It's Robear, please. <w>
    >
    > It's not unusual to run HijackThis or any of the other anti-malware tools
    in
    > Safe Mode if they freeze when scanning in normal (Windows) mode.
    >
    > IIRC the HijackThis entries in question pointed to sites in Trust Sites
    > zone, not Restricted Sites, and so MVP Eric Howe's IE-SpyAd would not be
    > responsible, no. Some hijackers are well-known for putting
    > undesirable/unwanted domains in Trusted Sites zone.
    >
    > I agree with Jim Eshelman that IE-SpyAd is a useful tool to avoid
    > hijackware. I use it in combination with SpywareBlaster and MVP Mike
    > Burgess' custom hosts file.
    >
    > Like all such tools, keep IE-SpyAd up-to-date:
    > https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-Windows (IE/OE) & Security
  25. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    YW.

    Rednelle wrote:
    > Robear, many thanks.
    >
    > Rednelle
    >
    > "PA Bear" <PABearMVP@gmail.com> wrote in message
    > news:#pix8wIjFHA.3960@TK2MSFTNGP12.phx.gbl...
    > > It's Robear, please. <w>
    > >
    > > It's not unusual to run HijackThis or any of the other anti-malware
    > > tools in Safe Mode if they freeze when scanning in normal (Windows)
    > > mode.
    > >
    > > IIRC the HijackThis entries in question pointed to sites in Trust Sites
    > > zone, not Restricted Sites, and so MVP Eric Howe's IE-SpyAd would not be
    > > responsible, no. Some hijackers are well-known for putting
    > > undesirable/unwanted domains in Trusted Sites zone.
    > >
    > > I agree with Jim Eshelman that IE-SpyAd is a useful tool to avoid
    > > hijackware. I use it in combination with SpywareBlaster and MVP Mike
    > > Burgess' custom hosts file.
    > >
    > > Like all such tools, keep IE-SpyAd up-to-date:
    > > https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
    > > --
    > > ~Robear Dyer (PA Bear)
    > > MS MVP-Windows (IE/OE) & Security
Ask a new question

Read More

Internet Explorer Hijackthis Windows