Archived from groups: microsoft.public.win98.gen_discussion (
More info?)
Glen,
I'll register with AumHa Forums and send you the latest log.
OldTimer on BleepingComputer read the first HJT log and gave advice - which
worked well.
I can't provide good answers to your detailed questions; I've lost my notes
and can't remember now exactly how many line items there were under HKLM and
HKCU ...... ZoneMap > Domains and Ranges (4 areas); nor what was in which
zone.
It seemed like hundreds. I had installed IE-SPYAD a year or two ago which,
as you say, would have added Restricted sites. I deliberately added about 6
bank URLs to IE > Tools > Security > Trusted sites. Anything else would have
arrived unintentionally.
However; all now seems well.
If, after reloading IE-SPYAD, I find the HJT freezes again in Section O-15
I will let you and the community know.
Thanks again for your help.
Rednelle
"glee" <glee29@spamindspring.com> wrote in message
news:OaKjzQ#iFHA.3960@TK2MSFTNGP12.phx.gbl...
> Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the
AumHa forums
> and website, who highly recommends it:
>
> "It is a frequently-updated Registry patch that adds a long list of known
> advertisers, marketers, and spyware pushers to the Restricted sites zone
of
> Internet Explorer. This filters much known adware and other malware from
> your computer from the beginning - a more proactive approach than only
using
> adware-removing programs after the fact."
>
> So, yes....the large Restricted sites zone would be from that application.
Are you
> sure it was the restricted sites that were causing your problem? How
large was the
> Trusted Zone section, in the Registry key I mentioned earlier?
>
> I have not seen your HJT log, but I don't frequent the Bleeping forums.
Post it on
> the forums at aumha.net, where I check in regularly....along with PA Bear
and his
> merry band of experts. You must first register at the site, but that does
not take
> long.
>
> Copy the log files and paste them into a new post here:
>
http://forum.aumha.org/viewforum.php?f=30
> (Another good forum is:
http://castlecops.com/forum67.html )
>
> In your post, please state your problem, if any, and what you've done so
far to fix
> it.
>
> See the "housekeeping" you should complete before you post your log:
>
http://aumha.org/forum/viewtopic.php?t=4075
>
> A tutorial for using Hijack This is located here:
> http://tomcoyote.com/hjt/
> and an in-depth tutorial is here:
>
http://aumha.org/a/hjttutor.htm
> --
> Glen Ventura, MS MVP Shell/User, A+
>
http://dts-l.org/goodpost.htm
>
>
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:dbgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> > Glen,
> >
> > The HKCU Ranges key was large. I realise now that I was probably looking
at
> > entries put there by (me) / IE_SPYAD.
> >
> > I posted the HJT logfile to 'bleepingcomputer' but there has been no
reply -
> > probably because of some mistake I made.
> >
> > I'll try and send you a copy of the HJT file; what remains doesn't look
> > obviously bad to me, but then I am no expert.
> >
> > Thanks for all your help.
> >
> > Rednelle
> >
> >
> > "glee" <glee29@spamindspring.com> wrote in message
> > news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > What you probably found, under the Domains sub-key in the Registry,
were
> > Restricted
> > > sites, which AFAIK Hijack This does not look at. It is the entries
under
> > Ranges
> > > that would contain the Trusted Zone sites:
> > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > > Settings\ZoneMap\Ranges
> > > and possibly
> > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
> > > Settings\ZoneMap\Ranges
> > >
> > > You can safely delete entries from Ranges, as there is no pressing
need to
> > have any
> > > site in Trusted Zone....if needed, you can manually add sites through
IE>
> > Tools
> > > menu> Security tab. Some find it helpful to add sites like Windows
Update
> > to the
> > > Trusted Zone.
> > >
> > > Was the Ranges key very large?
> > >
> > > Out of curiosity, where did you post you HJ log?
> > > --
> > > Glen Ventura, MS MVP Shell/User, A+
> > >
http://dts-l.org/goodpost.htm
> > >
> > >
> > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > news:dbedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > Glen,
> > > >
> > > > Thanks for both your responses.
> > > >
> > > > Launching HJT, just to scan, produced the same result as before -
> > > > application freeze in O15 section.
> > > > I read your tutorial, O15 section, looked at the 4 HighKeys, and
found
> > > > hundreds of entries under Domains and Ranges.
> > > > As an experiment, after saving the old .reg file, I deleted them
all -
> > and
> > > > then ran HJT. HJT worked as advertised.
> > > > Logfile 7K posted separately, for expert analysis.
> > > >
> > > > Thanks for your help thus far.
> > > >
> > > > Rednelle
> > > >
> > > > "glee" <glee29@spamindspring.com> wrote in message
> > > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > > > HijackThis Tutorial:
> > > > >
> >
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag
> > > > > --
> > > > > Glen Ventura, MS MVP Shell/User, A+
> > > > >
http://dts-l.org/goodpost.htm
> > > > >
> > > > >
> > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > > > news:dbdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > > > Greetings all,
> > > > > >
> > > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with
192MB
> > RAM
> > > > > >
> > > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
> > HijackThis.exe
> > > > and
> > > > > > when I launch this it opens the splash screen.
> > > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
> > starts
> > > > but
> > > > > > the blue progress bar stops at about 95% travel with " O15 -
Trusted
> > > > Zone
> > > > > > enumeration " overprinted in Red. (I do have various bank URLs
in my
> > IE
> > > > > > Trusted Zone).
> > > > > >
> > > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If
I
> > 'End
> > > > > > Task' I can then continue.
> > > > > >
> > > > > > All other applications seem to work fine, no virus detected (by
> > f-prot),
> > > > > > ad-aware & spybot reports 'alexa' otherwise clear.
> > > > > >
> > > > > > I have not submitted the HJT Logfile because, although it is
> > produced,
> > > > it is
> > > > > > blank (size 0 bytes).
> > > > > >
> > > > > > Any ideas?
> > > > > >
> > > > > > Rednelle
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> >
> >
>