• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
ShellsPC

About:blank Will Not Go Away

61 posts in this topic

When I click on advanced it says that I have full control under permissions. I found out yesterday that I did not need the administrator to log on for me, I could do this under my user name and password.

Share this post


Link to post
Share on other sites

shell's when you get throought with this download spywareguard if you don't have it yet I've had very little incidents on my pc since i installed it.

Make sure you have the real time scanner on which will alert you during an attack and ask you if you want to accept changes.

Share this post


Link to post
Share on other sites

one more thing have you tried reinstalling the default registry values for IE 6, this is the one you get after a fresh install of IE. if you can't find these values post the question in the fix pc part of this forum. I did this before and restored my pages back to factory settings

gooluck

Share this post


Link to post
Share on other sites

Forgot about that step. Uncheck the inherit box. It will then give you a popup box. Hit copy. then you can remove yourself.

 

Superbratkidde this is a very complex hijack. Hijackthis will take care of what you said to do. I know you are trying to help but this may confuse things.

Share this post


Link to post
Share on other sites

OK, here is the hijackthis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:10:18 PM, on 5/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\userinit.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = RMASBS:8080

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8132.5077083333

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rmasecurity.loc

O17 - HKLM\Software\..\Telephony: DomainName = rmasecurity.loc

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rmasecurity.loc

 

Does the findall log need to be done off of the network?

Share this post


Link to post
Share on other sites

Here is the findall log:

 

--==***@@@ FIND-ALL' VERSION 5.2 -5/18 @@@***==--

 

Wed 05/26/2004

04:22 PM

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (B013:FA76) - FS:NTFS clusters:4k

Total: 39 958 409 216 [37G] - Free: 27 843 670 016 [26G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;

 

*Google Toolbar version and Attributes:

Defaults: "A" ;"R"

Path not found - C:\Program Files\google

Path not found - C:\Program Files\google

 

*UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

*Wmplayer version:

8.0.0.4490 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

*M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

*PC uptime:

4:22pm up 0 days, 0:04

Locked or 'Suspect' file(s) found...

 

 

*List of top level windows:

HWND PID PRIO TITLE

10090 580 norm Start Menu

4002c 580 norm _Shell_TrayWnd

10028 660 high NetDDE Agent

3019e 256 norm C:\WINDOWS\System32\cmd.exe

10110 580 norm MCI command handling window

20108 580 norm Connections Tray

200e0 580 norm Power Meter

200e4 580 norm MS_WebcheckMonitor

200c6 1508 norm IsaTray

100d0 1240 norm HkWndName

100bc 1064 norm Symantec AntiVirus Corporate Edition

1006e 1636 norm Scan

1006c 1636 norm ACTION

1006a 1636 norm VPIPCLINK

40066 1568 norm Dell OMCI Iap

9011a 580 norm SysFader

10086 580 norm Program Manager

30034 580 norm M

30032 580 norm Default IME

10114 580 norm Default IME

200de 580 norm Default IME

400b8 1508 norm Default IME

100d2 1240 norm Default IME

100be 1064 norm Default IME

10068 1568 norm Default IME

1009a 580 norm M

30064 580 norm Default IME

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(CI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

(CI) ALLOW QWCEN-DS-- BUILTIN\Power Users

(CI) ALLOW Full access NT AUTHORITY\SYSTEM

(CI) ALLOW Read BUILTIN\Users

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Full access BUILTIN\Administrators

QWCEN-DS-- BUILTIN\Power Users

Full access NT AUTHORITY\SYSTEM

Read BUILTIN\Users

 

 

Share this post


Link to post
Share on other sites

Shadowwar,

 

I am heading out for the day (thank goodness). I am so tired of looking at this computer. I will return in the morning. Thank you so much for your help. I hope we can kill this thing. Good night.

Share this post


Link to post
Share on other sites

its killed. Here are some tips:

 

Please run your windows updates to help prevent being reinfected.

 

internet explorer/tools(at top of screen)/windows updates

Install all critical at least. After you reboot Recheck again as there may be more!

 

Also see the link in my signature:

 

how did I get infected in the first place?

 

Here is some software that will help with prevention:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Spybot search and destroy in my signature is a good cleaner for adware and such.

 

Also a good firewall if you do not have one like Zonealarm in my signature will help protect you and monitor what is accessing the internet.

 

Also an antivirus if you do not have one already : http://www.grisoft.com/us/us_dwnl_free.php

 

All free programs.

Share this post


Link to post
Share on other sites

Shadowwar,

 

Thank you for helping me with this problem. I might actually gain some sanity back (ok, probably not). Since I have downloaded most of the spyware dectector programs for attempting to fix this problem I should be fairly guarded against future attacks.

 

Again, Thank You, Thank You, Thank You!!!!!! You are the best.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0