Hijack this file and suggestions!

[catherinebed]

Thank you for being willing to help people all over the world. I am writing to you from Clyde River, way above the Arctic Circle on Baffin Island, where there is not too much in the way of computer tech help. And of course I would be here when my laptop computer starts causing problems!

Symptoms:
I get the MMC cannot open the file.... when I try to open the defragem
I cannot open computer windows (e.g. system restore).. the window opens but to a blank screen
Same blank screen when I try to read topics in Windows help and use IE
There is plenty of memory, however!!
On Start Menu, the Program link leads nowhere and some of the links have disappeared (e.g. to Help, I think)
I can receive email (OE) but not send... I get the message "there was an error opening the message" and then "there is not enough memory". The emails are not previewed in OE and I have to open them as text files within the message


All of this is in the wrong thread, no doubt, but I have been trying to follow advice given here thinking that some nasty thing might be causing this. Adware, Spybot, CWShredder, and CoolWWWsearch all come up negative. Attached in what I got from HijackThis. Judging by your posts, I can't find anything evil, but I thought I would ask the experts.

Thanks in advance for your help. I will try and check your response soon, but Internet access is a bit variable up here.

Catherine

 

[RealBlackStuff]

First Read: Only use these HJT-instructions when asked!
No /P/S/R/U/ functions for you.
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=1c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Advisor - {95270ADF-714F-4607-8E5E-E028E7CBFB14} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
...................................................................................................

You should UNinstall, reboot, then REinstall your Avast Antivirus program. It looks partly 'broken'.

Go to www.getfirefox.com and use that instead of IE.
Post a fresh HJT-log afterwards.

 

[catherinebed]

thank you

Thanks for all your help and suggestions, which I have followed carefully.

Here is the latest HJT file.

I am currently downloading firefox. Slow going here in the frozen north!!

Catherine.

 

[RealBlackStuff]

Avast looks still 'broken':
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

See what this one comes up with:
Read: How to remove Trojans and its ilk!

 

[catherinebed]

thanks again

Thank you once again, and sorry for the delay in responding. Problems finding internet access, now solved!

I did reinstall Avast...so I wonder why it is still broken.

Here is the results of the Ewido scan, as well as the latest HJT. I did the Ewido in two goes, but the results are in the same file, as you will see.

Looking forward to hearing your opinion,

Catherine

 

[RealBlackStuff]

The Avast lines could be a typo in the install-script, leave them for now, if they do their job (scanning email etc.).
You have no more nasties in HJT.

How are the other functions, do Defrag and MMC work now?

 

[catherinebed]

thanks

I am afraid despite all your good advice and clear instructions the problems remain, and seem to be getting worse...my desktop has now unilaterally decided to turn a pale shade of blue and I cannot get back my old pattern.

So I fear that it is something worse than trojans. I am thinking of trying to reinstall Windows. Do you think that is the way to go?

I promise I will never use IE again, in any case!!

Catherine

 

[RealBlackStuff]

Rightclick anywhere on the desktop, select Properties.
Select Desktop tab/Customize Desktop/Web tab.
See if your 'Active Desktop' is turned ON. If so, turn it OFF by UNticking the box.

 

[catherinebed]

some progress

Have tried to follow the instructions about the desktop, but Active Desktop is not an option... there is

Lock desktop
Synchronize
Properties.

In the meantime I have managed to regain full use of the start menu including All Programs, Help, Search and Run, Accessories including system restore by using this little fix.
IEFix (Version 1.5)
Author : Ramesh Srinivasan
Web Site: http://windowsxp.mvps.org

IEFix - Description
-----------------------------------

Internet Explorer Fix - is a general purpose repair utility for
Internet Explorer which repairs Internet Explorer by registering
it's core DLL files and reinstalls using the IE.INF file.

More Information is available at:

http://windowsxp.mvps.org/iefix.htm

I hope this is OK!


I can now also use IE, which I did to run an online virus scan (Trend Micro) which also came up empty.

I still have odd symptoms. The disk defragmenter has the MMC cannot open the file message.
Outlook Express does not open the messages in the preview pane (though it is set to do so).
The desktop has changed background and I cannot return it to the original
When I close Windows I get an error message about having to close the Xport message window.

Any suggestions gratefully received.

Catherine

 

[RealBlackStuff]

Glad that 'fix' got you halfway sorted.
Your log is absolutely clean.
I would suggest though that you continue to use Firefox and set Firefox again as your 'default' browser.
You'll only need IE when you go for Windoze updates.

Something to do: click on Start/Run, type sfc /scannow and click OK. Keep your XP-CD handy. This will check the systemfiles and ask for the CD if one is damaged/outdated/missing. This might fix the MMC errors.

Go to http://www.mozilla.org/products/thunderbird/ and download/install Mozilla Thunderbird. During install it will copy all your email addresses and messages from Outlook Express.
When you receive/send the very first email using Tbird, it will ask you for your password. Tell the program to store your password and that's it.
Tbird is a lot safer than OE, and looks/feels quite similar to it. You should not have any problems with it. Set Tbird as your default emailer.

 

[catherinebed]

Thank you

Thanks for all your help.
Sadly the sfc /scannow had no effect but I am searching on..

I have followed your advice about Thunderbird and Firefox. The others are a thing of the past!!
Once again, I appreciate your assistance, and will buy you a virtual Guinness at any virtual bar you care to name!
Catherine

 

[RealBlackStuff]

Go to windows\system32\ and rightclick dfrg.msc and select Properties.
It should say 'Opens with: Microsoft Management Console'
If it shows opening with something else, change it.

Could be that one of your 'nasties' changed the file-association.

 

[catherinebed]

problem solved

Thanks muchly. For the record, and in case anybody is googling this problem as I have been.....
I did not end up trying this because I first followed this advice from Computer.net

run Regsvr32 "C:\WINDOWS\system32\msxml3.dll"

It solved the problem for me too!!

I really appreciate your help, RealBlack. Many thanks.

Catherine

 

[RealBlackStuff]

Sorted at last! Congrats.

Just wondering how you got onto that particular dll-file!