Posts by DMR

Ok, you need to use the Registry Editor to perform the tasks you're asking about. Be careful not to change anything yet while in the Editor- a wrong change there can render your system useless!!

Click the "Run..." option under your Start button and type "regedit" (omit the quotes) in the resulting dialog box; this will start the Editor. The window it presents will look very much like what you see when you use Windows Explorer to browse your folders, except for the fact you're looking at the hierarchy of your Registry instead of the hierarcy of folders on your hard drive.

From that initial window it should be pretty intuitive as to how to navigate to the HKLM\SOFTWARE\Classes\Interface\ location ("HKLM" is shorthand for the HKEY_LOCAL_MACHINE root "folder"). Once there, verify that the values in the {00020400-0000-0000-C000-000000000046} key are those given in the article.

Repost here if you have further questions, or if the registry values you find don't match those given in the Microsoft article.

Cool- we'll be here.

And yeah- you'll definitely want to relax with some golfing before the shock of dealing with the 300+ pieces of malware that Ad Aware and SpyBot are going to find on your system...

:mrgreen:

You can see fingerprints of the Google bar's existence (or lack thereof) in the logs generated by HJT and other diagnostic tools that people post. As for the "Search for" part of the symptom. I'm not sure if you'll see that if you aren't using the Google bar, but the about:blank hijack itself certainly isn't limited to those using the Google bar.

Marking this thread as solved. The thread is essentially closed unless the original poster has further questions.

Members with similar problems should post their questions in their own thread.

Thanks.

Marking as solved... :)

Oops- caperjack beat me to it... :p

NoAdware is highly suspected to be a scam. General concensus is that it returns false-positives to entice you to buy the retail version, and there is also some speculation that it may actually contain spyware itself.

Here's a list of dodgy and/or outright bogus "Anti-Spyware" programs and sites:

http://www.netrn.net/archives2/000571.html

You've still got major problems. Before proceeding with HJT, download and run Ad Aware and SpyBot. Allow them to fix whatever they find and then post a fresh HJT log.

Links to the downloads are in my sig below. Also- follow the configuration instructions in the "Setting up Ad Aware and SpyBot" link before running the programs.

Does ANYONE who has this browser hijack NOT have the Google search toolbar?

Yes- we've seen more than a few instances of the about:blank issue where the Google toolbar played no part.

in the end i'll just not browse w/ IE anymore...

That will solve the majority of the problems. :)

Yeah- it did look suspicious, but I was hesitant to tell someone to blow away a reference to something that I couldn't confirm. I suppose if it were my system though, I would have axed without much thought...

You're welcome.

In terms of taking the computer to a shop, maybe you should remind your family member that we don't charge for our services... :mrgreen:

Hello EvilSp0rk, welcome to Tech Talk. :)

Please read this entire thread thoroughly- we (the moderators) have posted about 5 comments concerning our rule against having members post their questions in someone else's thread. When multiple people start asking multiple questions in a single thread, it quickly becomes confusing to follow which answers relate to which questions. It also distracts the focus of the troubleshoot away from the original poster's problem.

Please start your own thread and post your question there. Also- have a read through our posting guidelines in general:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

A possible (although brute-force) fix:

- Open your Registry Editor (type "regedit" in the "Run..." dialog under your Start menu).

- Navigate to HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->Current Version->Run

- If you see an entry for Messenger in the right-hand pane of the editor window, delete it.

The next time you boot, Messenger should not start.

If the BIOS manufacturer gave you the upgrade info, you should probably go for it. Before doing so though, ask them specifically if the upgrade solves the drive size limit. You should also ask them what the size limit will be in the upgraded BIOS version, because limits exist at 64G and 127G too. Aside from adding large-drive capability, an upgrade could provide a number things such as bug fixes, enhanced device support, performance tweaks, and the like.

In terms of the CD-ROM, has it worked in the past? If so, were there any changes made to the system just prior to the problem's appearance?

In terms of your system info, I don't know if we need the whole banana; I was just asking if Device Manager showed any problems with the CD-ROM device.

Can you give us the exact model # of the card please?

Also, the output of the following command should show some details about the card; please post that info as well:

lspci

(the first letter of that command is a lowercase "L")

redboy,

It sounds like spyware/hijackware. Have a read through the "Helping yourself" post at the top of our Security forum for information on detecting and removing the pests.

Run SpyBot and Ad Aware consecutively if you haven't already. Make sure you've gotten the lastest updates from their websites before scanning. Have both programs fix whatever they find and post a fresh log.

Configuring Ad Aware:

- In Settings, under 'scanning' - have it set to:
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'

- In 'tweaks':

-under 'scanning engine', set it to: 'unload recognized processes during scanning.'
-under 'cleaning engine', set it to: 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'

- Select 'activate in-depth scan' before starting scan.

The reason for keeping HJT in it's own folder is that it will create backup files when you run it and will store them in that folder. That way, if you mistakenly delete something you shouldn't have with HJT, you can recover from the mistake with the backup files. You can create a folder for HJT in any location by opening Windows Explorer and:

- navigating to the location where you want to create the folder
- right-clicking in the right-hand Explorer window. Choose New->Folder in the menu that pops up.
- Name the folder HijackThis

The dialer issue might be something in the system settings, or perhaps in the settings of the AOL or Sprint programs that seem to be installed; hard to say for sure, but it isn't necessarilly something malicious.

As for the runtime error, if you can give us the specific error message we'd be better able to offer advice.

Have HJT fix these:

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

Reboot, and then delete the entire C:\Program Files\MyWay folder.

Have HJT fix the following:

O4 - HKLM\..\Run: [yrquekbemrwo] C:\WINDOWS\System32\oodlsvk.exe

Once done, delete the oodlsvk.exe file (you might have to reboot in order to delete it).

Also, the adiras.exe file is a dialer program; if you know that you don't need/use it, have HJT fix that as well. As above, delete the actual file after the HJT fix.

Does Device Manager indicate that the CD-ROM is working correctly?

1. Perhaps you jostled the CR-ROM's cabling when you installed the new hard drive. Open your case and make sure all cables/connectors are seated properly.

2. As for the sound- do you get any sound at all? That is, can you hear systems sounds or music files played off the hard drive? Check the mixer settings in your sound applications; the CD audio volume may be muted or the fader may be pulled all the way down.

3. I doubt that a system of that age even has SCSI, unless you installed a SCSI adapter in it. And no, the boot sequence will have nothing to do with the problem.

4. The 80G hard drive shows up as ~30G because of an old 32G limit on IDE drives. You may be able to upgrade your BIOS if that's where the limitation lies. You can also use "drive overlay" software such as Maxtor's MaxBlast; the software "fools" the system into handling drives larger that what it normally could. Another thing to look at is the drive itself- some large drives have a "32G clip" jumper setting which forces the drive to report it's size as <32G in order to be compatible with older systems which suffer from the 32G limit.

Thanks Chris.

By the way, what is this file anyway? I couldn't find anything on it:

O2 - BHO: (no name) - {8C02662B-0276-4B52-B8CE-DC2BEF2B5912} - C:\WINDOWS\System32\cooabe.dll

You'll get some signal degradation from any KVM's circuitry/wiring, but it shouldn't be anywhere near what you seem to be describing with a $400 Belkin box.

The cables don't seem to be the culprit; I suppose it's possible that the switch itself may be defective. Can you return it for another?

Also- some swithches and extenders have adjustments to compensate for things like cable length. Does yours have any such "tweaks"? If so, you might try twiddling with those.

Other than that, I'm pretty much out of ideas... :(

No ideas, but I can tell you that I've had no problems at all with my Yahoo accounts since they've made their changes.

1. Some piece of spyware has altered your C:\WINDOWS\system32\drivers\etc\hosts file in order to deny you access to anti-virus and anti-spyware resource sites. Open that file in Notepad and delete all entries except "127.0.0.1 localhost". When you save the file, make sure that Notepad didn't append a .txt extention to the filename; the file must be named simply "hosts".

2. Have HJT fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\dom\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\dom\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\dom\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\dom\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\dom\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\dom\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

3. Although not spyware, Tiscali apparently says that you don't need to use tkonnect, and you might want to uninstall it just to regain some system resources. Uninstall instructions are here:
http://www.tiscali.co.uk/members/myaccount/internet/tk_uninstall.html

I don't see anything else right off the bat, but perhaps one of our other members will catch something I've missed.

The monitor could be reacting to something it doesn't like about the signal, but it does seem like you're using high-quality components, so I'm really not sure why that would be the case. Is it a question of cable length perhaps?

I think the power thing was just coincidence

Probably not a coincidence. The components on the vid card had probably already been weakened by heat due to the fan's failure; the voltage irregularities caused by the power outage were enough to finally kill something on the card.

Glad it was only a minor death though. :)

You might find a few tips in this article, and in another which is linked in it:

http://www.pcuser.com.au/pcuser/hs2.nsf/web/C7EAA07ABDB13103CA256EAD00058312

But you're not plugging yourself in any way here, right Terry? :mrgreen:

There are a few remote access options that the two of you could use without needing third-party hosting. XP Pro has a built-in Remote Access server (XP Home does not); SSH and telnet are a couple of other options. SSH is recommended over telnet for security reasons.

Get a few programs downloaded to combat the spyware/malware etc. Just keep them updated etc.

LittleMan

Definitely. Putting not-so-favorites into your Favorites folder is a comon tactic of spyware; you'll need to disinfect your system. Read the thread Catweazle mentioned to find out how to do that.

index.dat files are automatically generated by the system- don't worry about them.

In terms of your mail, since you said that you can't get access your computer or your husbands Mac, it's quite possible that your mail server is experiencing problems. If that's the case, you'll just have to wait until Yahoo sorts it out.

Are there any illuminating error messages/warnings in you event logs? Check the logs with Event Viewer (in your Administative Tools).

Overheating, or a failing component can cause unexpected shutdowns/restarts. In the case of a hardware failure, bad RAM is often a culprit.

Goldenwalt13,

You need to post your question in it own thread. For reason of clarity, we ask that our members abide by our "one member's question per thread" rule, because once multiple members start posting multiple questions in a pre-existing thread, it quickly becomes difficult to follow which answers relate to which questions. Doing so is also not fair to the person who first started the thread- it takes the focus of the thread away from their problem.

Please click on the "Rules" menu item at the top right-hand side of our pages and read through the guidelines for more on our general posting policies.

Thanks for understanding,

Dave Roesch (DMR)
Forum moderator

OK, so your hard drive has plenty of breathing room.

40 processes sounds like a lot for your basic desktop machine I'd still like to see the list if possible; does PRCView have any facilty for printing the list or saving it to a text file? I use Norton's Process Viewer, so I'm not familiar with PRCView.

In the process viewer, can you see any processes running which seem to be taking up an inordinate amout of CPU time or other system resources?

Cheap monitor cabling (or overly-long cabling) is the primary cause of the signal degradation. If you're using thin, flimsy video cables such as those sold by CompUSA, Radio Shack, and the like you'll almost certainly experience the problems you describe.

Those servers do exist- are you sure you're entering the names correctly? In your post you did mis-spell "smtp"; make sure you haven't done that in your server setup as well.

Any idea of how i am going to get this wupdater.exe file working properly ?
Thank You

You won't, you'll remove it- it's spyware. Either you got it with the screensaver, or the spyware that was bundled with screensaver caused a conflict with spyware currently on your system that had already installed wupdater.exe

I'm moving this to the Security forum since this is a "malware" issue. Read the "Helping Yourself" post at the top of the forum to find out how to download and use the recommended spyware removal tools. If you've got wupdater on your system, you've got other "nasties" in there as well.

Before formatting, you might try booting into rescue mode from the XP installation CD. Let it try to locate and repair your installation.

Did anything bad or unusual happen to the computer just prior to it refusing to boot?

The main list which shows the running processes is enough; we don't need info about the threads, modules, and such.

By the way- how much free space is left on your drive?

Since the time I posted this, I had a bunch of trojans in my system that I had to format the damn drive.

Have a read through the "Helping Yourself" post at the top of the Security forum. It contains info and links that can help you lessen your chances of getting reinfected.

Glad we could help AJ; I hope you're getting well paid for this new-found role of "Family Computer Fixer" that you seem to have falllen into.... :mrgreen:

- Marking as solved

OK- that might give us something to work with.

It sounds like you're describing what in geek-speak would be called "disk thrashing", although the cause of that is usually not having enough physical RAM (memory) installed to handle the programs you're using: With insufficient RAM, the system uses a virual memory "swapfile", which is reserved space on your hard drive that gets used when you run out of real RAM. If your system is using your swapfile heavily, you will experience the sort of delays you describe. However, you did say that this problem started without any hardware or software changes, so I'm not sure if this applies here. Just in case, can you tell us:

- How much RAM you have in your system
- The model/speed of your CPU (processor chip)
- the size of your hard drive

In Windows 2000 and XP the Task Manager includes a tab which lets you view not only running programs, but running processes as well; unfortunatley, Win 95/98's Task Manager does not. Assuming that you do have enough RAM to handle your applications, it might be a good idea to check what processes might be running on your system. Use the links in the following Google search to find freely downloadable programs which will give you the same functionality of 2k/XP's process viewer in 95/98 versions of Windows; we might able to determine the cause of the delays by looking through the processes you have running …

Running the regsvr32 command on shell32.dll only works in Win 2k and XP- that's probably why you're getting the error.

Have you looked at this article from MS?:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281679&sd=tech

DMR,

You’re right. Sorry about that.

Phas,

I've split your posts into their own thread. The new thread is located here:

http://www.daniweb.com/techtalkforums/thread7168.html

Are there any errors or messages in your event logs which might pont to the problem?

Again- check your event logs for possible clues. You can do this by using the Event Viewer in your Administative Tools menu.

Great! :)

Marking as solved... let's hope it stays that way.

It may not be spyware-related at all, but why don't you run HijackThis and post the resulting log in a new thread in the security forum so that we can be sure. Crunchie and caperjack have posted instructions for using HJT in a number of threads in Security- read and follow those directions.

Everytime I delete one particular version of the ***** with HijackThis...

HJT doesn't delete the actual files; it only removes the registry reference to the files. You need to manually delete the files/folders in question after HJT does its job.

You might want to read up on Sasser a bit:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

There's a link to Symantec's Sasser removal tool in there as well.

Moving this to the Security forum, as we're definitely dealing with malware issues here.