Posts by DMR

Your log has a few "loose ends" in it, but nothing that looks like it would be the culprit. You are running a slightly older version of HijackThis, though. Just to be on the safe side, please download the latest version (1.99.1), run it, and post the log it generates.

The last time you had this problem, it was due to malicious infections if I recall correctly, but that might not be the case time. There are non-malicious causes of login problems with hotmail, msn, etc. accounts; some of the related threads in the following link have suggestions you might want to try:

http://www.daniweb.com/techtalkforums/search.php?searchid=353268

Sorry- we track and respond to so many threads here that sometimes one just slips throught the cracks.

I'll flag this thread and post the rest of the security info as soon as I get a chance.

Try the "ping" and "net view" commands I posted and let us know the result.

More information would help:

- what model of router?

- what version of Windows are the machines running?

- are the machines getting their IP addressing info from the router via DHCP, or are you entring that info on each machine manually?

- did you assign a unique computer name to each machine and assign them to the same workgroup?

- did you set up identical user accounts (including passwords) on each machine?

- If the router connects to the Internet, can both computers browse the Net correctly?

1. Keep your firewalls dropped until you get things working.

2. Make sure the two computer's IPs and the router's IP are all in the same network range. If the router is configured as a DHCP server, it should supply the correct addressing info for you; you can check the computers' IP info by opening a DOS box and typing the following command at the prompt:

ipconfig /all

3. While still in the DOS box, verify basic connectivity by pinging the IP of each machine and the router. The syntax of the ping commands is:

From computer #1:
ping IP address of router
ping IP addresss of computer #2

From computer #2:
ping IP address of router
ping IP addresss of computer #1

You should get 4 positive replies from each ping command.

4. Set up a shared folder on each machine. Once done, …

I see that the event id is 101, hope that helps

101? Can you check that again? The Event ID should be a 4 digit number.

Also- please give us any helpful information that you can concerning the history of the problem:

- When do you get the error? Does it appear when Winodws starts up, or does it happen when you try to use a certain program or perform a certain task?

- Had you added or removed any programs around the time this first started?

- Had any Windows updates been installed at about that time?

OK- that helps to narrow things down, but errors concerning ole32.dll (a core Windows file) can come from a number of places. Do the following please:

Double-click on the related errors in Event Viewer to bring up the windows that gives you the "Faulting application..." message again. At the top of the windows there should also be an "Event ID:" entry; post the Event ID numbers.

I cant for the life of me rebout in Safe Mode. I hit F8 which brings me to a selection screen that allows me to boot from a disk, cd or hard drive. I select hard drive but it does boot in safe mode I dont think.

Ok- that happens on some systems. If you hit F8 too soon, it will bring up the boot device menu you mention instead of the menu which let's you choose Safe Mode. If you just choose to boot from the hard drive in that menu, Windows will boot into its normal mode.

You will need to get into Safe Mode to delete the files that refused to delete in normal mode, and the trick to getting to Safe Mode in your case is all in the timing:

Hit F8 as you have been doing, which will bring up the menu you mentioned that lets you choose which device to boot from. Choose to boot from the hard drive again, but this time, immediately start hitting F8 again after you make that choice; that should intercept the process of booting normally into the Windows installation on your hard drive and give you the second boot option menu where you can choose Safe Mode. Your window (no pun intended) of opportunity for hitting the F8 key the second time is pretty small, so if you miss it, just let Windows boot normally and then restart and try again.

In the C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder on
your computer there will be a file named "hosts" open it with notepad and scroll to the bottom of the file....

I did and this is what I got:
For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Assuming that the lines above are the only entries in your hosts file, the file has not be tampered with. What you posted is what the default hosts file should contain.
The reason it was suggested that you make sure to scroll to the bottom of the file is that when some malicious programs modify your hosts file, they add their entries to the very end of the file and pad the midddle with blank lines. They do that because their entries won't be visible when you first open the file in Notepad (due to Notepad's default window size). If you miss the fact that there might be more than one page to the file, you won't see the malicious entries.

Also when I go into internet options and connections I have a dial-up connection, and a dial-up connction (default). Is this ok?

It isn't unusual to have more than one dial-up connnection configured, but if you only use the computer at one location and only use one dial-up service, you'll only need one connection configured.

The dial-up connection marked as …

You did it fine, except for one thing that you need to take care of:

C:\DOCUME~1\ERICKO~1\LOCALS~1\Temp\Rar$EX01.860\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

Once you take care of the above, please run HijackThis again and post the new log

I have to log for the day now, but one of our other members should be able to help you in the mean time. If not, I'll respond again as soon as I can.

You're welcome. :)

If you can give us specific details about the pop-up, toolbars, etc. in question, I'm sure we give you specific advice on how to remove them if they prove to be persistent.

You might want to post a HijackThis log for us to review. Here's a "canned answer" on HJT and its usage:

Download HijackThis:

http://www.majorgeeks.com/download3155.html

Once downloaded, follow these instructions to install and run the program:

-------------------------------------------------------------------------------------------------------------------

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

-------------------------------------------------------------------------------------------------------------------

Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

-------------------------------------------------------------------------------------------------------------------

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save …

Your latest log does look much better, but there are still a couple of things that need to go:

1. O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

You need to uninstall Security iGuard; it has a dubious reputation at best. Scrolll down to the Security iGuard entry under the "Rogue/Suspect Anti-Spyware Products" category at the following page for more information:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

If Security iGuard is listed in your Add/Remove Programs control panel, uninstall from there.

2. Have HJT fix:

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{FEC9BE58-0FA5-4B00-BE5E-EC7D052E91B6}\SVCHOST.EXE
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\k8440ihqe84e0.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\f22mlcf11f2.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\pKutoenr.dll (file missing)

3. Delete the following folder entirely:

C:\WINDOWS\system32\Services\{FEC9BE58-0FA5-4B00-BE5E-EC7D052E91B6}

4. Empty your REcycle Bin and reboot.

Post a new log after doing the above.

You're wecome joal. Feel free to ask if you have further questions. :)

Are you typing that into your web browser!?!

Ah... that would explain the dialog message, wouldn't it?

phate615,

What Christian (kc0arf) meant was that you should open a terminal window in Linux and type that command at the prompt. It's the equivalent to the "ipconfig /all" or "winipcfg" commands in Windows.

OK, I'm busted- the editing bit is true.

I accidentally submitted my post before I was done composing it; you must have responded before I made my final edits.

Either way, the advice we both gave still stands:

It's time for a HijackThis log, Aedin; follow the instructions I gave for doing so and we'll get to work on solving you problems.

Well DMR didn't give you a solution (I think) so download HiJack This from my or DMRs sigs abd save and scan a log and post that log here

Tee-hee! It took me a bit of time to post my rant, but I still beat you to it.... :p

ISearch is not a "Firefox thing" at all, and it is software that you do not want living on your computer.

Despite all of ISearch's statements to the contrary (and their legal proceedings against those who disagree with their position), their software falls firmly under the categories of adware, spyware, and hijackers.

This is a partial excerpt from their End User Licence Agreement (which they do not even link to on their home page):

By clicking "yes" or downloading, installing or using the Software, you acknowledge that you have read and understand this Agreement and agree to be bound by its terms. If you do not agree to be bound by the terms of this Agreement, you may not download or use the Software, and shall close this window without downloading the Software or clicking yes to indicate your acceptance of this Agreement.

2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads …

Hi RaginT,

I've moved your post to our Viruses, Spyware, and other Nasties forum, as that's a more fitting forum for your question. Unfortunately, the answer to that question is that there is no single utility which can protect you from all of the numerous (and constantly growing) threats out there.

In the threads in this forum you'll find a lot of information on the various infections that exist and the different tools you can use to fight them. Here are some specific links and suggestions to start with:

In general:

1. Use Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks. For detection and removal of "nasties", use Ad Aware and SpyBot (links also in my sig) as your first line of defence.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that …

As the member who originally started this thread has not responded in more than a year, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar problems should start their own threads and post their questions there. In order to help us help you most quickly, please also include as much information concerning the problem as possible in your posts.

Thank you.

i use to just go to dialup networking and create a new ,and put in there phone number and my password and use it without loading there software ,not sure if you can with AOL though

Yes, you can do that with AOL.

Also, AOL has a dialer component of its own which is separate from their whole browser package; you can use the dialer to activate your Internet connection and then use whatever browser you want once the connection is established.

1. C:\Program Files\Internet Explorer\iexplore.exe

The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

2. After taking care of the above, have HJT fix:

O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Matthew\LOCALS~1\Temp\keep.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{E20D0571-A198-44E7-83CB-0E052F74C2F9}\SVCHOST.EXE

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following file:

C:\WINDOWS\svchost.exe

Note: Delete only the version of svchost.exe in your C:\Windows directory! There is a valid Microsoft file also named svchost.exe in your C:\Windows\System32 folder; do not delete that one.

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you …

Mattis,

I split your post into its own thread, which you can find here:

http://www.daniweb.com/techtalkforums/showthread.php?t=20691

The modem is connected through USB.

Groan. If I ever find the person who decided to run network communications over a technology as flaky and finicky as USB, I'm going to strangle them with a CAT5 cable... :twisted:

Given what you've tried so far, my guess is that there's information related to the modem (or USB?) somewhere in Registry which has gotten corrupted or otherwise disassociated, and is now preventing the modem from being properly enumerated. If that's the case, even totally uninstalling and reinstalling the modem and driver may not help, as that process often doesn't clean up/correct such "loose ends".

I have seen instructions on different device manufacturer's support sites which tell you what Registry entries need to be fixed to solve "Windows cannot load the drivers" errors, but those instructions are all specific to the problem device. Unfortunately, I've seen no such instructions which apply specificallly to Surfboard modems.

You might try:

1. Uninstal the modem and drivers again.

2. Open the Registry Editor and look at the sub-keys under the following Reg key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB

If you find any subkeys related to the modem, delete them. Make a backup of the Registry before you do so!!

3. Reboot, and reinstall the driver.

1. Openware's LiveUpdate component comes bundled with a few different programs, so I can't tell you exactly what program that you installed may have put it on your system. LiveUpdate does what it's name implies: it provides auto-update functionality via the Internet for the programs that use it. It isn't malicious, and it's not essential either; it's up to you whether to have it running or not.

2. cthelper.exe is a component of some Creative Labs soundcard programs. It is not malicious, but it's also not essential; you can safely disable it if you wish.

3. DigiChat is also an optional program; remove it if you want.

4. qttask.exe and realsched.exe are two other non-essential components that don't need to be run at startup.

That said, you can safely have HijackThis fix the following:

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/...s/Client_IE.cab

Hi,i typed my post in another section and i am typing it again...

Hi tom_oxygen- welcome to TechTalk :)

We ask that members not start multiple threads on the same question, as it's confusing and inefficient to have our helpers simultaneously troubleshooting the same problem in two or more different areas of the forum(s).

Given that, I've deleted your duplicate post in the Windows 2000,XP,2003 forum. Please stick with your thread here, as this forum is the most appropriate place for the particular problems you're having.

Thanks for understanding...

Some descripitions of what proxy servers are and do (and yes- they're perfectly legal):

http://www.publicproxyservers.com/index.html
http://www.webopedia.com/TERM/p/proxy_server.html
http://whatis.techtarget.com/definition/0,,sid9_gci212840,00.html

However, if you're just looking to protect one or a few computers on a home or small office network, a proxy server is probably overkill.

Additionally- if you aren't very familiar with computer/network security, you'll probably find the task of setting up and properly configuring a proxy server to be a bit over your head. There's also the cost factor: a true proxy server is a separate dedicated computer which stands between the existing computers on your internal network and your connection to "the outside world"; you'll need to shell out some $$ for the extra hardware and software.

What are your specific "security" concerns and what sort of computer/network setup are you trying to protect?
If you give us some details, we can give you some alternatives that will be less complicated (and less expensive) than setting up a proxy machine.

Are you sure that you posted the full contents of the HJT log?

On an XP system there should be more entries after the " O15 - Trusted Zone:" lines; I'd expect at least some entries beginning with "016" and "023".

Hi there,
Im not to sure whats going on with my PC, but I seem to have some form of spyware/adware....

Hi jamesdawson,

First of all- welcome to TechTalk!

You definitely have a few "nasties" in your system. However, we do ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

The ultimate Spyware buster...

Not permanently though, unless you've installed Linux on the machine instead of Windows... :mrgreen:

If you continue to use the machine online, you will get infected again, and it's much more likely that that will happen unless you take a few precautions. Here are some general suggestions:

1. Use Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here: http://tomcoyote.org/ieoe.php

5. Obviously-install a good anti-virus program and enable its "auto-protect" and email-scanning features.

6. Install a firewall program such as Zone Alarm (from Zone Labs), or the "Internet Security" packages offered by Symantec and McAfee.

7. None of your utilities are of much good if you don't check for updates frequently; updates for anti-spyware/anti-virus …

A full technical explanation goes much deeper, but-

In a word, "no"; not in SATA's current incarnation or with the current technology of most hard drives.

Yup, the log is clean- good work. :)

For the future, here are:

A) A couple of other links to HijackThis-related info:

http://www.help2go.com/article153.html
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

B) Some general tips for future protection:

1. Use Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here: http://tomcoyote.org/ieoe.php

5. Obviously-install a good anti-virus program and enable its "auto-protect" and email-scanning features.

6. Install a firewall program such as Zone Alarm (from Zone Labs), or the "Internet Security" packages offered by Symantec and McAfee.

7. None of your utilities are of much good if you don't check for updates frequently; updates for anti-spyware/anti-virus programs can be released as often as ever two or three …

1. I personally wouldn't even be working with sensitive data like tax info on an infected machine, let alone submitting that info online from the machine. McAfee may or may not block malicious programs from transmitting the data, especially if you haven't manually modified the firewall rules to make McAfee more restrictive than it is by default.

2. With the exception of the online scans and other things we suggest that demand that the computer be online, stay disconnect from the Internet as much as possible until we get you cleaned up. Since you seem to have a broadbroad connection through Comcast, this means that you should physically disconnect the network cable from your computer. That said, you're idea of printing out our instructions is good thinking on your part. :)

3. Post an update when you can, and as I indicated in my last post, include the report results from the online scans and a new HiajckThis log.

Just FYI: I'll be out on service calls tomorrow, so won't be able respond to this until Tuesday. If you repost before then, one of our other members will hopefully be able to follow up for me.

1. The 69.50.184.84 IP address that's listed as one of your DNS servers is registered to psychs.net. If you don't recognize the IP or the URL we should remove it, but I won't have you do that until you can tell us if it's a valid entry.

2. C:\Program Files\Internet Explorer\IEXPLORE.EXE

The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

3. Once you've quit all instances of Internet Explorer (iexplore.exe), have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\bfnxc.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\bfnxc.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\bfnxc.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\bfnxc.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\bfnxc.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\bfnxc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\bfnxc.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {DF77E1E7-BF9B-B625-1701-C1212318F7BC} - C:\WINNT\d3ck32.dll
O4 - HKLM\..\Run: [javake32.exe] C:\WINNT\javake32.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINNT\system32\apiet32.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\appex.exe (file missing)

4. With Windows Explorer set to show hidden files as I described earlier, search for the following …

Ok- I'm almost positive that the ISearchTech error message does not indicate that SpyBot actually found ISearch on your machine, but rather that it encountered an internal error while scanning for ISearch.

Try uninstalling SpyBot, download and install a fresh copy of the latest version, and getting the latest updates for it. Let us know if you still get the error after that.

Also post one (hopefully final) HijackThis log for us to review.

XP Home or XP Pro? The networking capabilities and configurations of both versions differ...

All may not be lost- SpyBot keeps log reports.

Open SpyBot and choose Advanced Mode under the Mode option in the main menu bar; click Yes at the confirmation Window.

Once in advanced mode, click the Tools option in the left-hand pane of the SpyBot window and then put a check in the box next to the View Report option in the right-hand pane.

Go back to the left pane and click View Report. In the resulting right-hand pane you should be able to view both the current report and the previous (if you've run SpyBot before, obviously)

Before doing anything more with HijackThis, please give us as much information as possible concerning the Blue Screen and "illegal operation" errors as well as the pop-ups you're getting:

- Post the full and exact contents of the Blue screen/illegal op messages that you get, including all of cryptic alphanumeric error codes that can be contained in those message. Believe it or not, those errors can give us a better idea of the root causes of the problems.

- Post the contents of some of the pop-ups and/or any info regarding the web sites (URLS) they originate from.

I ran Spybot this morning and it showed there was some sort of a problem with something called ISearchTech

Can you post the full and exact information that SpyBot gave you on that please? Not all infections show up in HijackThis' log report; you may still have nasties hiding elsewhere.

Deleting Reg keys is not necessarilly A Bad Thing, and in some instances it's the only way to fix problems; don't chomp on your b/f's butt too badly for that. :mrgreen:

I doubt you need to worry about "getting the keys back" unless something appears to have been "broken" by the Reg changes.

In addition, HJT logs from Win 95/98/ME can be "light" when compared to those from Win 2K/XP systems, so the log you posted may very well be complete.

Have HJT fix the ProxyServer entry, post a new log after that, and let us know a bit more about the problems you've been having.

Yuck. Bit of a mess you've got there, zeroth...

1. In addition to About:Buster, download and run HSRemove and CWShredder.

2. Is the following IP address the valid IP of one of your DNS namesrevers? Please verify this:

69.50.184.84

3. Run at least two of the following free online anti-virus/anti-spyware scans, let them clean what they find, and post the contents of the report each generates:

http://housecall.trendmicro.com/
http://www.kaspersky.com/scanforvirus.html
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

4. Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request …

Hello Signe (a rare and interesting name there; I've only met one Signe in my entire life...)

Your log is pretty clean, although it does look a bit "light". Are you sure you posted the full contents of the log?

Also- as your log does not indicate any massive infections, can you give us more specifics on the problems you're experiencing?

To add to OurNation's post:

1. Info on the O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE entry in your log:

That file is a valid MS Windows update; leave it alone if it isn't specifically causing problems. If it is giving you trouble, have HJT fix that entry.

2. Have HJT fix the following entry. I highly doubt that it's legit, and if it is, we can restore it quite easily:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1030

Hi fishystar- welcome to TechTalk. :)

1. I'd suggest removing WeatherBug; it's adware at the very least, and there are other non-ad sponsored weather programs out there.

2. Have HijackThis fix:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

3. Delete the entire C:\PROGRAM FILES\AWS folder.

4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and do the following general "housecleaning":

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary …

1. C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

The log entries above indicate that you had at least 2 instance of Internet Explorer running when you ran HijackThis.
Before actually fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

2. O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

The above entries are indications of a new and rather nasty infection named bube.d. The only automated program we know of at the moment which can deal with this is Kaspersky's anti-virus product.

Please run the Kaspersky scan now and post the contents of the report it generates. Step-by-step instructions for performing the scan as well as further information on the infection itself can be found here:

http://computercops.biz/postt106277.html

3. It would be a good idea to also run at least two of these other free scans; posts the contents of the reports they generate as well:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

4. Do some general clean-up:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating …

Rolling back to a previous configuration doesn't touch your data files at all; the restore only affects Windows system files. However, backing up your data before troubleshooting is always a good idea.

What you can lose when you roll back to a previous restore point are any updates/changes that you made (if you made any at all) to drivers and/or other system files in the time between the last good restore point and the present. Unless you did some major upgrading though, it's usually no big deal to do the updates again.

Your new log is clean :) How is the system running now?

If things appear to be OK now, I'd suggest using Norton's Live Update to install the absolute latest virus definitions, and running a full anti-virus scan of your system. If that comes up clean, you can then re-enable System Restore.

Anyone know how to solve this problem or know how to reset my computer back to factory settings without the windows cd

If your version of Windows gives you the option, you could try booting into the "Last known good configuration" or a previous Restore Point.

Hit the F8 key repeatedly as your system is booting up to get to the menu where you can choose one of those options.

If your BIOS isn't even correctly identifying the drives, make sure all of the cabling/connectors inside the computer are properly and firmly seated. you can also clear the BIOs/motherboard by unplugging the power cord and removing the CMOS battery from the system for about 30 minutes or more.

Here's a link that lists the power usage (in Watts) of common computer components; use it as a rough guide to see if your power supply's wattage rating measures up:

http://computer.howstuffworks.com/power-supply3.htm

If you've only got a 250W supply, and your machine is relatively fully stocked with components, I'd get a beefier supply.
Of course, if the power supply is of sufficient rated wattage but just isn't providing as much "oomph" as it should, that's a different story.
One thing to remember about weak/failing power supplies (or weak batteries, for that matter) is that they will often appear to be putting out the right voltages if you measure them with a voltmeter, but will not be supplying enough current, and current is a bit more difficult to accurately measure than voltage.

Before you go out and pay for a new power supply though, replace the IDE ribbon cable on the CDs with another cable that's known to be in good, working condition if you haven't done that already. Also, it is possible that the IDE channel that the CDs are connected to is faulty, which would be a bummer- there's not much you can do there except replace the mobo...

I think I need to convert my c drive to a logical partition and then I can undertake my other partitions.

No. You should not (and most likely cannot) convert your C: partition to a "logical" partition; you risk losing all of your data on that partition if you even try. Your current C: partition is a Primary partition; Logical partitions can only be created within Extended (not Primary) partitions.

My guess is that Partition Magic is choking on the fact that it finds the special Dell partitions but doesn't quite know how to deal with them. In addition, your version of PM (version 7) is quite old at this point. Symantec (the company that now owns and distributes Norton products) also gobbled up Partion back in 2003.

Although I've never been a fan of PM at all, upgrading to the lastest version of the program might help in your case.

do you think spyware caused it not to work?

It's definitely possible, but without having your full HijackThis log or any other background information, I couldn't say that for sure.

"Cannot find server" and/or "DNS error" problems can occur for a number of reasons, ranging from damage done by malicious infections to a problem with your ISP's DNS servers. Have a read through some of our previous threads on the subject if you want more info on the possible causes:

http://www.daniweb.com/techtalkforums/search.php?searchid=344108

Bear with us here- this isn't going to fun or easy. :mad:

Please do not reboot your computer unless instructed to do so during the course of this; the malicious files will morph and multiply if you do.

1. Delete this file:
C:\WINDOWS\System32\saie_kyf.dat.tmp

2. Download L2Mfix and save it to your desktop. Double-click l2mfix.exe and follow the prompts to extract the utility; the installation process will create a new L2M folder on your desktop.
Do not do anything further with the utility at the moment; we'll be using later on.

3. Download Pocket Killbox.

- Unzip the contents of KillBox.zip to a convenient location.
- Close all Browsers and programs that show in the windows taskbar.
- Double-click on KillBox.exe.
- Click "Delete on Reboot"
- Copy/Paste this file into the top "Full Path of File to Delete" box:

C:\\WINDOWS\system32\irr6l59s1.dll

- Click the "Delete File" button which looks like a stop sign.
- Click "Yes" at the Replace on Reboot prompt.
- Click "No" at the Pending Operations prompt.
- Repeat the above steps for each of the following files, but at the Pending Operations prompt you get after the last file (iowkur.exe), click Yes to reboot the system; this will complete the deletion process:

C:\WINDOWS\system32\oueapb.dll
C:\WINDOWS\system32\yzcpuo.dll
C:\WINDOWS\system32\zmhquw.exe
C:\WINDOWS\system32\aypvub.dat
C:\WINDOWS\system32\iowkur.exe

4. After the system has rebooted:

A) Run …

I've got to log off for a bit right now, but hang in there- I'll repost with a couple of suggestions before the end of the day.