Internet Explorer Settings

Uninstall what? You did not install anything. You deleted registry settings if you were using HijackThis. If you installed HijackThis properly and used one of the more current versions, you can have HijackThis undo its changes from the backups.

Do you recall everything you changed? Did you save a log from before you changed it? Maybe that will refresh your memory.

 

HijackThis does not do anything unless you tell it to. It scans and the it fixes lines that you tell it to fix. Did you try to restore from a backup yet like I suggested?

You may have broken you LSP chain. You may have to look at using WinSockFix.

 

You're not reading what I said to you. HijackThis does its own backups as long as you have a fairly current version. What version did you use? Try to restore from its backups. Run HijackThis and click Config and then Backups.

You didn't by chance delete everything that HijackThis came up with....did you?

What OS are you using?

 

Could you please answer all my questions. Go back and read again and answer what I have asked.

And why do you keep saying "just the files they told me to fix". Who is they? If you are talking about HijackThis, it does not tell you to delete or fix anything. So would you please clarify what you are talking about.

 

Very bad idea. You should not have deleted anything from the registry unless you really know what you are doing and you should do a backup first. The HijackThis tool you are referring to is far from perfect. And it did not say to delete the items it did not recognize. It just said they might be bad. You should have dug into it further youself to find out. HijackThis is not a tool for novices. It is for expert users only. Experts can guide the novices in using it.

I repeat....What version of HijackThis?

You may want to look into using WinXP's system restore to bring your PC back to a restore point prior to when you made the changes. Realize that anything else you have done (like install a valid application) will be reverted too but you don't have much of a choice here. Since you don't have backups of your registry or from HijackThis, system restore is your only option unless you do not have it enabled or you removed your restore points.

 

Well there could be other things that you have not checked yet too.

See this and scroll down to the heading "Use System Restore": http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

You should be able to go back to a date and time before you made these changes as long as you know when you broke it.

 

You save it as a .txt file and post it as an attachment to your message.
Did the restore fix your problem?

 

Then your problem must have started before July-28.
How are you connecting right now if you have problems?
Try downloading and running this.http://www.acrodata.com/WinsockXPFix.zip

You have HijackThis running from a Temp folder. This is a bad idea and perhaps is why you don't have any backups available. Either that or you are running it right from the ZIP file. Again a bad idea (no backups again). Here is where you have it:
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis_198.zip\HijackThis.exe

Unzip HijackThis into its own folder. Like c:\Program Files\HijackThis And run it from there.

First thing you should do is uninstall the My Web Search stuff. Go to Control Panel, Add/Remove Programs and see if you can locate this stuff. They use a variety of names like: MyWeb, MyWebBar, MyWebSearch, etc. Also the TV Media stuff has to go. But let's take one thing at a time.

 

I said Uninstall MyWebSearch using Add/Remove programs. Is that what you did?
And what did you do with TV Media? You said you deleted it? What does that mean?

 

There is a lot of stuff that has to get fixed. But we need to go slowly here.
First you most follow a very important rule: Do not fix anything with HijackThis if you have any Internet Explorer windows open! It is better if you shut everything down but for now just make sure you do not click Fix in HJT if any IE sessions are running.

Let's start by fixing these three lines only:
O1 - Hosts: 66.197.100.83 auto.search.msn.com
O1 - Hosts: 66.197.100.83 sitefinder.verisign.com
O2 - BHO: (no name) - SOFTWARE - (no file)

Then I want you to reboot. Your next step is to run all of the items listed in this link except you do not need to run HSremove or About:Buster:
http://forums.majorgeeks.com/showthread.php?t=35407

Then repeat running Ad-aware & SpyBot S&D after booting in safe mode.
Then boot in normal mode.
After doing all that, post a new HijackThis log attachment.

And I'll talk to you later tomorrow. Gotta go now!

 

You either have a configuration error (some files or drivers are missing or corrupted) or your DNS (Domain Name Service) server IP address configuration is not correct or your service provider DNS servers are not resolving domain names (like www.majorgeeks.com) its actual IP address.

You should have tried running WinSockXPFix almost an hour ago. It may or may not help.

At any rate you still have other problems too.

I really have to go NOW! Bye!

 

Now click Start, and then click Run. (The Run dialog box appears.) Type, or copy and paste, the following text:
regsvr32 /u C:\Program Files\TV Media\TvmBho.dll
then click OK. If a dialog box confirming this action appears, click OK.

Now click Start, and then click Run. (The Run dialog box appears.) Type, or copy and paste, the following text:
regsvr32 /u C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
then click OK. If a dialog box confirming this action appears, click OK.


Run Task Manager (CTRL-ALT-DEL) select Processes and look for these processes again and end them (if found):
tvm.exe
tvmd.exe
tvmd-decompressed.exe
tvtmd.exe
id53.exe
bokja.exe
sysupd.exe
stcloader.exe
IEService.exe

Run HijackThis and put checks on the following items (DO NOT FIX YET):
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod-1.dll (file missing)
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [bokja] C:\WINNT\bokja.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [stcloader] C:\WINNT\System32\stcloader.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

Exit all Internet Explorer sessions. Now click fix in HijackThis.

Now reboot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Make sure you can view hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650

Run Task Manager again and look for this process again and end it if found (you need to do this again in safe mode because this is a stubborn one that restarts itself):
sysupd.exe

Delete the following:
C:\installer <---- The whole directory
C:\WINNT\bokja.exe <--- the file
C:\Program Files\TV Media <---- The whole directory
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi <--- The whole directory
C:\WINNT\sysupd.exe <--- the file
C:\WINNT\System32\stcloader.exe <--- the file
C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1 <--- The whole directory

Run HijackThis again in safe mode and double check that all the previously fixed lines are still fixed. If not, fix them again.

Now reboot in normal mode and post a new HijackThis log. Tell me the results of all these steps and how things are working.

 

Ill repeat it for you this time Chaslang. Did you do what he said? Your saying you "deleted". Words can be important here... Did you uninstall from add\remove programs what he asked and did you download the tool he asked you to?

 

Okay, your HJT log is finally looking pretty good.
But have you tried (I asked this multiple times now) running WinSockXPFix? See previous messages for a link.

 

It's right on this page. About 15 messages back (8/6/2004 00:47). Here is is again:
http://www.acrodata.com/WinsockXPFix.zip

 

There is nothing wrong with that address. It is just www.msn.com. What exactly happens when you try to bring up Internet Explorer? What is the exact message that you get (word for word)?

By the way you HJT log keeps showing: C:\WINNT\system32\freecell.exe
Why is this running? It is either a game or a virus. Do you know which one? And why is it always running?

Have you tried bring up Internet Explorer and clicking Tools, Internet Options, the select Connections and then Lan Settings and choose Automatically detec setttings and click OK?

 

Try working thru this: http://support.microsoft.com/default.aspx?kbid=274498

Let me know what happens.

 

Could be a little more specific? What did you do in safe mode and why were you doing this anyway? Goto Control Panel and click on Java Plug-in.

Do what I gave you below?

 

Oops! Sorry about this one! It was getting way to late I guess and I did not realize it was only for WinMe.

 

There are some KB articles you can look at.
Check the last one out first!

http://support.microsoft.com/default.aspx?scid=kb;en-us;812336&Product=winxp
http://support.microsoft.com/default.aspx?scid=kb;EN-US;303488
http://support.microsoft.com/default.aspx?scid=kb;EN-US;299357
http://support.microsoft.com/default.aspx?kbid=811259
http://support.microsoft.com/default.aspx?scid=kb;en-us;314095&Product=winxp