Sure looks like it. :bigthumb:
I picked your log because I saw you were Dutch too. :)
Makes it easier to post my prevention speech:
Please read:...
Type: Posts; User: Metallica; Keyword(s):
Sure looks like it. :bigthumb:
I picked your log because I saw you were Dutch too. :)
Makes it easier to post my prevention speech:
Please read:...
Tracking cookies are a pest but easy to cure and they don't do any harm except provide information about you.
You should read:
http://privacy.getnetwise.org/browsing/tips/cookies
You may also...
Hi jurgen,
swhelper reportedly belongs to Shockwave, so if you installed that program you can allow it access in your firewall.
That should stop the IE crashes on sites that require it.
Can...
Hi Jurgen,
steamwiz seems to be unavailable at the moment.
Can you give me a short recap of the problems you are still facing?
In the meantime I'll read up on what you have done sofar.
...
Hi bcs0262cop,
I probably don't need to tell you that the best way to find out is to backtrack from what you have found.
Are you in a position to share that information?
And a thank you to Mosaic1, who gave me the solution on a silver platter. :heart:
Glad we could help. :cool:
Hi Numlocke,
We will probably have to delete the entire Temp Internet Folder for that useraccount. To do so we will need one of the following:
- Another useraccount with Administrator rights
- A...
So you could follow the path untill the Temporary Internet Files Folder ?
Can you find the file in there ?
If you toggle the A you should get to see all the files whose names start with an A...
Too bad the BFU log doesn't show why it failed. :sad:
Let's see if Unlocker can get rid of it.
Download the program here:
http://ccollomb.free.fr/unlocker/
and install it.
Check if your...
I will attach a file to this post. Rightclick that file and save it into the same folder as the file BFU.exe that teacup61 told you to get.
Then doubleclick BFU.exe and on the BFU program screen...
Hi Numlocke,
teacup61 asked me to look at your problem.
I wanted to know if there is another useraccount active on that computer and if the one you are using has administrator rights?
Let me...
On one hand I hope it finds your memory OK.
On the other I'm hoping it will tell us what's wrong.
Waiting for your update.
I never tried this one:
http://home.earthlink.net/~alegr/index.htm
but it promises to run under Windows.
That stinks. :sick:
Sorry, but we have pretty much ruled out malware.
Can you do a test of your memory:
This article gives a good description of what to use and how:...
Good. Looks like that wasn't so dumb. :)
Sheer luck probably.
Let's remove it from the old ControlSet just to be on the safe side.
Copy the part in bold below into notepad and save it as...
OK. Let's play stupid first. If it doesn't work we may have to get clever. :)
Run HijackThis and click Misc Tools. In that section click Delete an NT Service
In the prompt paste:
esentprf.exe...
I'm almost sure I have found the problem, but the solution is almost two years old. :oops:
Give me a few minutes to read up.
Have you tried going back to the old settings and did that help?
If not please copy the part in bold below into notepad and save it as services.bat
cd\
sc query state= all >> services.txt...
Go up a few posts. You can use the Haxfix I posted.
That tool was developed after the MicroSoft page was put up.
Which is hopelessly behind now anyway.
I just gave the link because it mentions the...
It could be , but I'd like to rule out the Haxdoor infection that often causes this kind of errors:
http://support.microsoft.com/kb/903251/EN-US/
Download haxfix.exe
and save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon"
Click...
Can you post the error on the BSOD?
If it goes to fast, turn off the automatic reboot so you can actually see the error when it happens—chances are it will tell us enough to let you troubleshoot...
That looks good. :)
Any problems on your end?
Please read: http://forums.spybot.info/showthread.php?t=279
to help avoid getting infected again.
Very good. :bigthumb:
Now copy the part in bold below into notepad and save it as Appid.reg
Set Filetype to "all files"
Windows Registry Editor Version 5.00
...
I had a brief look, but that's really all I needed.
It is packed in a manner that suggest they didn't want to reveal the content.
It also is unsigned. This together convinces me it is trouble....
Hmmm. I'm kind of disappointed by the Kasperksy result.
Unless you know where that file came from, can you please surf to:
http://www.thespykiller.co.uk/forum/index.php?topic=5.0
Follow the...
Very good. :)
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2...
Hi minimalist,
I think you have several infections on your computer.
First download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe...
My pleasure. :)
Be carefull out there. ;)
Glad we could help. I'm closing this topic.
Anyone having a similar problem, start a thread of your own.
Ah OK. Then you should be safe.
Please read:
http://forums.spybot.info/showthread.php?t=279
Don't forget to inform the person that infected you. :spider:
Ok.
Please surf to http://www.kaspersky.com/scanforvirus.html and have this file scanned:
D:\Program Files\MSN Messenger\MSNMSGR.EXE
Let me know the results.
The original may have been...
Your log looks clean now. Good job. :bigthumb:
Can you tell me if you were infected by a link in a message that was delivered by MSN Messenger?
If so, there is something else we need to do and...
Can you delete the folder in safe mode ?
Delete this one as well when you are there:
D:\Program Files\Common Files\{1B5611E3-0A77-2057-0129-03030121002c} <= entire folder
and use HijackThis to...
Oops. Almost forgot.
When you reboot delete this folder:
D:\Program Files\PrintView
Click Start > Run type services.msc > OK
In the list of services find:
System Startup Service (SvcProc)
Rightclick that line and choose Properties.
On the General tab Stop and set the service to...
The prefetch files are harmless by nature.
You can leave that one alone.
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5826
Yes you can delete Yinstall.exe
It's an installer for other misery.
Also look for:
D:\mt-uninstaller.exe
D:\drsmartload1.exe
Delete them if they are present.
Then post back with a new...
You are being helped here:
http://forums.spybot.info/showthread.php?t=7741
So I am closing this one to avoid wasting someones time.
Hi k4m135h,
Can you follow the instructions here:
http://www.thespykiller.co.uk/forum/index.php?topic=5.0
and upload a copy of:
D:\Documents and Settings\Geeta\Yinstall.exe
Then run...
Hi Jim,
Got your log.
You should delete these files:
C:\WINDOWS\SYSTEM32\dfrgsrv.exe
C:\WINDOWS\Downloaded Program Files\gdnUS2296.exe
C:\WINDOWS\system32\?hkdsk.exe
The last one will...
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
O2 - BHO: (no name) - {CC15449D-564B-BFBD-010F-5C0D90856CC3} - (no file)
O2 - BHO: (no name) -...
My pleasure. :o
Please read:
http://forums.spybot.info/showthread.php?t=279
Hi jthomas666,
Please print these instructions, or copy them to Notepad and save them to your Desktop so you can refer to them easily. You will be in Safemode for part of this fix, so you will...
Also try this one:
Please download and unzip Ren-cmdservice to your desktop.
It will only work correctly if the folder is placed on your desktop and extracted....
Can you see if the file regdacl.exe is present?
It looks as if that is the one it can't find.
No. I think you should at least be able to read what it's doing.
And a text should open when it is finished.
Can you try again. Do be patient in case it takes a little longer.
Found you. :)
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 -...
Glad we could help. :bigthumb:
Please read:
http://forums.spybot.info/showthread.php?t=279
You did run delcmdservice from the desktop as I described ?
Aha. That clears things up a bit.
So all we need to do is remove that service.
Click Start > Run type services.msc > OK
In the list of services find:
Task Scheduler (Schedule)
Rightclick...