2,042 Posted Topics
 | Re: rb.tmp files I have not checked you log for problems, but you might search for a post I made within the last month on this subject... it is your Verizon AV which is creating those files in the RB. |
 | Re: Rootkit Nope, it's gone, crunchie, is now a part of AVG8 commercial. Good scans are still GMER, RKR, RKUnhooker and Icesword. |
| | Re: pls help Burning an image with Nero 6... Okay, say you have the Nero window up, the one with all the icons, not Nero Express. Across the top icons hover over Copy and Backup, when the options below change select Burn Image to Disc. Nero Burning ROM window opens, and on top … |
| | Re: Boot up problem You write like you are not in the Ukraine, so... ==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the … |
| | Pinki, to allow the fix to be made, temporarily disable TeaTimer: Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner. Click the Resident icon and uncheck Teatimer box. =In Normal mode, start hijackthis and select Scan Only. Check these … |
| | You may notice there are 2 sections to the All Programs list... top section starts with a few, select M$ shortcuts, but you can drag others into there to keep them at head of the queue, or remove any from there. |
 | Can your friend use the exact same search feature via IE - go View, Explorer Bar, check Search; Change prefs, Change file, folder search behaviour, Advanced and OK...? Oops... an oldish thread.. |
| | Re: My log, help Hello, galex, I can see that you had something there once; so that we can remove its remaining entries would you please do this [this procedure will show me the reg key entires it is using] ==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save … |
| | With that new installation of Windows [the one you did not want] on the different drive, naturally your old desktop will not be there. It should not have been there with the original reinstallation either. Run chkdsk on the C: drive, then unplug the drive that has the second windows … |
| | My IE6 does single word searches on the net quite happily. It invokes the msn engine [url]http://search.live.com[/url] - that has to be something native to IE... ie built into one of the dlls it uses. Because the microsoft search engine has been updated, the dll containing that info is probably … |
| | The message should be "Your Windows is infected with annoying trojan", but heck, you don't really expect honesty from those folks? ==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] - to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - … |
| | Yep. Keep the Windows closed an it oughta be safe. |
| | Those logs are clean, but your LSP stack [an intermediary in internet access] is damaged by a file deletion - this should cure that... ==Download LSPfix from here [url]http://cexx.org/LSPFix.exe[/url] -start it by dclicking the .exe.... On the opening screen, click the "I know what I'm doing" checkbox. Check all instances … |
| | Re: Re:virus alert! Hi, Luke, check the stickies and post a hijackthis log, please. Further, whose Virus Alert is it? Click it and tell us what they are trying to sell. "Virus Alert" is a bit generic to target properly. Heck, do this.. ==Download SDFix from here: [url]http://downloads.andymanchesta.com/RemovalTools/SDFix.exe[/url] and save it to your … |
| | Somewhere in the midst of that Yahoo, Google and Symantec bog is possibly the reason for the slowness. Other than those, nothing bad shows... ;) |
| | Hi... this is what you have: [url]http://www.faronics.com/html/deepfreeze.asp[/url] Basically the [key] entry you posted means that when winlogon.exe runs during startup this program is also started. You are safe. If you do actually have deepfreeze. |
| | Hello, dolfy, try this... [you know, when you bump a thread it can get missed ... I tend to go first for posts with zero replies]. Not posting a hijackthis log as per the stickies above does make things a little difficult... I have almost nothing to go on...! So … |
| | Slow answer. ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing … |
 | "My first born named after you!!" Please let me solve this one, jb...? Heh heh heh... |
| | You really must help us to help you!! Saying you have a popup problem is a pretty bland statement. Many tools run, but you don't list them.. so I could be wasting my time posting this....? ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and install it in a new folder. You should … |
| | Hello there... "I don't even know if I have a C:\windows\system32\dllcache folder " ... oh, yes you will, but you must display super-hidden files - in an explorer window go Tools, Folder options, View tab, uncheck Hide protected Op Sys files, Yes, Apply n Ok. And when you are done, … |
| | If you type C: into the Start, Run window does that open them? Or if you type C: into the address bar in an explorer window? ==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick … |
| | Log is fine. If you wish to change registry settings... ie to FIX those R0, R1 entries you must.. Temporarily... =Disable TeaTimer: Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner. Click the Resident icon and uncheck Teatimer box. … |
| | |
| | Do you have Adaware 2007? Then Allow. Lsdelete.exe is a file in system32 from Adaware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "BootExecute" ="autocheck autochk * lsdelete" ....is in my sys. I have no problem with it. |
| | Try uninstalling Spywaredoctor, run your chkdsk and then reinstall it. |
| | Explorer.exe basically is Windows isn't it? Yep, it's the pretty UI that you usually use to start pgms from and navigate about your files. The blank blue screen is what you see when explorer stops running - no desktop icons, task bar, backgound etc. It does look like some bad … |
| | ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log … |
| | |
| | Briefly, yes. You will need an interface program. OE is an email client, whereas Yahoo and hotmail are web-based... when you are looking at your mail in those two all you are doing is looking at just another webpage, albeit one you need a password for. For Yahoo interfacing, try …  |
| | Hi, John. When you start the pc, during BIOS POST do you see your hd listed? Is it SATA? If it is listed then BIOS has detected its controller hardware\software and that is working fine. IF it is listed and SATA... then XP needs a driver for that type of … |
| | Re: New PC Lemme get this straight... you already had Vista installed, and now you are trying to add an XP installation? Or were those two OSes plus a boot manager originally working in the old sys, already on the drive you popped into your new sys? If it is the latter, you … |
| | Log is clean. If you really are worried you could scan with a trojan hunter like AVG AS. Truly, cabal.exe is not a worry. Submit it here if you wish: ==Please go to this web page [url]http://virusscan.jotti.org/[/url], click browse and submit this file for examination: |
| | Re: Vundo trojan Oh dear. You have a Vundo infection still plus the godzilla worm. And more. =Have you been deliberately using the Microsoft Remote Assistance service? =Turn on your firewall. =See this bit in the Vundofix log?: "Attempting to delete C:\WINDOWS\system32\dotnjajk.dll C:\WINDOWS\system32\dotnjajk.dll Could not be deleted." -it means what it says, so … |
| | Cabal.exe, the game file? And AVG AS is detecting it? That would be because it is packed [and the packer wrapper shows up] and many AV/AS wares pick up the packers as Trouble: viruses etc often use packers to disguise their files, to avoid strings being recognised. Set your AVG … |
 | Will it work in Safe Mode? If not then a windows Repair is probably necessary - you would not lose your files or need to reinstall any applications. Explorer is your desktop... icons, taskbar, Start button; Task Manager runs independantly of explorer. Background is usually presented by explorer, but may … |
| | Hello.... ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon. Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps. Make sure … |
| | It is on selective release via Windows updates.... check for a task bar icon coming to a computer near you soon. [url]http://support.microsoft.com/kb/936929[/url] |
| | I picked that post up already, crunchie, and combined it into a reply.... chap put it into the wrong thread... :) ... his monicker IS DontknowIT.... yeah... :)  |
| | Hello, Jay, start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\JARLEL~1\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [BM0f7886b3] Rundll32.exe "C:\WINDOWS\system32\dxvwnean.dll",s Good, now delete these 2 files: C:\DOCUME~1\JARLEL~1\LOKALE~1\Temp\UIUCU.EXE C:\WINDOWS\system32\dxvwnean.dll [I should add that the UIUCU … |
| | You may leave the nine? O17 entries... they are just the networking parameters for the various current control sets [default, last known good, and current set of system configuration information such as device drivers and services]. They are for a safe ISP. But if you have fixed them connections may … |
| | Maybe you could start by posting a hijackthis log? See the stickies at top of forum. |
| | Hello, bill. Let's start by getting Combofix to remove what it can. ==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] - to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply. A word … |
| | This bit concerns the last section you wrote above.... Right after you select/create a partition and are given the option to format it [you did not cos you wanted to install over the top of the old installation -fine] Setup copies installation files to your hd and then restarts. DO … |
| | Normal [or standard] mode. It matters, cos more malware shows then. Btw, is that one of those metal scrollpads you just rub your finger on? I have heard of them suffering hardware or pad driver errors which cause that very problem... |
| | REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" ...okay, that was the shellfix reg file you were hunting for. It just tells winlogon to start the explorer shell. Certainly won't do any harm to run it.. Anyway, your sys is infected. Run this: ==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] - to run it … |
| | May I add this to the post by Inferno...? Fix these entries using hijackthis: O4 - HKLM\..\Run: [outlook] \outlook\outlook.exe /auto O4 - HKLM\..\Run: [Intel Driver] CSRS.EXE O4 - HKLM\..\RunServices: [Intel Driver] CSRS.EXE O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O24 - … |
| | Probably nothing. Rundll32.exe is the pgm that enables the various objects in dlls to be run as executables. An example: open your TM, go to processes tab, order the process name column and then rclick your system clock, click Adjust Date and Time - a new rundll32 willl open up. … |
 | ..and while in control panel go to windows components and uncheck OE to remove it from your Start pgm list [it does not uninstall it...]. Bobby means you gotta have an email client pgm similar to OE... you can't use a web page emailer like say, Yahoo, as a default. … |
| | O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll Use hijackthis to fix those two entries, then delete C:\WINDOWS\IECodecPlg.dll I don't see this file running...C:\Documents and Settings\K & W\My Documents\asdgsdf\SYSTEM\April, 27 2008\svchost.exe ...delete it from safe mode. ==Please download Malwarebytes' … |
The End.