something clever and nasty on my laptop - Page 3

hmk_32 · 10-14-2009, 02:38 PM

hello

info below:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\HAYLEY>sc qc sharedaccess
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: sharedaccess
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
: RasMan
: BFE
SERVICE_START_NAME : LocalSystem

C:\Users\HAYLEY>

**chemist** · 10-15-2009, 10:14 AM

Hello again, Hayley.

Go Start and then type services.msc into the Start Search box and click OK.

Scroll down to 'Base Filtering Engine Service' or 'BFE' and double-click it.

Set Startup type to 'Automatic', then set the Service status to Started by clicking 'Start', then 'Apply'.

If you were successful, see if you can do the same with 'Windows Firewall/Internet Connection Sharing (ICS)'.

Let me know.

------------------------------------------------------

hmk_32 · 10-15-2009, 02:29 PM

Hi Chemist

No luck with BFE - error message received below

-Windows could not start the base filtering engine service on local computer
Error 2 : The system can not find the file specified

Hayley

**chemist** · 10-15-2009, 08:33 PM

Hello again, Hayley.

Go Start Search and copy/paste the following single-line command into the Start Search box and click OK:

cmd /c peV -ltf "%systemdrive%\bfe.dll" >log.txt&log.txt&del log.txt

A Notepad file will open. Post the contents of log.txt in your next reply.

------------------------------------------------------

hmk_32 · 10-16-2009, 01:05 AM

Hi Chemist,

I have a new problem now

when l start up the laptop it goes to a black screen and then l get the following messages:

FOR REALTECK RTL8101E/8102E PCI-E Ethernet controller v1.07(080320)
PXE-E61: media test failure, check cable
PXE-M0F: EXITING PXE ROM.

NO BOOTABLE DEVICE-- insert boot disk and press any key

it just repeates it over and over - l am unable to log in under safe mode even ????

Regards
Hayley

**chemist** · 10-16-2009, 06:23 AM

Hello again, Hayley. What was done to your machine since the last time it booted up correctly? Do you have the setup CD for your system? Can you access your BIOS? What is the order of devices listed?

http://en.kioskea.net/faq/sujet-283-...ur-bios-set-up

hmk_32 · 10-16-2009, 03:04 PM

Hi

I havent been using the laptop at all, l have only turned it on to follow your instructions then l switch it off again.....and l dont have the set up CD (l will have another search for them as l find it really stupid of me to thow it out)

I think below is what you where wanting:

1. HDD
2.FDD
3.CD/DVD
4.LAN
5USB MEMORY

Thanks
Hayley

hmk_32 · 10-16-2009, 03:28 PM

Hi Chemist

It loaded up this time ?

When l complted the below step
cmd /c peV -ltf "%systemdrive%\bfe.dll" >log.txt&log.txt&del log.txt

The CMD window comes up saying : Access is denied

nothing else happens

Hayley

**chemist** · 10-16-2009, 04:53 PM

Hello again, Hayley.

Let's check your system for corrupted files.

Go Start > Programs > Accessories > right-click 'Command Prompt' > Run as Administrator

Type sfc /scannow and press 'Enter'(there is a space between c and /).

Let it scan your system. Let me know the results.

------------------------------------------------------

hmk_32 · 10-16-2009, 07:14 PM

Hi

Results below

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

**chemist** · 10-16-2009, 07:29 PM

Hello again, Hayley. Please navigate to this file:

C:\Windows\Logs\CBS\CBS.log

Right-click > Rename to CBS.txt

Please attach the file to your next reply.

------------------------------------------------------

hmk_32 · 10-16-2009, 10:13 PM

Hi Again,

unable to open the log - error saying acceaa was denied

Hayley

hmk_32 · 10-16-2009, 10:14 PM

sorry typo - access was denied

**chemist** · 10-16-2009, 10:32 PM

Drag the file onto Inherit.exe and then rename it.

hmk_32 · 10-17-2009, 12:36 AM

Hi

The file is attached to big to post on here screen kept freezing

Hayley

**chemist** · 10-17-2009, 05:42 AM

Hello again, Hayley. Are you still unable to start 'Base Filtering Engine' and 'Windows Firewall/Internet Connection Sharing'?

------------------------------------------------------

hmk_32 · 10-19-2009, 12:10 AM

Hi Chemist

Still unable to start either.

Regards
Hayley

**chemist** · 10-19-2009, 02:49 AM

Did you find the CD, or can you borrow one with same service pack?

hmk_32 · 10-20-2009, 04:24 AM

Hi Chemist

I found the CD and re loaded vista again so lm back at the start again.... lm able to access the net and everything seems to be working fine

Regards
Hayley

**chemist** · 10-20-2009, 06:08 AM

Hello again, Hayley.

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

How Did I Get Infected In The First Place? by TonyKlein
How to Prevent Malware by miekiemoes

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an add-on available for both Firefox and IE.
SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.