I was using my newer computer. Windows XP Service Pack 2. Strangely, me and my brother have been finding a program called dl.exe popping up in weird directories. So yesterday, the program just started running and then after that, our internet browsers would not show the internet. The internet connection was definitely working, as I was able to use it on this other computer that we have (which I am using right now). So I tried to delete the dl.exe with no luck. So my brother told him to reboot in safe mode and try to delete it there. I did that, but couldn't delete it. I then tried reboot in normal mode and when he tried to login to his user account, it logged in, but immediately logged off. That's when he looked up information about dl.exe and he managed to delete and removed registries concerning it. He also found information on "Blaze Find," which he says is the virus that causes the loop. He supposedly deleted it, but the loop doesn't go away. We can only use that computer on safe mode, and that means no internet access. I have tried Ad-Aware, CCleaner, Registry Mechanic, Spyware Blaster, Spybot, and Trojan Cleaner on the computer and have fixed all issues that have shown up, but the loop won't go away. I can't use several programs, like Notepad or Nod32. They give me errors. In addition to the loop, there are two error messages that show up on the logon screen: ati2evxx.exe Application Error the instruction at "0x0040003" referenced memory at "0x7c800000". The memory could not be "written". spoolsv.exe Application Error the instruction at "0x01000003" referenced memory at "0x7c800000". The memory could not be "written". These are both followed by: Click on OK to terminate the program. Click on CANCEL to debug the program. I have run Hijack This! and the following is the log. I hope someone can help me clear up this problem. Thanks in advance. Logfile of HijackThis v1.99.1 Scan saved at 10:28:37 AM, on 2/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TrojanHunter 4.2\THGuard.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file) O2 - BHO: (no name) - {C3564DDC-8E5D-F82F-C58E-978D11410571} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136660441609 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2A2BD8DE-BBAD-431B-96B3-97E8127F0C93}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file) O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing) O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
hey bud. sounds like a unrecoverable virus. hate those. do one of the following: 1. when you go to safe mode, make sure you select 'safe mode with network' 2. use the XP disk and try to do a 'repair' install, which will overwrite affected system files. 3. if it does not look like you can fix it, get Knoppix. It's a cd-bootable Linux OS. It runs straight off the cd. there you can get your old files from the hard drive, that you want to keep, and burn it to a cd-r. after you got everything, pop in the XP disc and re-install.
Ah Master, was hoping you would see this! I'm not sure I have the Windows XP boot disc. I have the reinstallation CD, though. Also, me and my brother have more than 30 gigs of music and games that took an immensely long time to collect. We don't have enough time, DVD-RWs and CD-Rs combined to back it all up. Any other resolution?
i think that dl.exe file is a virus man. i had that once and it didnt let me into the internet but luckily i ran a test and quarentined it... i would do what master said to do m8.
The weird thing is that I can run in safe mode. I also managed to login to one of the accounts normally, after this happened, but then never again. Are you 100% sure it is unrecoverable?
Oh and I know DL.exe is a trojan! So is Blazefind! But none are destructive to that point. This is about blazefind: http://www.winxptutor.com/wsaremove.htm This is about DL.exe http://www.nod32.com/msgs/tengaa.htm How can these trigger unrecoverable memory loss? I also searched for the error messages I receive when trying to login on google, but no results.
well, what you could do is this: get a 40-80 gig drive, theyre really cheap now. hook it up as slave, and run knoppix. then transfer everything to that new drive, and then reinstall windows
The best thing that I've done: Re-Install XP, but DON'T Delete it. The Dl.exe will go away, and you will still have you music!
I ran all the AVs I can get on there on safe mode. CD-Rs don't seem to work, so I have to compress each antivirus I download into 1.44 mb .rar files and transfer them to my new computer via floppy disk. >_< Merged Post: That is my last resort. Right now I am trying to get help from geekstogo forums.
Won't re-installing XP delete all your files? :unsure: Is their a way to create like a virtual partition that I can store all the files to as if it were a seperate hard drive? (using my imagination here)
well, you could, with partition magic, split the drive to two partitions, if you have like half your drive empty. but thats a bit risky by itself. if i were you, i would just get a secondary drive to save all your shyt on. nag your parents, steal money from your brother, be creative. this seems like the only alternative..
