Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Dan

    Hijack This Log

    Hi, First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet. To Get rid of NewDotNet, go to: Start > Control Panel > Add or Remove Programs and remove the following: New.Net Applications or New.Net Domains (anything that says New.Net) If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4. In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do. Next, go to Add Remove Programs again, and uninstall the following programs: WinTools Viewpoint Now, Open HijackThis, click the "Scan" button, and check the following items (If present): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe Close all windows except HJT and click the "Fix Checked" button. Reboot and post a new log. Danny
  2. You can use McAfee as long as your remember to keep it updated. dk
  3. I got one...i made this a few days ago....but was too lazy to post it. http://dknoppix.com/Pictures/blue2.bmp dk
  4. Hi, We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-Virus Avast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE Personal Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! dk
  5. Happy Birthday!!!!! I suppose you're blim's son?
  6. Hi, Please print these instructions out for use in Safe Mode. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to extract the files This will create a VundoFix folder on your desktop. After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a warning. It should look like this At this point press enter one time. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\tuspp.dll [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. [*] Next you will see: [*]At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\ppsut.* [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. [*]The fix will run then HijackThis will open. [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED: O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\tuspp.dll O20 - Winlogon Notify: tuspp - C:\WINDOWS\system32\tuspp.dll [*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer. [*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! [*]Once your machine reboots please continue with the instructions below. Download and install CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click OK Press the CleanUp! button to start the program. It may ask you to reboot at the end, click NO. Then, please run this online virus scan: ActiveScan Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. dk
  7. Dan

    Egg Project

    Yeah...I was planning on just attaching random toothpicks in places, not reallly tightly, so that they fall off.
  8. How in the heck can you do that 0_o
  9. Wasn't this announced a while ago???? I use Sygate BTW
  10. Dan

    Egg Project

    Interesting Chappy....I am almost done building my first try one, and I'll post a pic soon,and I will use both of your ideas. dk
  11. Try fixwareout in normal mode. This may be the problem. If you can't get into normal mode, download BFU.zip from http://dknoppix.com/downloads.php?dl=bfu, and unzip it into "C:\fixwareout". Then try. dk
  12. In my newsletter http://dknoppix.com/newsletter/twdknewsletter1.html (Also, someone else told me about it in this thread )
  13. Dan

    Hijackthis Log

    Panda's a great firewall (Note: Don't run two AntiVirus programs by eachother!) dk
  14. Hmm... Download This: http://homepage.ntlworld.com/spencer.greystrong/W2kFiles.exe and run it. Now run fixwareout again, and post a new HijackThis log. dk
  15. Hi, You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SHANED~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {6CFE85D3-C654-2F79-FA77-6D16801545BB} - C:\WINNT\system32\Z59JFLk0.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\dkslz.dll O4 - HKLM\..\Run: [RunDLL] C:\WINNT\system32\rund11.exe O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile O4 - HKLM\..\Run: [dmehk.exe] C:\WINNT\system32\dmehk.exe O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 85.255.113.123,85.255.112.14 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O21 - SSODL: qCmQLSyh - {6CFE85CD-C654-2F67-40F3-5C2A801545B8} - C:\WINNT\system32\mmrd.dll O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT\system32\dcom_9.dll Click Fix Checked. Close HijackThis, and click OK to proceed. At the end of the fix, you may need to restart your computer again. Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log. dk
  16. Ok...lets try this: Download http://www.atribune.org/downloads/csvun.zip, and unzip it to your desktop using Winzip or a simliar program (If you don't have winzip, just unzip them on another computer, and just copy the files over) After you have unziped them, run csvun.bat. Now, please RIGHT-CLICK HERE to download Silent Runner's. Save it to the desktop. Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. You will receive a prompt:Do you want to skip supplementary searches? click NO [*]You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!) [*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here in your next post. *NOTE* If you receive any warning message about scripts, please choose to allow the script to run. dk
  17. Woah! nice! How'd you get the camera up there? (Setting z?) dk
  18. woah..thats cool How'd you make that lol
  19. HAPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPY BIRTHDAYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY MANDYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY!!!!!! Have a good one dk
  20. woah...how do you get the space effect? Is that a multicolored sun? dk