Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Great resource I'll bookmark it
  2. Ok, lets try it this way. Boot into Safe Mode, and click Start --> Run. Type "cmd" and press enter. In the command prompt, type: taskkill /f csvun.exe Now locate "C:\WINNT\system32\csvun.exe and rename it csvun.old. Now do the instructions in the fix in my previous post. Good luck, dk
  3. Dan

    Hijackthis Log

    Hi, We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-Virus Avast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE Personal Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! dk
  4. Hi, Lets see if you can get into Safe Mode again. When in there, press Ctrl-Alt-Delete to get into the task manager. Click the processes tab. Find the following process, click it, and select "End Process": csvun.exe Now, open Hijackthis, click the scan button, and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SHANED~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {6CFE85D3-C654-2F79-FA77-6D16801545BB} - C:\WINNT\system32\Z59JFLk0.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\dkslz.dll O4 - HKLM\..\Run: [RunDLL] C:\WINNT\system32\rund11.exe O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe O4 - HKLM\..\Run: [icasServ] C:\WINNT\system32\icasServ.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile O4 - HKLM\..\Run: [dmehk.exe] C:\WINNT\system32\dmehk.exe O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 85.255.113.123,85.255.112.14 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O21 - SSODL: qCmQLSyh - {6CFE85CD-C654-2F67-40F3-5C2A801545B8} - C:\WINNT\system32\mmrd.dll O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT\system32\dcom_9.dll Close all windows except HijackThis, and click the Fix Checked button. Locate the following files and delete them: C:\WINNT\system32\rund11.exe C:\WINNT\system32\perfcl.exe C:\WINNT\system32\icasServ.exe C:\WINNT\system32\popcorn72.exe C:\WINNT\system32\dmehk.exe C:\WINNT\system32\sysvcs.exe C:\WINNT\system32\mmrd.dll C:\WINNT\system32\dcom_9.dll Now, please RIGHT-CLICK HERE to download Silent Runner's. Save it to the desktop. Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. You will receive a prompt:Do you want to skip supplementary searches? click NO [*]You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!) [*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here in your next post. *NOTE* If you receive any warning message about scripts, please choose to allow the script to run. Finally, Run HijackThis and post a new log, as well as your SilentRunners log. dk
  5. Hi, Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further. You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem. Download about:buster by RubbeRDuckY Here. Download CWShredder Here. Download SpSeHjfix Here. Download and install CleanUp! Here Save all of these files somewhere you will remember like to the Desktop. Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix) Run the CleanUp! installer. You dont need to do anything with it right now. Update About:Buster Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created. Navigate to the AboutBuster directory and double-click on AboutBuster.exe. Click "OK" at the prompt with instructions. Click "Update" and then "Check For Update" to begin the update process. If any updates exist please download them by clicking "Download Update" then click the X to close that window. Now close About:Buster Update CWShredder Open CWShredder and click I AGREE Click Check For Update Close CWShredder Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please run about:buster by RubbeRDuckY: Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams. Click Yes to allow it to shutdown explorer.exe. It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so. When it has finished, click Save Log. Make sure you save it as I may need a copy of it later. Reboot your computer into safe mode again Run about:buster again following the same instructions as above, this time without the restart at the end Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply. Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows. Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) After all that, please post back with how things went as well as the logs requested and a new HiJackThis log. dk
  6. Dan

    Hijackthis Log

    Hi, Please open HijackThis and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB Close all windows except HijackThis, and click the "Fix Checked" button. Reboot and post a new log. dk
  7. BTW: Check out this page: http://www.freebyte.com/graphicprograms/#3D Try the proggies...I'll tell u guys how i do.
  8. Ok..I got another one from terragan... http://dknoppix.com/Pictures/snowsun.bmp Not that good, but a start
  9. Umm..Are you pressing "Download MP3" cause those are in MP3 format...
  10. Dan

    Any Way...

    would it be easyer in another language
  11. Dan

    Any Way...

    Is there anywya to make a program in C++, that can save data to a disk (like an ini file), and read information. Ex. A wrestling program. Select option: (1 for edit, 2 for new, 3 for delete) 1 then comes up all of his points for the year. Is this possible? dk
  12. Hi, We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-Virus Avast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE Personal Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! dk
  13. Hey arachnid, Any other cool proggies like this?
  14. Dan

    Been Jacked

    Hi, You are currently running HijackThis from your desktop. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted. To make a new folder: Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there. Please run HijackThis and click "Scan." Place checks next to the following entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.joyiex.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.joyiex.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.joyiex.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.joyiex.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joyiex.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.joyiex.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.joyiex.com O4 - HKCU\..\Run: [ctfnom.exe] C:\WINNT\SVOHOST.exe If you or your administrator did not put this restriction on Control Panel, also check this item. These restrictions can also be set by software like Spybot Search & Destroy, SpywareBlaster or another similar protection software: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Close all windows except HijackThis, and click the "Fix Checked" button. Locate the following files, and delete it: C:\WINNT\SVOHOST.exe Reboot and post a new log. dk
  15. Hi, You are currently running HijackThis from a temporary folder. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted. To make a new folder: Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there. Now, open HijackThis, click the 'Scan' button,and check the following items: O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing) O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab Close all windows except HijackThis, and click the 'Fix Checked' Button. Locate the following file and delete it: C:\WINDOWS\system32\taskswitch.exe Reboot, and post a new log. dk
  16. Dan

    Egg Project

    Let's see..No covering it in glue, and wooden toothpicks and we can only use large eggs....Any other questions? Maybe some more ideas? Vile, do you have AIM? dk
  17. Ok, i uploaded them to my server (Any way to make em a jpg)??: My First One Another one For the second one, I just used arachnid's lake and edited the colors dk
  18. Dan

    Egg Project

    Cool! I have till oct. 28th to finish it. How'd you mix the stuff without mixing it lol?
  19. I kinda got the hand of it lol Here's my first one: ... Or not.....I'll upload it later
  20. Dan

    Egg Project

    Mac... We can ONLY use toothpicks and hot glue..lol
  21. 139 People + 6 crew trapped on a plane.. The front wheel was stuck 90 degrees to the right....Time to make a touchdown landing....WHAT WOULD YOU DO?? This a very scary event, for the crew as well as the passengers. As the pilot; what do you do? How do I land? What if I survive and everyone else is dead? As the passenger; OMFG /me takes out cell phone, Mom...I'm about to die!!!!!!!!! HOLY S*IT!!!!!!!! Lets just be thankful that the plane touched down without any problems -- no -- even gracefully, with a messed up wheel. dk
  22. Dan

    Egg Project

    vinager removes the shell, and leaves the membrane lol.... ty for the advice...I'm building a 'prototype' now dk
  23. Dan

    Egg Project

    I was thinking of that too I heard some people soaked it in vinager, but I dunno if we're allowed, or if it'll help
  24. Dan

    Egg Project

    Hmm....Good idea I don't think there is a limit to toothpicks...but there is a weight limit -egg. Which one is the vunerable side? lol