Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Hi, Try this: Download Registrar Lite from http://www.resplendence.com/download/reglite.exe. Install it and run it. Click on the "Security" tab, and select "Edit Auditing" Make sure that where it says something like (DANIEL/dknoppix) (Example from my computer), that the two tabs for "Read" and "Full Control" are selected. Then try the fix here: http://www.besttechie.net/forums/index.php...indpost&p=24211 dk
  2. Hi, Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As": http://www.mvps.org/winhelp2002/DelDomains.inf Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Now, Open HijackThis, click the "Scan" button, and check the following items (If still present): R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKCU\..\Run: [ZBt3RhGFU] lffmgr10.exe O15 - Trusted Zone: *.awmdabest.com O15 - Trusted IP range: 206.161.125.149 O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe Close all windows except HijackThis, and click the "Fix Checked" button. Press Start-->Find. Find the following file and delete it: lffmgr10.exe Reboot and post a new log. dk
  3. Hi, Just wanted to let you know, that I am away for the weekend, and probably will get you an answer tomorrow morning. dk
  4. Hmm....I'll need to talk to someone about this...... For now, try the other steps...... dk
  5. Yeah...but I can access it in IE but not Firefox..heh
  6. er...Sorry, my mistake... Sorry about the delay.. ---- Hi, Please read through the instructions before you start (you may want to print this out). Please download and install these programs - don't run them yet!! Please download and unzip About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program. AboutBuster MUST be updated before you use it. Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet. Please download and install AD-Aware. Check Here on how setup and use it - please make sure you update it first. Download and unzip cwsserviceremove to your desktop. use either link below: http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip Download CW-Shredder at the link below: http://cwshredder.net/bin/CWSshtreder.exe Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes. Important Step 1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called: Remote Procedure Call (RPC) Helper When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps. 2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!! 3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for: ntkw32.exe apigf.exe If you find the files, click on them, and then click End Process => Exit the Task Manager. 4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Class - {BC0FF74A-7E39-79D3-0B70-06EC5F199D5F} - C:\WINDOWS\netfh32.dll O4 - HKLM\..\Run: [os2T3ni] wldtml.exe O4 - HKLM\..\Run: [ntkw32.exe] C:\WINDOWS\system32\ntkw32.exe O4 - HKCU\..\Run: [ZBt3RhGFU] lffmgr10.exe O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigf.exe" /s (file missing) 5. Delete the following files if present: If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. C:\WINDOWS\system32\apigf.exe C:\WINDOWS\system32\ntkw32.exe (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat) Press Start --> Find. Find the following files and delete them: wldtml.exe lffmgr10.exe 6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps. 7. Scan with AdAware and let it remove any bad files found. 8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove: Temporary Files Temporary Internet Files Recycle Bin 9. Double click on the cwsserviceremove and when asked to merge say yes. 10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds. 11. Reboot into normal mode. 12. Download the Hoster from here http://members.aol.com/toadbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program. 13. Download and run this online virus scan: http://housecall.trendmicro.com/housecall/start_corp.asp Make sure you check "AutoClean" Then reboot and post a fresh Hijack This log as well as an About:Buster log to see how we did. dk
  7. Hmm...I tried in IE and it worked...I cleared out Cache, cookies, and history...At least the first page loaded..heh..
  8. Hi, (Some of the steps we did cover already, and if you have the programs here, remember to update them) Please read through the instructions before you start (you may want to print this out). Please download and install these programs - don't run them yet!! Please download and unzip About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program. AboutBuster MUST be updated before you use it. Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet. Please download and install AD-Aware. Check Here on how setup and use it - please make sure you update it first. Download and unzip cwsserviceremove to your desktop. use either link below: http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip Download CW-Shredder at the link below: http://cwshredder.net/bin/CWSshtreder.exe Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes. Important Step 1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called: Network Security Service (NSS) When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps. 2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!! 3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for: crmd32.exe crvg.exe If you find the files, click on them, and then click End Process => Exit the Task Manager. 4. Scan with Hijack This and put checks next to all the following: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R3 - Default URLSearchHook is missing O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll O2 - BHO: Class - {A146D46A-42B6-1948-7D09-20744CC5FFB1} - C:\WINNT\javarm.dll O2 - BHO: Class - {D8DFD538-D915-DA42-82AD-9910D5D6D43B} - C:\WINNT\system32\netyw32.dll O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\crmd32.exe" /s (file missing) Close all windows except HijackThis, and click the "Fix Checked" button. 5. Next, delete the following files if present: If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. C:\WINNT\system32\crmd32.exe C:\WINNT\crvg.exe (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat) 6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps. 7. Scan with AdAware and let it remove any bad files found. 8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove: Temporary Files Temporary Internet Files Recycle Bin 9. Double click on the cwsserviceremove and when asked to merge say yes. 10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds. 11. Reboot into normal mode. 12. Download the Hoster from here http://members.aol.com/toadbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program. 13. Download and run this online virus scan: http://housecall.trendmicro.com/housecall/start_corp.asp Make sure you check "AutoClean" then reboot and post a fresh Hijack This log to see how we did. dk
  9. Hey everyone. Gmail has been DOWN for me for the past two days..... Anyone know anything bout this? dk
  10. Ok, Here's what I want you to do... Please run CWShredder, and about:buster again, and post a new HijackThis log, as well as a new HijackThis log. dk
  11. Also, it seems that one form of your infection is gone O_o
  12. Hi, That was error on me..I will have a fix in around 5 min..
  13. Hi, Please read through the instructions before you start (you may want to print this out). Please download and install these programs - don't run them yet!! Please download and unzip About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program. AboutBuster MUST be updated before you use it. Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet. Please download and install AD-Aware. Check Here on how setup and use it - please make sure you update it first. Download and unzip cwsserviceremove to your desktop. use either link below: http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip Download CW-Shredder at the link below: http://cwshredder.net/bin/CWSshtreder.exe Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes. Important Step 1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called: PLACE SERVICE FILE HERE When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps. 2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!! 3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for: PROCESSES TO BE STOPPED If you find the files, click on them, and then click End Process => Exit the Task Manager. 4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked" HJT FIXES HERE 5. Delete the following files if present: If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. FILE DELETIONS HERE (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat) 6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps. 7. Scan with AdAware and let it remove any bad files found. 8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove: Temporary Files Temporary Internet Files Recycle Bin 9. Double click on the cwsserviceremove and when asked to merge say yes. 10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds. 11. Reboot into normal mode. 12. Download the Hoster from here Press "Restore Original Hosts" and press "OK". Exit Program. 13. Download and run this online virus scan: Make sure you check "AutoClean" Then reboot and post a fresh Hijack This log as well as another about:buster log to see how we did.
  14. Hi, Please download Intermute's CWShredder from here: http://cwshredder.net/bin/CWShredder.exe Save it to the desktop and run it, and click "Fix" to remove the CWS infection. Then please download About:Buster from here: http://www.downloads.subratam.org/AboutBuster.zip Unzip the files to a convenient location such as C:\AboutBuster, and run AboutBuster.exe. Read the instructions then click OK to proceed. Click "Check for Updates", and then "Download Updates" to update About:Buster to the newest version. Then click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. Restart. Post the entire contents of that logfile here for me, as well as a new HijackThis log. dk
  15. Hi, Please read through the instructions before you start (you may want to print this out). Please download and install these programs - don't run them yet!! Please download and unzip About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program. AboutBuster MUST be updated before you use it. Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet. Please download and install AD-Aware. Check Here on how setup and use it - please make sure you update it first. Download and unzip cwsserviceremove to your desktop. use either link below: http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip Download CW-Shredder at the link below: http://cwshredder.net/bin/CWSshtreder.exe Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes. +++++++++++++++++++++++++++++++++++++++++++++++++ Here's the fix: Important Step 1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called: PLACE SERVICE FILE HERE When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps. 2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!! 3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for: PROCESSES TO BE STOPPED If you find the files, click on them, and then click End Process => Exit the Task Manager. 4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked" HJT FIXES HERE 5. Delete the following files if present: If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. FILE DELETIONS HERE (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat) 6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps. 7. Scan with AdAware and let it remove any bad files found. 8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove: Temporary Files Temporary Internet Files Recycle Bin 9. Double click on the cwsserviceremove and when asked to merge say yes. 10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds. 11. Reboot into normal mode. 12. Download the Hoster from here Press "Restore Original Hosts" and press "OK". Exit Program. 13. Download and run this online virus scan: Make sure you check "AutoClean" then reboot and post a fresh Hijack This log to see how we did.
  16. Hi, Is there anyway to get HijackThis onto your home computer??? This may be a serious infection, so if Mcafee asks you to delete explorer.exe or kernel32.dll DO NOT DO SO. This may cause your computer to take serious damage. Please scan with HijackThis, and try to transfer a log using a CD, or floppy onto your backup computer, and post it here. We may need to do alot of transfering, so please be aware of that. Thanks, dk
  17. Hello brett5150, If you would like to become part of the HijackThis Team, please PM Besttechie, giving him your credentials, etc. For now you are NOT authorized to post to HijackThis logs. Thank you, dk
  18. Dan

    The Parrot

    LOL Good one!
  19. Dan

    Ubuntu Dial Up

    Any idea how to set up dialup on Ubuntu? dk
  20. Dan

    The Manly Man's Bed

    Also, don't you think that it should have its own power supply? If a terrorist dude comes in, and unplugs it, they're screwed.
  21. Dan

    The Manly Man's Bed

    heh...How do you breathe?
  22. For links....I copy the link, go to manage favorites in Firefox, then save it. Then I just go to it, right click it, and select properties and copy/paste the link.