Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Hi, Open HJT, click the 'Scan' button, and check the following items: O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll If you are not using weatherbug, check this as well. O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? Reboot and post a new log. dk
  2. Happy Birthday!!!!!!!!!!!!!!!!!!!!!!! Edited some of the !!!! to eliminate page scroll Dave - Besttechie Moderator
  3. Hi, Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please run Notepad and copy the following text into a new file: Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal. Then please run Ewido, and run a full scan. Post the log from the scan here for me. Then please run HijackThis, click Scan, and check: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Close all open windows except for HijackThis and click Fix Checked. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan. dk
  4. I keep my links in FireFox, in a folder called "Security Links". My Replies to Logs, I have a Folder on my desktop named HJT Stuf (Forgot 1 f). For my canned speeches. I've found Cannery very good (Look for the topic in TC's learning hall) dk
  5. The FormToEmail isn't working for me
  6. Dan

    New Antivirus

    Looks good. Waiting for it to download. Thanks for the update. dk
  7. Actualy, it was in the same section as the loops! So how do I break from an if statement. And the error has gone away...
  8. Ok, I changed the name, now it's still saying that break isn't in the code... Why not...the "if" command was in the "Loop" section of the book... I just put a bracket on the end of the whole thing, now its saying... "Virtual Memory Exausted."
  9. Cool! Thanks. Like Matt said, I will look into that too. I was just making a proggie for Ch 5 of the book, to demonstrate looping...Now this stupid RHIDE program is telling me the a "break;" is not inside a loop -- which it is...(or I think it is...). // a simple program. Used to be as a math "test". Multiple choice (3 for now, // can be changed.... Also for what I learned in CH. 5 #include <cstdio> #include <cstdlib> #include <iostream.h> int main () { cout <<"Welcome to this program. This will ask you a few questions. Answer 1 for <, 2 for >, and 3 for =.\n"; cout <<"Question 1: \n"; int answer1; cout <<"4 is <, >, = to 7??"; cin >> answer1; //If answer right if (answer1 == 1) { cout <<"\nThat answer is correct."; } { cout <<"\nWrong. The correct answer is >."; } int answer2; cout <<"\n5.0211 is <, >, = to 5.2011?"; cin >> answer2; if (answer2 == 2) { cout <<"\nCorrect."; } { cout <<"\nWrong. The correct answer is <."; } int answer3; cout <<"\n5 over 8 is <, >, = to .635?"; cin >> answer3; if (answer3 == 2) { cout <<"Correct"; } { cout <<"Incorrect. The correct answer is <."; } int exit; cout <<"\nDo you want to quit? (0 for quit, 1 to start over)"; cin >> "exit"; if (exit == 0) { break; //this is the break; where the compiler is giving me errors } { system("PAUSE"); return 0; } }
  10. I was up making a mini proggie to test out what I learned, and I had this (After the beginning stuff): char answer1; cout <<"Is 4 (<,>,=) to 7?"; cin >> answer1 Can someone enter a symbol as a char?
  11. Ok, Here is my interpretation of how it works. It puts keys into the registry, (for IE, etc), that determines which cookies, ActiveX are blocked....
  12. I think that you can choose not to install LOP in the installation.
  13. Dan

    Cws.startpage

    Since this issue appears resolved ... this Topic is closed. If you need this topic reopened, please send me, or someone else on the HijakThis team, a PM, including the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. Topic reopened due to a new case of CWS Thank you, dk
  14. To send me the file, you email it to me. You attach the file and send it here (Click on the link) You have a Horseserver infection which requires some tools to get rid of. First, download HSFix from here After it is downloaded, create a new folder on your desktop called "HSFix" and extract all the files into the newly created folder. Next, download CleanUp! Install it, but do not run it yet. Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Locate the HSFix folder on your desktop, open it, and double-click "hsfix.bat" A log will be produced which you can close out of. Then run HijackThis again, close any open windows and browsers and fix these: HJT items here Run CleanUp! and let it clean your computer of temp files. Decline when it asks you to log off. Restart your computer into normal mode and run at least one of the following free, online virus scans: http://housecall.trendmicro.com/housecall/start_corp.asp http://www.pandasoftware.com/activescan/co...n_principal.htm http://www3.ca.com/threatinfo/virusinfo/scan.aspx Restart your computer one last time and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt dk
  15. Hi, Download CWShredder from http://cwshredder.net/bin/CWShredder.exe. Open CWShredder and with ALL other windows closed, click fix. Open HijackThis, click the Scan button, and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\RAYBAK~1.RAY\LOCALS~1\Temp\keep.exe O4 - HKLM\..\Run: [service Host] C:\WINDOWS\System32\Services\{3ECEC789-3315-4897-85C0-4945D264998A}\SVCHOST.EXE O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll Close all windows except HijackThis, and click the "Fix Checked" button. Locate the follwoing files and delete them: C:\DOCUME~1\RAYBAK~1.RAY\LOCALS~1\Temp\keep.exe C:\WINDOWS\SYSTEM32\drct16.dll C:\WINDOWS\System32\Services\{3ECEC789-3315-4897-85C0-4945D264998A}\SVCHOST.EXE Reboot. Locate this file, and send it here C:\WINDOWS\drexinit.dll Post a new log. dk
  16. Hi, This is what I needed Please run some scans: 1. Download and Install Spybot S&D, accepting the Default Settings 2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it. 3. Close ALL windows except Spybot S&D 4. Click the button to ‘Search for Updates’ then download and install the Updates. 5. Next click the button ‘Check for Problems’ 6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window 7. Make certain there is a check mark beside all of the RED entries ONLY. 8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries. 9.REBOOT to complete the scan and clear memory. Next, 1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan 2.Close ALL windows except Ad-Aware SE 3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware. 4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window 1) In the ‘General’ window make sure the following are selected in green: *Automatically save log-file *Automatically quarantine objects prior to removal *Safe Mode (always request confirmation) Under Definitions: *Prompt to udate outdated definitions - set the number of days 2) Click on the ‘Scanning’ button on the left and select in green : Under Driver, Folders & Files: *Scan Within Archives Under Select drives & folders to scan - *choose all hard drives Under Memory & Registry: all green *Scan Active Processes *Scan Registry *Deep Scan Registry *Scan my IE favorites for banned URL’s *Scan my Hosts file 3) Click on the ‘Advanced’ button on the left and select in green: Under Shell Integration: *Move deleted files to recycle bin Under Logfile Detail Level: (all green) *include addtional object information *DESELECT - include negligible objects information *include environment information Under Alternate Data Streams: *Don't log streams smaller than 0 bytes *Don't log ADS with the following names: CA_INOCULATEIT 4) Click the ‘Tweak’ button and select in green: Under ‘Scanning Engine’: *Unload recognized processes during scanning *Scan registry for all users instead of current user only Under ‘Cleaning Engine’: *Let Windows remove files in use at next reboot Under Log Files: *Include basic Ad-aware SE settings in logfile *Include additional Ad-aware SE settings in logfile *Please do not check: Include Module list in logfile 5. Click on ‘Proceed’ to save the settings. 6. Click ‘Start’ *Choose:'Perform Full System Scan' *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. 7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically. 8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window 9. Save the log file when it asks and then click ‘finish’ 10. REBOOT to complete the removal of what Ad-Aware SE found. Finally, visit one or both of these websites, and do an online virus scan (Note: Run these in Internet Explorer): Housecall - http://housecall.trendmicro.com/ or Panda - http://www.pandasoftware.com/activescan/ac...ef=EN-PR-AS-107 or Housecall Java Scan (Can be run in any browser with Java) - http://fr.trendmicro-europe.com/consumer/p...call_launch.php Post a new log after running these scans. dkl
  17. Hi, Download CWShredder from http://dknoppix.com/Downloads/CWShredder.exe Open it, and click "Fix". Open HijackThis, click the "Scan" button, and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url= O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url= O13 - Home Prefix: http://103.nowfind.biz/gall.php?url= O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url= Close all windows other than HijackThis, and click the "Fix Checked" button. Reboot and post a new log. This will get rid of most of the infections. There are a few minor ones that I am looking into. dk
  18. Just a question, is there GAIM, and Xchat there?
  19. Do you have a program that can block port 6667?
  20. Hi iccaros, Yes, I do have a scsi cdrom. knoppix does boot up properly. Thanks, dk