Sponsored By

Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Dan

    Happy Birthday Kat

    HAPPY BIRTHDAY KAT!!!!!!!!! Hope you had a great day!
  2. Dan

    Perfectography!

    Just registered Looking Good
  3. Hey everyone! I already posted at BC and G2G, but Jeff wanted me to post here. Heres the deal: Whenever I press a key on my keyboard, it freezes the mouse. Everything still runs in the backround though. In the device manager, it says that the keyboard conficts with the mouse on I/O 0060-0060 and 0064-0064. Its a Dell Latitude C540, with a built in keyboard and touchpad and dot thingy in the middle. I tried setting the bios to default. Also, I can't change the I/O ranges. They're grayed out Thanks,
  4. Hi, Please download the Killbox by Option^Explicit. Note:In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select "Delete on Reboot then Click on the "All Files" button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C c:\winnt\system32\xau.exe c:\winnt\system32\cddrv32.exe c:\program files\common files\system\ms1src.exe c:\winnt\system32\owsyphaq.exe [*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard". [*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt. If your computer does not restart automatically, please restart it manually. Please run HijackThis and click "Scan." Place checks next to the following entries (If Present): F3 - REG:win.ini: run=c:\winnt\system32\cddrv32.exe O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing) O2 - BHO: (no name) - {E539DEA3-BA67-4F1F-A897-5F2F4F29A063} - (no file) O4 - HKLM\..\Run: [xau] c:\winnt\system32\xau.exe /nocomm O4 - HKLM\..\Run: [Cddrv32] c:\winnt\system32\cddrv32.exe O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install O4 - HKLM\..\Run: [OWSYPHAQ] c:\winnt\system32\owsyphaq.exe /install O4 - HKCU\..\Run: [Cddrv32] c:\winnt\system32\cddrv32.exe O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/Live...ervice_3_EN.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDA...ACCESS_1056.cab Close all windows browsers except HijackThis, and click the "Fix Checked" button. Close HijackThis. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Reboot and post a new HijackThis log as well as the ActiveScan Report. Danny
  5. Hi, Please download the Blaster.C removal tool from here, and save it to your desktop. Close all windows and run "FixBlast.exe". Click the "Start" button and let the tool run. Reboot, and run the tool again. Download Brute Force Uninstaller. Unzip it to it’s own folder (e.g. c:\BFU) RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download EGDACCESS Remover. Save it in the folder you made earlier (e.g. c:\BFU) Copy the text below into notepad and save it to the desktop as findEGDA.vbs Make sure "Save as Type" says "All files (*.*)" Go to the desktop and double-click the file to run it. If you have a resident script blocker it may warn you about or stop the vbs script. Please allow it, it is harmless. You will get a prompt looking like this c:\windows\system32\random.exe -uninstall Click OK to execute that command. You will be prompted if you are sure you want to uninstall. Confirm. After a little while you will get a prompt the application was removed. Start the Brute Force Uninstaller by doubleclicking BFU.exe In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu Press execute and let it do it’s job. Wait for the complete script execution box to popup and press OK. Press exit to terminate the BFU program. Reboot and post a new HijackThis log. Danny
  6. Hi, You are using an outdated version of HijackThis. Please download HijackThis version 1.99.1 from here: http://besttechie.net/tools/HijackThis.exe make sure to unzip it to a permanent folder. Then please run HijackThis, click Scan and Save log, and post the new log here. Most of what HijackThis lists is harmless or essential to the system, so please to not make any manual changes. Danny
  7. Hi, Can you please try this: Please download Look2Me-Destroyer.exe to your desktop. Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on. Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log. If Look2Me-Destroyer does not reopen automatically, reboot and try again. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
  8. Please download the Killbox by Option^Explicit. Note:In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Click on the "All Files" button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C C:\WINDOWS\System32\ivssuba.dll C:\WINDOWS\System32\r0r60a9sed.dll C:\WINDOWS\System32\kgdsf.dll C:\WINDOWS\System32\ibdetect.dll C:\WINDOWS\SYSTEM32\ibdetect.dll C:\WINDOWS\SYSTEM32\ivssuba.dll C:\WINDOWS\SYSTEM32\kgdsf.dll C:\WINDOWS\SYSTEM32\logonu~1.man C:\WINDOWS\SYSTEM32\ncpacp~1.man C:\WINDOWS\SYSTEM32\nwccpl~1.man C:\WINDOWS\SYSTEM32\r0r60a~1.dll C:\WINDOWS\SYSTEM32\sapicp~1.man C:\WINDOWS\SYSTEM32\window~1.man C:\WINDOWS\SYSTEM32\wuaucp~1.man Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Click the red-and-white "Delete File" button. Click "OK" at any PendingRenameOperations prompt. Double-click on find.bat and post the new output.txt. Danny
  9. Ok, Click Start-> Click Run-> Copy the text below into the Open Run Box and Click OK. sc delete sysbus32 Click Start-> Right Click My Computer and Select Properties-> Click Hardware-> Click Device Manager Once the Device Manager Opens-> Click View-> Click Show Hidden Devices Scroll down that list and Double Click Non-Plug and Play Drivers Scroll that list-> Locate 32bit system bus driver-> If found-> Right Click and Select Uninstall. Please download the Killbox by Option^Explicit. Note:In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select "Delete on Reboot then Click on the "All Files" button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C C:\WINDOWS\system32\drivers\sysbus32.sys [*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard". [*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt. If your computer does not restart automatically, please restart it manually. Please run Rootkit Revealer and post that log as well as a new HijackThis log. Danny
  10. Hi, Matt is away, so I'll take over for him. Lets try the manual fix. Download finditnt2000xp.zip. Unzip the contents of finditnt2000xp.zip to a convenient location. Navigate to the Find It NT-2K-XP folder and double-click on find.bat. A command prompt will open and it will search your computer for malicious files. Once it has finished a Notepad window will pop up with output.txt. Copy the entire contents of output.txt into your next post. Danny
  11. Hi, Can you find startuplist.txt then "Right click --> Send To --> Compressed Folder". Can you attach it to your post? Danny
  12. Aha! Found the problem Please download StartupList to your desktop. Double click the startuplist.zip to extract the files inside. When the new window opens, please double click on StartupList.exe A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running. At the top of the window, click File>Save As and save startuplist.txt to your desktop. Close startuplist.exe window Post a copy of startuplist.txt in your next reply. Danny
  13. Anywho.. Please download the Killbox by Option^Explicit. Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\hgkhch.dll C:\WINDOWS\sa22.dll C:\WINDOWS\SYSTEM32\hksrv.dll C:\WINDOWS\SYSTEM32\locate.com C:\WINDOWS\SYSTEM32\perfont.exe [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard. [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. Next,Please download Rootkit Revealer (link is at the very bottom of the page) Unzip it to your desktop. Open the rootkitrevealer folder and double-click rootkitrevealer.exe Click the Scan button (bottom right) It may take a while to scan (don't do anything while it's running) When it's done, go up to File > Save. Choose to save it to your desktop. Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here. Danny
  14. Umm.....Is there another part to that findqoo log?
  15. Lets try the manual removal. Hi, Please Download the following tools to assist us in removing this infection! Download WinPFindRight Click the Zip Folder and Select "Extract All" Extract it somewhere you will remember like the Desktop Dont do anything with it yet! [*]Download Track qoo Save it somewhere you will remember like the Desktop Reboot into Safe Mode Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Doubleclick WinPFind.exe Click "Start Scan" It will scan the entire System, so please be patient! Once the Scan is CompleteGo to the WinPFind folder Locate WinPFind.txt Place those results in the next post! Reboot back to Normal Mode! Double Click on "Track qoo.vbs" Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless! Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind! Danny
  16. Hi, Please follow the instructions provided, you may want to print out these instructions and use them as a reference. Please download ewido anti malware it is a free version of the program. Install ewido anti malware When installing, under "Additional Options" uncheck..Install background guard Install scan via context menu [*]Launch ewido, there should be an icon on your desktop, double-click it. [*]The program will now open to the main screen. [*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. [*]You will need to update ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. [*]The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Once the updates are installed do the following: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido anti malware. Reboot and post a new HijackThis log as well as the ewido log.
  17. Dan

    Hjl

    Ok, We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. store points which are likely to be infected) Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-Virus Avast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE Personal Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! Danny
  18. Hi, Open HijackThis, click the Scan button and check the following items: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Close all windows except HijackThis, and click the "Fix Checked" button. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: [*]Save the file to your desktop. [*]Copy and paste that information in your next post. Reboot and post the Kaspersky Log as well as how your computer is doing. Danny
  19. Dan

    Hjl

    Hi, Download and install CleanUp! NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files (if present) Cleanup! All Users Click OK Press the CleanUp! button to start the program. It may ask you to log-off/reboot at the end, if it does please do so. Please tell me how your computer is doing. Danny
  20. You can provide your own wheeled vehicle... Any angle, but it can't be over 18" by 18"
  21. Well, Thanks to everyone's input, my cardboard bridge worked...barly At first I used double corregated cardboard, and I wasn't allowed to use that (I didn't know..) so I had to rebuilt it in a weekend...but it worked! I got a 43/40 For my next project... The "Incline" Project Option 1 You are building an incline(ramp) out of any materials that you desire Max Size: 18" x 18" Using a wheeled vehicle on the ramp, you have to calculate at which points, how far the vehicle will go You need to calculate how far it'll go from 1 - 10 ft. We need testing results from 1,3,5,7 ft Basic trig will be needed (and taught) Option 2 Building a Catapult Same as the option 1 "Angles" Any ideas? Danny
  22. Hi, Open HijackThis, click the "Scan" button, and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&...3.0.1.8〈=en R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\SEARCH~1\toolbar.dll/sa R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKCU\..\Run: [Free MP3 Direct] C:\Program Files\Free MP3 Direct\Free MP3 Direct.exe /hide Close all windows Except HijackThis, and click the "Fix Checked" button. Close HijackThis. Click "Start --> Control Panel --> Add Remove Programs" Uninstall: Viewpoint MyWebSearch Free MP3 Direct Now, Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Reboot, and post a new HijackThis log as well as the ActiveScan log. Danny
  23. Dan

    Link Exchange

    Looks like a good idea My forums are down atm.. Site: Tech with DK Description: Tech Help..Forums are down, as well as some pages No Buttons or Banners avalible atm.... My Site should be up in the next week...I'll keep you posted..
  24. Dan

    24

    Yep Stupid tivo should've known
  25. Dan

    Hjl

    Uh..Can you post a new HJT log as a reply as well as the ActiveScan report. Danny