Dan
-
Content Count
742 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Dan
-
-
Just registered
Looking Good
-
Hey everyone!
I already posted at BC and G2G, but Jeff wanted me to post here.
Heres the deal:
Whenever I press a key on my keyboard, it freezes the mouse. Everything still runs in the backround though. In the device manager, it says that the keyboard conficts with the mouse on I/O 0060-0060 and 0064-0064.
Its a Dell Latitude C540, with a built in keyboard and touchpad and dot thingy in the middle.
I tried setting the bios to default. Also, I can't change the I/O ranges. They're grayed out
Thanks,
-
Hi,
Please download the Killbox by Option^Explicit.
Note:In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select
- "Delete on Reboot
- then Click on the "All Files" button.
[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C
c:\winnt\system32\xau.exe
c:\winnt\system32\cddrv32.exe
c:\program files\common files\system\ms1src.exe
c:\winnt\system32\owsyphaq.exe
[*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
[*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.
- "Delete on Reboot
If your computer does not restart automatically, please restart it manually.
Please run HijackThis and click "Scan." Place checks next to the following entries (If Present):
F3 - REG:win.ini: run=c:\winnt\system32\cddrv32.exe
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: (no name) - {E539DEA3-BA67-4F1F-A897-5F2F4F29A063} - (no file)
O4 - HKLM\..\Run: [xau] c:\winnt\system32\xau.exe /nocomm
O4 - HKLM\..\Run: [Cddrv32] c:\winnt\system32\cddrv32.exe
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
O4 - HKLM\..\Run: [OWSYPHAQ] c:\winnt\system32\owsyphaq.exe /install
O4 - HKCU\..\Run: [Cddrv32] c:\winnt\system32\cddrv32.exe
O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/Live...ervice_3_EN.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDA...ACCESS_1056.cab
Close all windows browsers except HijackThis, and click the "Fix Checked" button. Close HijackThis.
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Reboot and post a new HijackThis log as well as the ActiveScan Report.
Danny
- Save it to your desktop.
-
Hi,
Please download the Blaster.C removal tool from here, and save it to your desktop.
Close all windows and run "FixBlast.exe".
Click the "Start" button and let the tool run.
Reboot, and run the tool again.
Download Brute Force Uninstaller.
Unzip it to it’s own folder (e.g. c:\BFU)
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download EGDACCESS Remover. Save it in the folder you made earlier (e.g. c:\BFU)
Copy the text below into notepad and save it to the desktop as findEGDA.vbs
Make sure "Save as Type" says "All files (*.*)"
Dim Wshshell, fso ,ts , R, ArrR ,iConst ForReading = 1
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set fso = Wscript.CreateObject("Scripting.FilesystemObject")
Wshshell.run "regedit /a /e runnow.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Do until fso.FileExists("runnow.txt")
Wscript.sleep 100
Loop
Set ts = fso.OpenTextFile("runnow.txt" ,ForReading)
Do while not ts.AtEndOfStream
R = ts.Readall
loop
ts.close
R = Replace(R, "\\", "\")
R = Replace(R, Chr(34), "")
ArrR = Split(R,vbcrlf)
For i = 0 to Ubound(ArrR)
F = Lcase(right(ArrR(i),6))
If F = "-start" Then
ArrR(i) = Replace(arrR(i), "-start" , "-uninstall")
ArrR(i) = Mid(ArrR(i),Instr(ArrR(i),"=") + 1)
MsgBox ArrR(i)
Wshshell.Run ArrR(i)
End IF
Next
Set ts = nothing
Set fso = nothing
set wshshell = nothing
Go to the desktop and double-click the file to run it. If you have a resident script blocker it may warn you about or stop the vbs script. Please allow it, it is harmless.
You will get a prompt looking like this
c:\windows\system32\random.exe -uninstall
Click OK to execute that command.
You will be prompted if you are sure you want to uninstall. Confirm.
After a little while you will get a prompt the application was removed.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu
Press execute and let it do it’s job.
Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.
Reboot and post a new HijackThis log.
Danny
-
Hi,
You are using an outdated version of HijackThis.
Please download HijackThis version 1.99.1 from here:
http://besttechie.net/tools/HijackThis.exe make sure to unzip it to a permanent folder.
Then please run HijackThis, click Scan and Save log, and post the new log here. Most of what HijackThis lists is harmless or essential to the system, so please to not make any manual changes.
Danny
-
Hi,
Can you please try this:
Please download Look2Me-Destroyer.exe to your desktop.
- Close all windows before continuing.
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
- Close all windows before continuing.
-
Please download the Killbox by Option^Explicit.
Note:In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Click on the "All Files" button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C
C:\WINDOWS\System32\ivssuba.dll
C:\WINDOWS\System32\r0r60a9sed.dll
C:\WINDOWS\System32\kgdsf.dll
C:\WINDOWS\System32\ibdetect.dll
C:\WINDOWS\SYSTEM32\ibdetect.dll
C:\WINDOWS\SYSTEM32\ivssuba.dll
C:\WINDOWS\SYSTEM32\kgdsf.dll
C:\WINDOWS\SYSTEM32\logonu~1.man
C:\WINDOWS\SYSTEM32\ncpacp~1.man
C:\WINDOWS\SYSTEM32\nwccpl~1.man
C:\WINDOWS\SYSTEM32\r0r60a~1.dll
C:\WINDOWS\SYSTEM32\sapicp~1.man
C:\WINDOWS\SYSTEM32\window~1.man
C:\WINDOWS\SYSTEM32\wuaucp~1.man - Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
- Click the red-and-white "Delete File" button. Click "OK" at any PendingRenameOperations prompt.
Double-click on find.bat and post the new output.txt.
Danny
- Save it to your desktop.
-
Ok,
Click Start-> Click Run-> Copy the text below into the Open Run Box and Click OK.
sc delete sysbus32
Click Start-> Right Click My Computer and Select Properties-> Click Hardware-> Click Device Manager
Once the Device Manager Opens-> Click View-> Click Show Hidden Devices
Scroll down that list and Double Click Non-Plug and Play Drivers
Scroll that list-> Locate 32bit system bus driver-> If found-> Right Click and Select Uninstall.
Please download the Killbox by Option^Explicit.
Note:In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select
- "Delete on Reboot
- then Click on the "All Files" button.
[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C
C:\WINDOWS\system32\drivers\sysbus32.sys
[*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
[*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.
- "Delete on Reboot
If your computer does not restart automatically, please restart it manually.
Please run Rootkit Revealer and post that log as well as a new HijackThis log.
Danny
- Save it to your desktop.
-
Hi,
Matt is away, so I'll take over for him.
Lets try the manual fix.
- Download finditnt2000xp.zip.
- Unzip the contents of finditnt2000xp.zip to a convenient location.
- Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
- A command prompt will open and it will search your computer for malicious files.
- Once it has finished a Notepad window will pop up with output.txt.
- Copy the entire contents of output.txt into your next post.
Danny
- Download finditnt2000xp.zip.
-
Hi,
Can you find startuplist.txt then "Right click --> Send To --> Compressed Folder". Can you attach it to your post?
Danny
-
Aha! Found the problem
- Please download StartupList to your desktop.
- Double click the startuplist.zip to extract the files inside.
- When the new window opens, please double click on StartupList.exe
- A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
- At the top of the window, click File>Save As and save startuplist.txt to your desktop.
- Close startuplist.exe window
Post a copy of startuplist.txt in your next reply.
Danny
- Please download StartupList to your desktop.
-
Anywho..
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\hgkhch.dll
C:\WINDOWS\sa22.dll
C:\WINDOWS\SYSTEM32\hksrv.dll
C:\WINDOWS\SYSTEM32\locate.com
C:\WINDOWS\SYSTEM32\perfont.exe
[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.
[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
- Delete on Reboot
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Next,Please download Rootkit Revealer (link is at the very bottom of the page)
- Unzip it to your desktop.
- Open the rootkitrevealer folder and double-click rootkitrevealer.exe
- Click the Scan button (bottom right)
- It may take a while to scan (don't do anything while it's running)
- When it's done, go up to File > Save. Choose to save it to your desktop.
- Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here.
Danny
- Save it to your desktop.
-
Umm.....Is there another part to that findqoo log?
-
Lets try the manual removal.
Hi,
Please Download the following tools to assist us in removing this infection!
- Download WinPFind
- Right Click the Zip Folder and Select "Extract All"
- Extract it somewhere you will remember like the Desktop
- Dont do anything with it yet!
[*]Download Track qoo
- Save it somewhere you will remember like the Desktop
- Right Click the Zip Folder and Select "Extract All"
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Doubleclick WinPFind.exe
- Click "Start Scan"
- It will scan the entire System, so please be patient!
- Once the Scan is Complete
- Go to the WinPFind folder
- Locate WinPFind.txt
- Place those results in the next post!
- Go to the WinPFind folder
Reboot back to Normal Mode!
Double Click on "Track qoo.vbs"
Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!
Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
Danny
- Download WinPFind
-
Hi,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
Please download ewido anti malware it is a free version of the program.
- Install ewido anti malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Install background guard
[*]Launch ewido, there should be an icon on your desktop, double-click it.
[*]The program will now open to the main screen.
[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti malware.
Reboot and post a new HijackThis log as well as the ewido log.
- Install ewido anti malware
-
Ok,
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
- CHECK the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.
store points which are likely to be infected)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
- SpywareBlaster to help prevent spyware from installing in the first place.
- SpywareGuard to catch and block spyware before it can execute.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
Have a safe and happy computing day!
Danny
- Click Start.
-
Hi,
Open HijackThis, click the Scan button and check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Close all windows except HijackThis, and click the "Fix Checked" button.
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
Reboot and post the Kaspersky Log as well as how your computer is doing.
Danny
- The program will launch and then begin downloading the latest definition files:
-
Hi,
Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files (if present)
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to log-off/reboot at the end, if it does please do so.
Please tell me how your computer is doing.
Danny
- Empty Recycle Bins
-
You can provide your own wheeled vehicle...
Any angle, but it can't be over 18" by 18"
-
Well, Thanks to everyone's input, my cardboard bridge worked...barly
At first I used double corregated cardboard, and I wasn't allowed to use that (I didn't know..) so I had to rebuilt it in a weekend...but it worked! I got a 43/40
For my next project...
The "Incline" Project
Option 1
- You are building an incline(ramp) out of any materials that you desire
- Max Size: 18" x 18"
- Using a wheeled vehicle on the ramp, you have to calculate at which points, how far the vehicle will go
- You need to calculate how far it'll go from 1 - 10 ft.
- We need testing results from 1,3,5,7 ft
- Basic trig will be needed (and taught)
Option 2
- Building a Catapult
- Same as the option 1
- "Angles"
Any ideas?
Danny
- You are building an incline(ramp) out of any materials that you desire
-
Hi,
Open HijackThis, click the "Scan" button, and check the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://results.dashbar.com/search?c=27440&...3.0.1.8〈=en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\SEARCH~1\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Viewpoint Toolbar BHO -
{A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Free MP3 Direct] C:\Program Files\Free MP3
Direct\Free MP3 Direct.exe /hide
Close all windows Except HijackThis, and click the "Fix Checked" button. Close HijackThis.
Click "Start --> Control Panel --> Add Remove Programs" Uninstall:
Viewpoint
MyWebSearch
Free MP3 Direct
Now, Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Reboot, and post a new HijackThis log as well as the ActiveScan log.
Danny
- Once you are on the Panda site click the Scan your PC button
-
Looks like a good idea
My forums are down atm..
Site: Tech with DK
Description: Tech Help..Forums are down, as well as some pages
No Buttons or Banners avalible atm....
My Site should be up in the next week...I'll keep you posted..
-
-
Uh..Can you post a new HJT log as a reply as well as the ActiveScan report.
Danny
Happy Birthday Kat
in Open Chat
Posted · Edited by Danny
HAPPY BIRTHDAY KAT!!!!!!!!!
Hope you had a great day!