Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Sounds good, keep an eye open for sales by Staples, BestBuy and Office Depot. The prices fluxuate like crazy. The memory is not hard to put in. http://www.google.com/search?sourceid=navc...=installing+ram Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...ps
  2. G'Day Bob and welcome to the forum. I am not seeing a lot in the log, but I do see an old Smitfraud line? We will take a look to make sure the infection is not present and hidden. Let's do this. 1) Thanks to S!Ri, and any others who helped with this fix. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of th
  3. teacup61 just cleaned you up here? 5:33pm Fri Jun 16 2006. http://forums.pcpitstop.com/index.php?show...p;#entry1212037 Is this the same computer? She also asked for information here: 9:39pm Fri Jun 16 2006 and you never bothered to respond? She also gave you some good advice at that time to keep you from getting infected again. It's fairly obvious looking at this log that you paid no attention to her advice. Now you have a very bad infection called Qoologic and I am wondering why I should use my time to help someone who does not follow good sound advice from trained helpers and
  4. Point your mouse at the MyComputer icon and right click then choose Properties. The System Properties windows will open. Near the bottom just above the "Support Information" button you will see your memory. You have programs using lots of resources (memory) and Incredimail is one of them. Point your mouse at a blank spot on the toolbar at the bottom and right click it. Click on "Task Manager". Choose the Processes tab then point your mouse at the Mem Usage and click it. It will reverse to show you what programs are using your memory. Look to the left for the name of the program that i
  5. Welcome to the forum, let me first say I see no malware in this log. I do see an out of date Java program you need to address, see this: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 I see no evidence of Websearch Hijack, you need to give us more information. What do you have set as your home page? Internet Explorer > Tools > Internet Options > General Tab. What program is finding it, where is it hijacking you to, how is it you know it is Websearch? Anything you can think may help us. : http://www.microsoft.com/windows/IE/commun...s/IEtopten.mspxhttp://
  6. Thanks for returning the information, I see no malware in this log. I do see stuff that needs work and I will list those items. 1) C:\Program Files\Java\jre1.5.0_01 <<< your Java program is out of date and that can get you infected quick, read this information: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 2) O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing) This program is missing it's file and is not working right if at all. Use HJT to remove it and download it again if you
  7. This member stopped responding to instructions with a very infected computer. They have not posted to their topic since: 9:42am Wed Aug 9 2006 This topic is closed Thanks...pskelley
  8. Thanks for the information from Smitfraudfix, as you can see you do have an infection. Follow these instructions: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Clean: Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) Double-click smitfraudfix.cmd Select 2 and hit Enter to delete infect files. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. Yo
  9. Welcome to the forum, your HJT log looks good to me. Why don't you use Search Companion to make sure those files are gone? Make sure you do this first. How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Then search for: D:\WINDOWS\system32\jqiu.exe D:\WIN
  10. Welcome to the forum, it helps if you tell use about a problem if you have one. I see no malware in this log. I will, however, make a few suggestions. 1) I would use HJT to get rid of this junk, not making you browser run better. You can click them to see what they are. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
  11. Welcome to the forum. I see clues that a Smitfraud infection was at work here and I do not know if it was removed properly. If you want help, I will need you to do this. 1) Should you run more than one antivirus program at the same time? http://service1.symantec.com/SUPPORT/nav.n...000031316555206 "Microsoft recommends that you have only one anti-virus program installed on your computer." http://www.washingtonpost.com/wp-dyn/conte...5120300087.html You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be
  12. OK Meagan, this looks like a clean HJT log, great job I notice you have both MSNIM and Windows Messenger, and they are both running in the background. I have both but don't use Windows Messenger unless MSNIM goes down. You can turn Windows Messenger off and save some resources if you wish: http://www.castlecops.com/startuplist-2280.html If everything else is running normally, I'll leave you with this information: Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http:
  13. I need to see a HJT log with an active antivirus program running and the HJT.exe placed safely as instructed in my first post. Thanks
  14. Thanks for following some of the instructions. Please read the instructions and follow them: The instructions in 2 and 3 were not followed. Here are the directions to remove Smitfraud: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Clean: Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) Double-click smitfraudfix.cmd Select 2 and hit Enter to delete infect files. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with
  15. Hi Kathy, I am going to give you some good information and then close this topic. I am interested in how things turn out. If you are so inclined to let me know, you can send the information here: http://forums.pcpitstop.com/index.php?act=...4&MID=24733 Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybe
  16. Hi Meagan, do you have someone else in the house downloading stuff? Reason why I am asking is another BAD program has been downloaded that was not there when I last looked at your log. Read about it: C:\program files\zango\zango.exe >>> http://www.castlecops.com/startuplist-6574.html http://research.sunbelt-software.com/threa...p;threatid=8869 It has also installed as a BHO: O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D7765874412C3CC7 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll and is running all
  17. Welcome to the forum, are you telling me you took the computer online with no virus protection and then downloaded from the exact area where all of the trouble has been coming from? 1) This HJT log is not complete, I won't start until I have a complete HJT log. Make sure "word wrap" IS NOT checked under format (in your Notepad) then click on Edit > Select All. The complete log will be hilited. Copy/paste all of the information to this topic. 2) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexa
  18. Hi Meagan from Texas, I own you an apology I work a lot of forums and I just was checking here and I see you posted and I never got a notification. PCPitStop just updated their software and it might have happened then. Since it has been so long, please let me look at one more HJT log and after I make sure it is clean, you may ask me any questions you wish here: http://forums.pcpitstop.com/index.php?showuser=24733 Thanks again...Phil from Florida
  19. All I see in the HJT log is this: You are running HJT.exe from a .zip file in a Temporary Directory. This is unsafe as we will have no backups. That is why you received this message when you used HJT: http://russelltexas.com/malware/images/unsafefolder.gif Please use the information in the following link to place HJT in a permanent, safe folder, I prefer C:\HJT\HijackThis.exe. If you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm Java program needs an update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 One line th
  20. Thanks for returning this information. The L2m infection is usually the one that causes popups, but you are far from clean. How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/AT
  21. Kathy, The two links I posted above, just click on them. There is detailed information about how to download HJT and post the HJT log. Once again though, I do not believe this is malware related but I will be glad to look if you supply the log. Thanks...Phil I wanted to add that the unit should still be under warranty. They should replace it free of charge regardless. I would also think they should dispatch a technician to your home to resolve the issue for you, since the computer is new. Has service gotten that bad since HP took over?
  22. Welcome to the forum. You have a pretty good infection going here, including three active Look2me infections that we must remove first. You need to keep this computer offline as much as possible, these infections will attract others and you have enough right now. If you still want help, then follow the directions in the posted order. 1) You are running HJT from a TEMP folder, there will be no backups and this is just not safe. Move it here: C:\HJT\HijackThis.exe. If you need more instructions, use these: http://russelltexas.com/malware/createhjtfolder.htm http://www.bleepingcomput
  23. Open Hijackthis. Click the "Open the Misc Tools" section Button. Click the "Open Uninstall Manager" Button. Click the "Save list..." Button. Save it to your desktop. Copy and paste the contents into your reply. I will take a look but I am normally looking for out of date security and malware programs. You should know if you use them or not. I will make suggestions if I see questionable programs. Thanks
  24. Thanks for the feedback. You did say you had the program stopped with ZA, I wanted to be sure it could be removed when you got to the folder. This is your computer? If you don't know why that is there: O1 - Hosts: AmsServer then let's get rid of it. Download this program: http://www.funkytoad.com/hoster.htm then click Restore Microsoft's Original Hosts file. You will also want to read this information: http://www.mvps.org/winhelp2002/hosts.htm If all works as posted, you will be good to go. Here is the information I promised you: Here is some great information from Tony Klein,
  25. Nope sorry...I thought eveyone had Windows XP. Duh! too many logs
×
×
  • Create New...