Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Thanks for returning your information. Please do not "quote" my instructions, it is a waste of space and the information is there if you wish to view it...thanks. The items AVG Anti-Spyware is locating are cookies: http://en.wikipedia.org/wiki/HTTP_cookie see this from the same site: http://en.wikipedia.org/wiki/HTTP_cookie#Tracking Cookies are part of the price for surfing the internet, you can either not go where they are placing them on your computer (most websites do use cookies) or you can block them, but be careful you don't block cookies needed for security (banking,passwards, etc.) and understand some sites will not work right unless you allow the cookies. Here is information to control them: http://www.microsoft.com/info/cookies.mspx ttp://www.mvps.org/winhelp2002/cookies.htm I will also point out and updated Spybot will remove cookies. Both Spysweeper and AVG Anti-Apyware are good programs but neither offer realtime protection after the trial. My suggestion is to uninstall Spysweeper and turn AVG off completely (disable in services also) you can update and use the scanner on demand for as long as you wish. They both use a load of your resources when they are running and Windows Defender supplies your realtime protection. I have used McAfee for years and personally refused via a long conversation with them when I took away my credit card, to download this hugh new program. I will run the subscription out of VSO and move to another program once it expires. I can not tell from looking at all of the stuff, but if you will show what it is you want removed (be careful) I will show you how to do it. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  2. Welcome to the forum, I do not understnad what you mean by this: The first this you need to do is read this information:http://service1.symantec.com/SUPPORT/nav.n...000031316555206 "Microsoft recommends that you have only one anti-virus program installed on your computer." http://www.washingtonpost.com/wp-dyn/conte...5120300087.html Then choose what anti-virus program you want to use, uninstall the other one. Have you purchased either AVG anti-Spyware or Spysweeper. post that information. Follow the instructions in this link to run AVG Anti-Spyware, make sure you delete or at least quarantine anything it finds and save the scan report to post. http://forums.security-central.us/showthread.php?t=3165 When you have completed the above instructions, post the scan results from AVG Anti-Spyware, any information I requested, a new HJT log showing only one anti-virus program running, and any comments you think will help. Thanks
  3. pskelley

    Problem?

    Resolved and closed. Thanks
  4. No response to this request since this date, assuming the issue is resolved and closing this topic. Thanks
  5. This topic is resolved and closed. Thanks
  6. This topic is resolved and closed. Thanks
  7. This topic is resolved and closed. Thanks
  8. pskelley

    Problem?

    Welcome to the forum, to help with with your investigations, here is the link to CastleCops: To your left in Security Central you will find the CLSID List. Scan the CLSID number and you get: NavErrRedir Class {5D60FF48-95BE-4956-B4C6-6BB168A70310} X BHO SH incfindbho.dll, INCFIN~1.DLL eUniverse IncrediFind adware or http://www.symantec.com/security_response/...-123115-0817-99 This item: O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) is what we call an orphaned entry, the file has been remove by a security program rendering it harmless, and we usually remove it during routine cleaning. Read all of the information at Symantec because it is a fairly nasty item and they would have been an installer at one point. I see no malware in this HJT log, if you have no other issues, I would say you are doing a great job and good to go. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  9. Thanks for providing that information. Let me first say I can't really believe Trend Micro is suggesting you turn off the immunization feature in Spybot. I just checked my version and that feature has 15,794 Bad products blocked on my computer. If only Trend Micro could only do the same. I have a notion this is the problem: My computer runs slowly after installing Trend Micro PC-cillin Internet Security 2007 and not Spybot S&D! So if you are asking my personal opinion, I would say Trend Micro is the problem. There is no way I personally would turn off Spybot's immunization feature which has been helping me to stay uninfected for many years so I could run TM, fat chance! I run SpywareBlaster and it does not conflict with anything that I know of, I also prefer SpywardGuard (Javacool freeware also) to the TeaTimer function in Spybot which I keep turned off, here are tutorials for those two freeware programs if you can use them:http://www.bleepingcomputer.com/forums/tutorial49.html http://www.bleepingcomputer.com/forums/tutorial50.html Let me take a moment to show you this, which should be corrected in the next autoupdates. (don't quote me on that) http://www.networkcomputing.com/channels/s...cleID=196700242 http://support.microsoft.com/kb/928089/ Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley PCPitStop forum http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  10. Welcome to the forums, always nice to know what steps you took to remove the problems, helps other folks. If you are no longer having malware problems, let's do this: Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: (the Yahoo! Toolbar is missing a file and not working right if at all. If you use it, download it again) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) Close all programs but HJT and all browser windows, then click on "Fix Checked" run cleanmgr http://spyware-free.us/tutorials/cleanmgr/ If you have not cleaned the system restore files, I suggest you do so: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on: http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  11. Thanks for returning your information, Blacklight is clean. Open the Trojan Hunter folder (probably defaulted to C:\Program Files\) and delete the junk in the quarantine folder. That's what it is supposed to do, that's what you pay them for:http://www.symantec.com/security_response/...-091612-5500-99 How is the computer running now, post a fresh HJT log. Thanks
  12. Here are links that might help. The computer does need to be clean of malware or problems will occur. I suggest you discuss the issues with Internet Explorer with a Microsoft tech to see what they say. Of course, I know what they will suggest. Update to SP2 and IE7, once you do that if you have issues with IE7 they give you a couple of free support calls: http://www.microsoft.com/windows/products/...y/ie/iefaq.mspx Consumers only: Support for Internet Explorer 7 is available via the phone based on your locale. Customers must be running Windows XP or Windows Vista in a non domain environment. Support number: 1-866-234-6020 Hours of operation: Monday-Friday 5 am - 9 pm Pacific Standard Time Saturday-Sunday 6 am - 3 pm Pacific Standard Time http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx http://www.microsoft.com/windowsxp/sp2/sysreqs.mspx http://www.microsoft.com/windowsxp/using/s...installsp2.mspx http://www.microsoft.com/windowsxp/downloa...us/default.mspx There is a lot of available information about multiple iexplore.exe processes http://www.google.com/search?sourceid=navc...2eexe+processes You can post the Startup list if you wish, I would rather have seen the results of the AVG Anti-Spyware scan. Please post a Blacklight scan result: Please download F-Secure BlackLight Beta: https://europe.f-secure.com/exclude/blacklight/index.shtml Save it to its own folder in the Desktop Double-click blbeta.exe to run the program Click : Scan A list of all items found is created The list is in the BlackLight folder on the Desktop, and named fsbl.xxxxxxx.log (xxxxxxx are numbers). Please provide the log created by BlackLight in your next reply. do not try to fix anything Let's run a trojan hunter, download an run this free trial, post the results for me to view. http://www.misec.net/ Thanks
  13. You know I saw that item and scanned it, first time as far as I remember: http://www.shavlik.com/ <<< but the item looked valid. I run into a lot of weird sofware since these forums are global. I know in troubleshooting high CPU usage, eliminating items one by one usually identifies the culprint and I am glad you did not have to resort to that to find the problem. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  14. As long as it looks ok to you. That is what I usually say, post it if you see anything you are unsure of. C:\Documents and Settings\Doug Radcliffe\Desktop\Hotline\Hotline Client 1.8.5.exe This a safe program? I can't find much information about it. If you are talking about multiple internet explorer's opening, I had this issue at one time and discussed it with Microsoft Support: http://support.microsoft.com/ The tech told me it was called "looping" and caused when we ask Internet Explorer to do something and then ask it to do something else before the first request has been completed, throwing IE into a loop. I think many of us have the bad habit of changing our mind and making the change before we allow the page to load we have asked for first, etc. I made an effort to stop doing this and the issue has almost gone away. I see it once in a while and I know I am causing it myself as I realize what I did just before it happens. I should also mention that it happens much less now that I am running IE7. http://www.microsoft.com/windows/products/...ie/default.mspx I also want to say that you cut off the first four lines of the newest HJT log, I went to the original log I needed for my scanner. I notice you are still running SP 1. You must realize that you can not receive the critical updates for your system you need to keep it secure, and I also believe you can not even download IE7 without SP2. If you wish to look more for something that may be hidden, then follow the directions in this link: http://forums.security-central.us/showthread.php?t=3165 Delete or at least quarantine anything located and post the scan results. If you feel sure this has answered your questions, then I will leave you this information. System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on: http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  15. Thanks for the feedback, I know nothing about Alcohol software and suggest you take those issues up with their support. http://support.alcohol-soft.com/en/ Make sure you click the Internet tab on your test results, there is information there you should view, I agree with what you have proposed thus far, many times malware is not the problem. Running the scan I posted the link to will not hurt either. If I can be of further assistance, please let me know. I will leave you link open for a bit in case you need it. Thanks...Phil
  16. Smitfraudfix reported NO infection...thanks for checking
  17. Thanks Doug, nothing showing there, not good to run the fix when the infection is not present, so we will use DelDomains to clean the "Trusted Zone" Take a look in Add Remove Programs to make sure SpySheriff is not there, in fact let me look at the uninstall list if you would: Open Hijackthis. Click the "Open the Misc Tools" section Button. Click the "Open Uninstall Manager" Button. Click the "Save list..." Button. Save it to your desktop. Copy and paste the contents into your reply. See this: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 C:\Program Files\Java\jre1.5.0_04 <<< out of date, download the newest version and uninstall all old versions in Add Remove Programs 1) Right click http://mvps.org/winhelp2002/DelDomains.inf and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install. 2) Please download ATF Cleaner by Atribune http://www.atribune.org/content/view/25/2/ Save it to your Desktop. We will use this later. 3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O2 - BHO: (no name) - {61C97AFD-CF1D-4DB7-A8AB-0E656CD6FF9B} - C:\WINDOWS\System32\ileam.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {98E84CF7-22CC-4877-AAEF-70C31CE734F2} - (no file) (HKCU) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab http://www.spywareguide.com/product_show.php?id=1148 <<< nasty Close all programs but HJT and all browser windows, then click on "Fix Checked" 4) Run ATF Cleaner Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. Click Exit on the Main menu to close the program. Restart the computer, post the uninstall list and a new HJT log. Let me know how the computer is running now. Thanks
  18. Welcome to the forum, you are infected but because you said SpySheriff and that usually indicates a hidden Smitfraud Infection, we need to check for it first. I am going to suggest you keep this computer offline as much as possible until you are clean. This junk will download more, especially since they have gained access to your computer via your "Trusted Zone" http://siri.geekstogo.com/SmitfraudFix.php <<< download and tutorial Follow ONLY these directions: Search: Double-click SmitfraudFix.exe Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the C:\rapport.txt and I will respond with directions as soon as possible after that. Please use NEW REPLY to respond, copy and paste all information, do not quote or code it. Thanks
  19. Welcome to the forum, let me first say that I see nothing in the HJT log to suggest this is a malware issue. I do not recognize some of your programs, but none look like malware. I can tell you that I see many programs that will be accessing the internet and this is normal. What are you running for a firewall? The activity log should show what is accessing the net and when. Since you are reporting a "sluggish" computer, take a look at this information to help you address that: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html If you have not done so, or not done so recently, I also suggest a diagnostic: http://www.pcpitstop.com/ post a link to the report, I may spot something. After you look to those suggestions, if you still want a look to see if something may be hidden, follow the instructions in this link. Be sure to delete or at least quarantine anything the program locates and post the scan results for me to view. http://forums.security-central.us/showthread.php?t=3165 Please use NEW REPLY to post information, copy and paste, do not quote or code. Thanks
  20. Welcome to the forum, let me first say that I see nothing in the HJT log to suggest this is a malware issue. There are many reasons why this can occur. I suggest you look at this link first: http://kadaitcha.cx/high_cpu.html to see if something there helps you. Here is the google: http://www.google.com/search?sourceid=navc...+high+CPU+usage I also suggest a diagnostic: http://www.pcpitstop.com/ and I would appreciate a link to the results, I may spot something. If you have any reason to suspect hidden malware may be at work, please post information about that, especially any error message you receive "word for word". Use add reply to stay in this topic, copy and paste all information do not quote or code. Thanks
  21. Welcome to the forum, Let's remove a couple of items and one Downloaded Program File that I can't identify. If it is valid you will be prompted to download it again when you next visit the site. Please download ATF Cleaner by Atribune http://www.atribune.org/content/view/25/2/ Save it to your Desktop. We will use this later. Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -. Close all programs but HJT and all browser windows, then click on "Fix Checked" Run ATF Cleaner Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. Click Exit on the Main menu to close the program. Here is some good information to help you: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html I suggest you discuss your internet speeds with your ISP to make sure there is not an issue and that you are getting the speeds you should be. They will be able to test for that. You can also do a little checking yourself if you wish. http://www.google.com/search?sourceid=navc...internet+speeds HJT can not see everything, if once you have looked into the information I have provided and things have not improved, post to let me know and we will begin some scans, but for now, except for the few items I removed, the log looks ok. Thanks
  22. This topic appears to have been resolved and will be closed. Thanks...pskelley PCPitStop forum http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  23. The only thing I see in this HJT log is this: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe A good program, but if you do not own it and the trial period is past, it is just wasting your resources. Have you run a recent diagnostic? http://www.pcpitstop.com/ Look here for slow computers http://users.telenet.be/bluepatchy/miekiem...owcomputer.html http://www.microsoft.com/windows/IE/commun...s/IEtopten.mspx http://vlaurie.com/computers2/Articles/runbetter.htm http://www.linkgrinder.com/tutorials/10_Ea...rs_article.html http://www.techbuilder.org/recipes/59201471 Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks
  24. Please read and follow the directions carefully. This looks like more aol Viewpoint junk:C:\Program Files\Viewpoint\Common\ViewpointService.exe If you don't use it and know what it is, I would uninstall it also. 1) Your Java program is outdates and a security risk, see this information: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 C:\Program Files\Java\jre1.5.0_06\ <<< out of dateDownload the newest version and uninstall all old version in Add Remove Programs. 2) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 3) Please download ATF Cleaner by Atribune http://www.atribune.org/content/view/25/2/ Save it to your Desktop. We will use this later. 4) Start > Control Panel > Add Remove Programs and uninstall My Web Search Bar. Uninstall any other programs you know do not belong there or that you no longer use. 5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...US_ZUxdm082YYUS O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe+ Close all programs but HJT and all browser windows, then click on "Fix Checked" 6) RIGHT Click on Start then click on Explore. Locate and delete these items: C:\PROGRAM FILES~1\MYWEBSEARCH~1\ <<< delete that folder if there 7) Run ATF Cleaner Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. Click Exit on the Main menu to close the program. Restart the computer and let me see a last HJT log. Let me know how the computer is running. Thanks System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on: http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Here are ideas that will help you run better and safer: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html http://www.microsoft.com/windows/IE/commun...s/IEtopten.mspx http://vlaurie.com/computers2/Articles/runbetter.htm http://www.linkgrinder.com/tutorials/10_Ea...rs_article.html http://www.techbuilder.org/recipes/59201471 Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml
×
×
  • Create New...