bwear

Members
  • Content Count

    31
  • Joined

  • Last visited

Everything posted by bwear

  1. Thanks, Steamhead! Below is the activescan report. Incident Status Location Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ben Wear\Cookies\ben wear@belnk[1].txt
  2. Hey Steamhead, First of all, thanks for the help. It seems that the AVG quarantining of various files has fixed the blue screen problem. I have been working now for about 2.5 hours without any issues. I would like to continue with anything else that you recommend just to be sure and clean everything out. Thanks again, Ben
  3. Both of these logs are from runs in Safe Mode... can't keep the computer in Normal Mode for long without the blue screen. Thanks! --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:46:35 AM 7/9/2007 + Scan result: C:\Documents and Settings\bwear\Local Settings\Temporary Internet Files\Content.IE5\7KR0G75E\file[1].exe -> Downloader.Small.evy : Cleaned. C:\WINDOWS\system32\~.exe -> Downloader.Small.evy : Cleaned. D:\ARCHIVE\Application Archive\system utils\NSW 2005\rar-ed\Nort
  4. My computer started locking up and going to the blue screen today. Below is a hijack this log. I ran spybot and adaware. Thanks so much for your help in advance!!! You guys rock! Logfile of HijackThis v1.99.1 Scan saved at 10:14:45 AM, on 7/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.ex
  5. I reinstalled both programs and that cleared up the problem. New Hijack Log below... Logfile of HijackThis v1.99.1 Scan saved at 8:03:46 AM, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRY
  6. I'll go ahead and reload both of those programs tonight.
  7. Removed "Search Assist", went back and tried, still got hijacked. Went back and removed "URL Assist" and that seems to have done the trick as far as the hijacking goes. Thanks!! Any ideas on the one program requesting Install CDs for another? I've never seen that before.
  8. OK, did that... Still getting hijacked. Tried www.cnn.com... goes to the proper website for a few seconds, then get's hijacked to the Dell Google Search site with this message "Sorry, we couldn't find http://ads.cnn.com/html.ng/site. Here are some related websites: "
  9. ACDSee 8 Ad-Aware SE Personal Adobe Acrobat 7.0.8 Standard Adobe Bridge 1.0 Adobe Common File Installer Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Stock Photos 1.0 ALPS Touch Pad Driver ArcGIS ArcInfo Workstation ArcGIS Desktop ArcGIS License Manager ArcGIS Tutorial Data AutoCAD 2007 - English Autodesk DWF Viewer AVG Anti-Spyware 7.5 AVI Codec Pack Azureus Broadcom Advanced Control Suite Broadcom TPM Driver Installer CC_ccStart ccCommon Conexant HDA D110 MDC V.92 Modem Dell Embassy Trust Suite by Wave Systems Dell Wireless WLAN Card Digital Line Detect Document Manager Lite DVD Shrink 3.2
  10. WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 10/9/2006 7:47:42 AM WinPFind v1.5.0 Folder = C:\WinPFind\ Microsoft Windows XP Service Pack 2 (Version = 5.
  11. Yes, I did run the Smitfraudfix. My browser still seems to be getting hijacked, but only on certain websites and it tries to go somewere that's it can't find (Sorry, we couldn't find http://ad.doubleclick.net/adi/fandango.dart/homepage%3Bsz), so I get sent to Dell Google page. Also, when I try to open one software package (ArcGIS), it asks me for the CDs for another software package (AutoCAD) before the first one will open....I feel I may need to reinstall both of these software packages. Thanks! Logfile of HijackThis v1.99.1 Scan saved at 4:36:00 PM, on 10/8/2006 Platform: Windows XP SP2 (Win
  12. Incident Status Location Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ben Wear\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
  13. Hey Rock, thanks for the quick reply!! I ran some of the software that you suggested in another guys recent posting (vcodec-related, which is what I think got me) as well as what you had me do with the desktop... and deleted several directories that looked related to the problem. so I hoped I saved you some time. I'm scanning now...will post when done. Thanks again!
  14. Got the desktop cleaned up, now it's the laptop. Thanks in advance for any help! Logfile of HijackThis v1.99.1 Scan saved at 9:30:27 AM, on 10/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.E
  15. Thanks again, Rock! Donations have been sent to both you and the site. Hopefully I'll never need you guys again, but I feel better knowing you're here! CHEERS!
  16. Thanks so much, ROCK... you rock!! Quick question... I have been using Spybot S&D and the IE-SPYAD recommends that you use only one of the three of Spybot, Spywareblaster or IE-SPYAD. Do you prefer one over the others, or should I get rid of Spybot and use both Spywareblaster and IE-SPYAD??? Just wondering what you think is best. You gave me a good list, but I don't want to install everything and have conflicts if you only meant that I should utilize one or two of them. Thanks again. Is there a donation spot for you or this site? Or should I donate to VundoFix or one of the other programs
  17. Logfile of HijackThis v1.99.1 Scan saved at 10:58:13 AM, on 8/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\syste
  18. Logfile of HijackThis v1.99.1 Scan saved at 10:44:18 AM, on 8/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\syste
  19. Logfile of HijackThis v1.99.1 Scan saved at 7:48:17 AM, on 8/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system
  20. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 10:33:44 AM 8/22/2006 + Scan result: C:\Documents and Settings\Ben Wear\Local Settings\Temporary Internet Files\Content.IE5\U49VVETB\anti4[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00001371.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\khfefgh.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). D:\ARCHIVE\Application Archive\system u
  21. Logfile of HijackThis v1.99.1 Scan saved at 8:01:03 AM, on 8/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system
  22. Below is the log file from VundoFix. It couldn't delete the file on first attempt, but on the restart run, it found that file and more and deleted them all. Thanks so much for the help!!! Anything else needed? VundoFix V5.1.7 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Java version is 1.5.0.7 Scan started at 11:08:05 AM 8/11/2006 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... Attempting to delete C:\WINDOWS\system32\jkkji.dll C:\WINDOWS\system32\jkkji.dll Could not be deleted. Performing Repa