jwbirdsong

Trusted Helpers
  • Content Count

    262
  • Joined

  • Last visited

Everything posted by jwbirdsong

  1. That's kind bizzare, nothing showing in your log try the following. Clean your Cache and Cookies in IE: Go to Control Panel > Internet Options > General tab. Click the "Delete Cookies" button and then the "Delete Files" button next to it. When prompted, place a check in: "Delete all offline content", (You will have to re-enter passwords at websites that require them.) Click OK Clean other Temporary files + Recycle bin: Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are
  2. martymas Correct Windows refuses to see/recgonize ext2/3 and reiser file systems. You can, however, access your linux drive from Windows with some 3rd party programs. I use DiskInternals LinuxReader..More info http://www.diskinternals.com/linux-reader/
  3. When you get a change in the next couple days do the following..( I suggest letting it run overnight) just to see if anything else is hiding. Clean your Cache and Cookies in IE: Go to Control Panel > Internet Options > General tab. Click the "Delete Cookies" button and then the "Delete Files" button next to it. When prompted, place a check in: "Delete all offline content", (You will have to re-enter passwords at websites that require them.) Click OK Clean other Temporary files + Recycle bin: Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove
  4. Glad to hear it. Post a fresh HijackThis also please.
  5. Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply .
  6. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, double-cli
  7. The google issue is one of the "identifiers" for the Wareout infection he had (along with the 017 lines in HJT) ...Fixwareout cleaned that out and should be able to browse at will.
  8. Couple of things.....These logs are intended to be opened with NOTEpad..looks like maybe you are opening them with WORDpad... If they are NOT opening correctly try this. Go to the folder C:\Program Files\Trend Micro\HijackThis and Right click on HijackThislog.txt then choose Open With>Select from list>Choose NOTEpad. Check the box to make this the default for this type of file.(may not be EXACT wording). You HijackThis log seem to have gotten cut of please repost in next reply. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new wi
  9. looks like the bottom got cut off..would you repost the Smitfraud option 1 log again please
  10. It's a GOOD idea to print this out top work from, as there is a slight possibility you may loose connection temporarily Please download FixwareOut from one of the following sites: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert about downloading an additional file from the internet,make SURE to allow it. Then you will be asked to reboot your computer; pleas
  11. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. A
  12. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, double-cli
  13. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  14. Good job your log is clean. To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad. SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts. IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free. More info and download is available at links
  15. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  16. Being careful and cautious is NOT being parinoid. Glad to help
  17. One think you may want to try is to disable the following from starting with computer.....they are NOT needed at boot and can all be ran as needed. You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Clean your Cache and Cookies in IE: Go to Control Panel > Internet Options > General tab. Click the "Delete Cookies" button and then the "Delete Files" button next to it. When prompted, place a check in: "Delete all offline content", (You will have to re-enter passwords at websites that require them.) Click
  18. Yeah looks fine..... Judging from what you/she has on the system look like it's kept pretty clean...If you not recently done so do a full scan with AVG Anti VIRUS... Also as an experement if nothing else you may want to temporarily disable O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized at start up and see if performance increase noticeably. Some hace complained that AVG AS uses a LARGE hunk of resources.
  19. Really nothing showing in the HJT log...let's look from another angle... Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply .
  20. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  21. Are you having issues or just wanting a checkup?? Nothing serious showing in your log. You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Open HijackThis and click on Do a system scan only. Place a check mark next to the following: R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Close ALL other open windows and programs and click Fix checked. Clean your Cache and Cookies in IE: Go to Con
  22. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply along with a Combofix log (Link below). Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this
  23. Good job your log is clean. You can delete the Combofix,Vundofix, C:\Qoobox, C:\VundoFix Backups folder/files now.. First, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore.On the Desktop, right-click My Computer. Click Properties. Click the System Resto
  24. Look like Combofix took care of some leftovers. Let's see if anything else is hiding. Delete the C:\VundoFix Backups folder. Clean your Cache and Cookies in IE: Go to Control Panel > Internet Options > General tab. Click the "Delete Cookies" button and then the "Delete Files" button next to it. When prompted, place a check in: "Delete all offline content", (You will have to re-enter passwords at websites that require them.) Click OK Clean other Temporary files + Recycle bin: Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Tempo
  25. Also back to your original issue...next time you need to edit /etc/sudoers (and you will) use the command sudo visudo... IIRC you MUST use visudo to edit /etc/sudoers.. Some other distros allow you can change that but I don't think you can in Ubuntu.