Welcome to the Dell Coummity Form! My name is Tim. I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
In order to help me help you, please observe the following while we work:
1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
2. Understand that cleaning your computer can sometimes take multiple passes/posts,
and it's important to follow the steps as listed including re-running scans as listed
3. Please reply to this thread, do not start another.
If you can do those three things, everything should go smoothly.
********** VERY IMPORTANT ********** Some of the HJT lines are as a result of an infection which is known to include a keylogger.(stealing bank account information.)
I strongly advise you to do the following immediately:
1. Disconnect infected computer from any other networked computers until the computer can be cleaned.
2. If you use this PC for on-line banking, checking credit card accounts, etc, call all of your banks and credit card companies. Inform them that you may be a victim of identity theft and to monitor your accounts or change all your account numbers.
3. From a clean computer, change ALL your online passwords including those for email (including any web based mail eg Hotmail), banks, credit/debit/store/charge card accounts, PayPal, eBay, your ISP internet access, and any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passords and transaction information.
Please download LSP-Fix from the following link and save it to a location you can find later if necessary. Do not use this***. LSP-Fix Download Link To remove New.net. please go to Start | Settings | Control Panel | Add/Remove Programs, look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page. ***If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on
Download SmitfraudFix (by S!Ri) to your Desktop. Click Here Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Please post back these in your reply (may take a few posts in the same thread so that it does not get cut off.) 1. HJT Uninstall list 2. Kaspersky scan results 3. rapport.txt
tim s10
33 Posts
0
June 14th, 2006 16:00
Hi POTTLE
Welcome to the Dell Coummity Form! My name is Tim. I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
In order to help me help you, please observe the following while we work:
1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
2. Understand that cleaning your computer can sometimes take multiple passes/posts,
and it's important to follow the steps as listed including re-running scans as listed
3. Please reply to this thread, do not start another.
If you can do those three things, everything should go smoothly.
tim s10
33 Posts
0
June 15th, 2006 04:00
Hi POTTLE
********** VERY IMPORTANT **********
Some of the HJT lines are as a result of an infection which is known to include a keylogger.(stealing bank account information.)
I strongly advise you to do the following immediately:
1. Disconnect infected computer from any other networked computers until the computer can be cleaned.
2. If you use this PC for on-line banking, checking credit card accounts, etc, call all of your banks and credit card companies. Inform them that you may be a victim of identity theft and to monitor your accounts or change all your account numbers.
3. From a clean computer, change ALL your online passwords including those for email (including any web based mail eg Hotmail), banks, credit/debit/store/charge card accounts, PayPal, eBay, your ISP internet access, and any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passords and transaction information.
-----------------------------------------------------------------------------------------------------------------
Please download LSP-Fix from the following link and save it to a location you can find later if necessary. Do not use this***.
LSP-Fix Download Link
To remove New.net. please go to Start | Settings | Control Panel | Add/Remove Programs, look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.
***If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on
--------------------------------------------------------------------------------------------------------------
Run a HJT Uninstall list
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Run an online scan at Kaspersky
If you have a and extra tool that blocks popups(I hear beep when mine pops it) you will have to click on it and allow Kaspersky 's popup link.
-------------------------------------------------------------------------------------------------------------------------------
Next do the following:
Download SmitfraudFix (by S!Ri) to your Desktop. Click Here
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
--------------------------------------------------------------------------
Please post back these in your reply (may take a few posts in the same thread so that it does not get cut off.)
1. HJT Uninstall list
2. Kaspersky scan results
3. rapport.txt