Trogan

Volunteer Security Advisor
  • Content Count

    139
  • Joined

  • Last visited

Everything posted by Trogan

  1. Hi, Please do the following... 1. Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3 First close any other programs you have running as this will require a reboot Double click NoLop.exe to run itCarefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}: {809C37B8-DA83-F2C5-6324-A0FA57E996D0} [*]Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> [*] When scanning is finished you will be prompted to reboot only if infected, Click OK [*] Now click the "REBOOT" Button. [*] A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log in your next reply. --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O2 - BHO: (no name) - {809C37B8-DA83-F2C5-6324-A0FA57E996D0} - C:\DOCUME~1\MAINUS~1\APPLIC~1\webfree\ProcPoke.exe (file missing) O2 - BHO: (no name) - {960902F8-56E5-40B0-BDD2-ABB452CC649A} - C:\WINDOWS\system32\qomkk.dll (file missing) O2 - BHO: (no name) - {E6A5C179-6502-4900-907F-A7E9B4D07D8C} - C:\WINDOWS\system32\qomkk.dll (file missing) O15 - Trusted Zone: *.beatport.com Did you put the above website in your Trusted Zone? If it is not abosulety neccessary, remove it as the security is lowered with websites in the Trusted Zone. O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O20 - Winlogon Notify: winbau32 - winbau32.dll (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xcoewmpg.exe (file missing) - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt in your next reply 4. Run a new scan with ComboFix and it will produce a new log for you. 5. Please post the following... NoLop log SDFix report ComboFix log New HijackThis log
  2. Hi daria, You're not using any Anti-Virus or Firewall programs; that is not good! Please download one Firewall from the list below - They are Free! Comodo Zone Alarm Sunbelt Kerio PF Outpost Firewall Then, download one Anti-Virus program from the list below - They are Free! AntiVir AVG Free Edition avast! 4 Home Edition Now, please do the following... 1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Check the box that says: "Accept License Agreement." The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove the following... Java 2 Runtime Environment, SE v1.4.2_03 [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version. 2. Download this file to your Desktop - combofix.exe Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall 3. Please post the following... ComboFix log New HijackThis log
  3. First things first: You don't have any Anti-Virus or Firewall protection. Please download one Firewall from the list below - They are Free! Comodo Zone Alarm Sunbelt Kerio PF Outpost Firewall Then, download one Anti-Virus program from the list below - They are Free! AntiVir AVG Free Edition avast! 4 Home Edition Update and run a Full System Scan with your chosen Anti-Virus program. Let it remove what it finds and make a note of what it cannot. After that, post a new HijackThis log. But first, delete your current one as it is in the wrong place, and do the following... Click here to download HJTsetup.exe. Save it to your Desktop! Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Copy and paste the log here DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
  4. I'm checking your log. Please stop doing your own cleaning now.
  5. Hi bomal, Everything looks good. You can remove the following in HijackThis to speed up the time Windows takes to load. Just open HijackThis, select the entries and click Fix Checked. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 They can be started manually, when needed. Any other problems?
  6. Hello Macquarie Office Solutions, and welcome to the Forums! I've deleted your post as only authorised members are allowed to post here. Jax, I will need to see a log from HijackThis 1.991 and not Trend Micro as that is still BETA. First, click Start > Control Panel > Add/Remove programs and uninstall/remove HijackThis. Then, click here to download HJTsetup.exe. Save it to your Desktop! Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Copy and paste the log here DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
  7. Hi bomal, and welcome to Lavasoft Support Forums! Log isn't too bad, so lets run a few scans and take it from there. Please do the following... 1. I see you're using FlashGet, is this the free unregistered version? The unregistered version of FlashGet serves up Ads in Internet Explorer that are downloaded from Cydoor (adware) servers. However, the registered version does not. If this in the unregistered version, please uninstall it from Add/Remove programs in Control Panel. You can download Leechget as an alternative. 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ...(Unless you set these with a anti-spyware program like SpyBot's Immunize feature, or a System Administrator set them, have HiJackThis fix this.) - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Please do an online scan with Panda ActiveScan - Once you are on the Panda site, click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log
  8. Hi daria, and welcome to Lavasoft support! Yes, I'd like that file scanned: Go to VirusTotal Copy and paste the following file path into the Search Box at the top of the page: C:\WINDOWS\system32\arpl.exe Click on the Send button Please post the results in your next reply. I also need to see a HijackThis log: Click here to download HJTsetup.exe. Save it to your Desktop! Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Copy and paste the log here DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. I also need to see another log from HijackThis: Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. Please post the Scan results, HijackThis log, along with the Uninstall list.
  9. Hi shyntoimpress, and welcome to Lavasoft support! Please download the following HijackThis, which is an executable (.exe) Click here to download HJTsetup.exe. Save it to your Desktop! Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Copy and paste the log here DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. I also need to see another log from HijackThis: Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. Please post the HijackThis log, along with the Uninstall list.
  10. Hi Marabunta, and welcome to Lavasoft support! Before I can help you, I need you to download and install Service Pack 1a. Without this update, your computer will be infected as soon as you connect to the Internet. Download Microsoft Service Pack 1 and install it to your computer. Once that is done, post a new HijackThis log back here.
  11. Hi pseudospork, and welcome to Lavasoft support! Click here to download HJTsetup.exe. Save it to your Desktop! Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Copy and paste the log here DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.