Jump to content

noahdfear

Trusted Malware Techs
  • Content Count

    336
  • Joined

  • Last visited

Posts posted by noahdfear


  1. 1 registry entry to cleanup and another to check. Highlight and copy the contents of the code box below.

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f
    reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer  "%userprofile%\desktop\peek1.txt"
    reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" >"%userprofile%\desktop\peek2.txt"
    start notepad "%userprofile%\desktop\peek1.txt"
    start notepad "%userprofile%\desktop\peek2.txt"
    exit
    cls
    
    Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own and peek1.txt and peek2.txt will open. Post the contents of both here.

  2. Hi kristina,

     

    Lets see if anything else shows up in a scan. Please download DDS and save it to your desktop.

    • Disable any script blocking protection
    • Double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt
    • Save both reports to your desktop.
    Please include the contents of the following in your next reply:

     

    DDS.txt

     

    I may ask for the Attach.txt log later, so keep it handy.


  3. I think it's a very good possibility that overheating is a factor, and may well be the root cause. Both apps place a heavy load on the processor, and if it's not cooling properly, could easily cause the behavior you've described. Are you capable of opening the laptop case to clean the fan, heatsink and vents? There are likely step by step instructions for doing so available from the manufacturers website, and you don't have to be an ace mechanic, just have some mechanical ability and patience.


  4. Your logs are clean. There is a leftover service from Norman. Lets get rid of that.

    Highlight and copy the bolded command below.

     

    sc delete "Norman NJeeves"

     

    Click Start>Run and paste the command in the Run dialog then hit Enter.

     

    I'm thinking this is a laptop. Can you feel air moving at the exhaust ports, and does the laptop seem to be excessivley warm? Can you hear the fan running?


  5. Welcome to The Pit famouspogs,

     

    In general, Smitfraud will only affect the operating system, dropping some rogue files and registry entries. Your storage drive should be fine. Recommend you run an online scan to be sure something hasn't been missed. Do an online scan with Kaspersky Online Scanner

     

    Click Accept, when prompted to download and install the program files and database of malware definitions.

    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

     

    To optimize scanning time and produce a more sensible report for review:

    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Post the Kaspersky log here if anything is reported infected, otherwise just let me know it was clean.

  6. Hi Eirin and welcome to The Pit :)

     

    Did you have Norman antivirus or some other Norman security product installed?

     

    Lets get a better look at things using a different scanning tool. Please download DDS and save it to your desktop.

    • Disable any script blocking protection
    • Double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt
    • Save both reports to your desktop.
    Please include the contents of both logs in your next reply.

  7. Hi Kieron,

     

    I don't see anything else rogue in your log. One of those updates might have been the Malicious Software Removal tool, and it might have removed whatever was responsible for the popup. I do suggest running an online scan to be sure we're not missing something. Please do an online scan with Kaspersky Online Scanner

     

    Click Accept, when prompted to download and install the program files and database of malware definitions.

    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

     

    To optimize scanning time and produce a more sensible report for review:

    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Post the Kaspersky log here.

  8. Hi mehoop1506,

     

    Please clarify what you mean by 'can't find 2 programs on autocheck' (the autocheck part is what throws me).

     

    Please open HijackThis to the Misc Tools section.

    In the StartupList section, place a check in both boxes then click Generate StartupList log.

    Post the contents of that log here.


  9. Hi Kieron,

     

    If you're still in need of assistance, please visit the following webpage for instructions for downloading and running ComboFix

     

    How to use ComboFix

     

     

    Download ComboFix by sUBs from here, saving the file to your desktop.

     

     

    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

  10. WillM,

     

    If you would please, download a fresh copy of ComboFix from here, saving the file to your desktop.

     

     

    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

  11. Rename this one to comctl32.dll.old

    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll

     

     

    Then copy this one to that folder.

    C:\Windows\WinSxS\x86_microsoft-windows-shell-comctl32-v5_***_***_none_*** folder (where *** is a random string of numbers)\comctl32.dll

     

    Reboot and if successful bootup, update and run MBAM then post the log.


  12. Hi jatt!

     

    I checked the wininet you uploaded and it is indeed infected, but with the newest infector of wininet, which the previous version of smitRem did not yet detect. It has been updated and does now. Please delete any copies of smitRem you currently have and redownload it, extract to a folder and run the RunThis.bat in safe mode. Reboot and post the contents of C:\smitfiles.txt along with a new HijackThis log.

     

    smitRem.zip


  13. Hi Carline!

     

    My apologies. I've been quite busy lately and overlooked your last response. :blushing:

     

    So, we're still getting IE errors and now Firefox as well........hmmm.

     

    First, get a can or 2 of compressed air. Unplug your computer and open the case. Clean everything and anything where you see any dust with the compressed air, while keeping at least one hand in contact with the case. Use a small stiff bristled paintbrush for hard to remove buildup (NOT plastic bristles.........use horsehair or similar!)

     

    Plug it back in and boot up in safe mode, then run scandisk and defrag.

     

    Reboot to Windows and see if you can run Panda ActiveScan. If successful, save the report and post it here.

     

    Please give me the details of any and all error messages.

     

    If you're able to, run a PCPitstop full test and post a link to the results.

     

    http://pcpitstop.com/pcpitstop/default.asp


  14. Let's try registering Internet Explorer's DLL files. Go to Start->Run and type in the following command and click OK. Make sure to leave a space between regsvr32 and the filename.

     

    regsvr32 Urlmon.dll

     

    When you receive the "DllRegisterServer in urlmon.dll succeeded" message, click OK.

    Then do each of the following.

     

    regsvr32 Shell32.dll

    regsvr32 Oleaut32.dll

    regsvr32 Actxprxy.dll

    regsvr32 Mshtml.dll

    regsvr32 Shdocvw.dll

     

    Reboot.

     

    Let me know what happens.


  15. Open IE and click Help, then About Internet Explorer. What version number is shown? If version 4 or 5, close and run the ie6setup.exe, reboot and go to Windows Update.

     

    If still having problems, please let me know all details of an individual error.


  16. Make sure you have the ie6setup.exe before starting. Copy and paste the same command used for the repair, but this time choose to restore to previous installation. Reboot when done and then run the ie6setup.exe file. You will need to visit Windows Update to finish updating it with patches.

     

    Just had another thought though. If you use it, it might be a good idea to backup any Outlook Express dbx and wab files before removing IE6, because it gets rolled back also. Just do a file search for *.dbx and *.wab, then copy them to a safe location. After re-installing/updating, copy them back to the original location(s), overwriting the ones there if prompted.

×
×
  • Create New...