Tech Support Forum - View Single Post

Clark76 · 05-16-2007, 07:24 PM

Hello again

Please print out or save the following instructions in Notepad.

Log on to the Tom account on you computer.

Downloads

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

====================

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

=======================

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry (If it still exists)

O4 - HKCU\..\Run: [active tool] D:\DOCUME~1\Tom\APPLIC~1\UPLOAD~1\multi keep.exe

Please remember to close all other windows, including browsers then click Fix checked.

=====================

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

D:\Documents and Settings\Tom\Application Data\UPLOAD~1 <<<this is a folder which begins with UPLOAD

=====================

Download fl.zip
Extract the contents to a new folder on Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

=====================

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

===================

Please provide the following logs with your next post:

C:\NoLop.log
c:\findlop.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt <----Attached

Also include an update on how your system is running

05-16-2007, 07:24 PM	#11 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,650 OS: XP Pro, Vista, Ubuntu 8.10	Re: Constant popups Hello again Please print out or save the following instructions in Notepad. Log on to the Tom account on you computer. Downloads Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. ==================== Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3 First close any other programs you have running as this will require a reboot Double click NoLop.exe to run it Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, Click OK Now click the "REBOOT" Button. A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. -- ======================= Open HijackThis and click on 'Do a System Scan Only'. Check the following entry (If it still exists) O4 - HKCU\..\Run: [active tool] D:\DOCUME~1\Tom\APPLIC~1\UPLOAD~1\multi keep.exe Please remember to close all other windows, including browsers then click Fix checked. ===================== Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. D:\Documents and Settings\Tom\Application Data\UPLOAD~1 <<<this is a folder which begins with UPLOAD ===================== Download fl.zip Extract the contents to a new folder on Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply. ===================== Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. =================== Please provide the following logs with your next post: C:\NoLop.log c:\findlop.txt C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt <----Attached Also include an update on how your system is running __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum Last edited by Clark76; 05-16-2007 at 07:25 PM.