Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Popups


  • Please log in to reply
4 replies to this topic

#1 Obsaeed

Obsaeed

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 12 June 2006 - 01:39 AM

Hi there,

I'm having problem with one of my systems that keeps on showing unwanted popup screen. I have scanned the machine using Ad-aware, Spybot-S&D as well as a number of other but still the popups keep on showing. Please help; my HJT log is given below. Thanks in advance for your help.

-----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:23:39 AM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\BLUECO~1\WINPRO~1\WPService.exe
C:\PROGRA~1\BLUECO~1\WINPRO~1\WinProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Documents and Settings\Imran.Jattala\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NUST-PROXY2:8080
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149069579170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NUST2.local
O17 - HKLM\Software\..\Telephony: DomainName = NUST2.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A913F2-9A82-48FB-AE20-A5AD4C409C98}: NameServer = 192.168.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NUST2.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NUST2.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\hrp2057oe.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WinProxy - Blue Coat Systems, Inc. - C:\PROGRA~1\BLUECO~1\WINPRO~1\WPService.exe
--------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 12 June 2006 - 10:45 AM

http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop.
· Close all windows before continuing.
· Double-click Look2Me-Destroyer.exe to run it.
· click the Scan for L2M button, your desktop icons will disappear, this is normal.
· Once it's done scanning, click the Remove L2M button.
· You will receive a Done Scanning message, click OK.
· When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
· Your computer will then shutdown.
· Turn your computer back on.
· Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
=======================
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Obsaeed

Obsaeed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 13 June 2006 - 02:47 AM

Hello again,

Thanks for the help; I really appreciate it. The logs are given blow...

////////////////////////////////////////
/// Look2Me-Destroyer
////////////////////////////////////////

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/13/2006 10:01:29 AM

Infected! C:\WINDOWS\system32\o2lu0c39ef.dll
Infected! C:\WINDOWS\system32\sllwapi.dll
Infected! C:\WINDOWS\system32\enr2l19o1.dll
Infected! C:\WINDOWS\system32\fp2603fse.dll
Infected! C:\WINDOWS\system32\o2lu0c39ef.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064938.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064942.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064954.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064960.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064970.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065026.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065034.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065044.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065111.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065121.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065134.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065143.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065147.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065153.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065155.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065164.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065261.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065270.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0065292.dll
Infected! C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0066300.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\o2lu0c39ef.dll
C:\WINDOWS\system32\o2lu0c39ef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sllwapi.dll
C:\WINDOWS\system32\sllwapi.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enr2l19o1.dll
C:\WINDOWS\system32\enr2l19o1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fp2603fse.dll
C:\WINDOWS\system32\fp2603fse.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o2lu0c39ef.dll
C:\WINDOWS\system32\o2lu0c39ef.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064938.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064938.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064942.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064942.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064954.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064954.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064960.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064960.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064970.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP130\A0064970.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065026.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065026.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065034.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065034.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065044.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP131\A0065044.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065111.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065111.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065121.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065121.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065134.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065134.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065143.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065143.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065147.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065147.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065153.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065153.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065155.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065155.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065164.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065164.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065261.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065261.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065270.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP132\A0065270.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0065292.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0065292.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0066300.dll
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0066300.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4902D924-EA68-4DAB-B67F-E81C555B2D63}"
HKCR\Clsid\{4902D924-EA68-4DAB-B67F-E81C555B2D63}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{62CBCEE0-A304-4AEE-B4A6-81CE7A9CA0C9}"
HKCR\Clsid\{62CBCEE0-A304-4AEE-B4A6-81CE7A9CA0C9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{59A2AC7A-1B31-4625-8CC0-07D262C04D77}"
HKCR\Clsid\{59A2AC7A-1B31-4625-8CC0-07D262C04D77}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FD06F908-B8EB-40C9-8F9F-8D270FACD11C}"
HKCR\Clsid\{FD06F908-B8EB-40C9-8F9F-8D270FACD11C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C68B238E-76D9-47B2-BA12-F1737B792552}"
HKCR\Clsid\{C68B238E-76D9-47B2-BA12-F1737B792552}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

////////////////////////////////////////
/// HJT
////////////////////////////////////////
Logfile of HijackThis v1.99.1
Scan saved at 12:27:01 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\CBA\pds.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\BLUECO~1\WINPRO~1\WPService.exe
C:\PROGRA~1\BLUECO~1\WINPRO~1\WinProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Imran.Jattala\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NUST-PROXY2:8080
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149069579170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NUST2.local
O17 - HKLM\Software\..\Telephony: DomainName = NUST2.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A913F2-9A82-48FB-AE20-A5AD4C409C98}: NameServer = 192.168.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NUST2.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NUST2.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WinProxy - Blue Coat Systems, Inc. - C:\PROGRA~1\BLUECO~1\WINPRO~1\WPService.exe

////////////////////////////////////////
/// EWIDO
////////////////////////////////////////

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:05:10 PM, 6/13/2006
+ Report-Checksum: 6D178C7F

+ Scan result:

C:\WINDOWS\Temp\Cookies\imran.jattala@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Temp\Cookies\imran.jattala@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\imran jattala@mathworks.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Local Settings\Temp\Cookies\imran.jattala@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Local Settings\Temp\Cookies\imran.jattala@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Local Settings\Temp\Cookies\imran.jattala@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Local Settings\Temp\Cookies\imran.jattala@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Cookies\imran.jattala@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Cookies\imran.jattala@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Cookies\imran.jattala@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Imran.Jattala\Cookies\imran.jattala@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP129\A0063139.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0066303.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{0CB6EDD5-9B61-442C-9689-724BF00AE877}\RP133\A0066304.dll -> Adware.Look2Me : Cleaned with backup
F:\2nd Semesster\Chuhadary Imran\Imran\hotbar.exe -> Adware.HotBar : Cleaned with backup
F:\CIR - MicroController\AVR\ATMELAVR INTRO CD_21 july_2nd lec\BASCOM BASIC Compiler DEMO\more relevent files\Bascom_AVR_Demo_v1[1].11.7.3.zip/BasAvr_1_11_7_3_3K.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Error during cleaning


::Report End

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 13 June 2006 - 10:14 AM

You have both McAfee and Norton active - one of them must go - only one active AV on a system!

How are things now???

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Obsaeed

Obsaeed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 14 June 2006 - 04:49 AM

Hi there,

Everything seems to be working alright; thank so much for your help.

Regards,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users