#1
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Popup problems
I was wondering whether someone could help me with problems I am having with many popups on my computer. I have a copy of a HJT report.SP1 (WinNT 5.01.2600)SP1 (6.00.2800.1106)DNS ] C:\Program Files\Common Files\mc-110-12-0000228.exehttp://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab http://software-dl.real.com/13c715bf...p/RdxIE601.cab http://update.microsoft.com/windowsu...?1146935809077 http://chat.yahoo.com/cab/yacsui.cab http://chat.yahoo.com/cab/yvwrctl.cab
Didn't find the information you thought to find?Similar Threads
#2
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
Hello Wasim and welcome to the forums.
#3
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
OK, first thing we are going to do is have you run some scans, which if you have already done with the apps I suggest, you may skip of course.HERE Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
You may receive a Security Warning about the TrendMicro Java applet, click YES .
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.
Ewido Anti-Malware :When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK . We will fix this in a moment.
From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner button in the left menu, then click on Complete System Scan . This scan can take quite a while to run.
If Ewido finds anything, it will pop up a notification. Select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Ad-Aware SE Personal and install it. If you already have Ad -Aware SE, please configure it as indicated below. If you have a previous version of Ad -Aware, please uninstall your current version and install the newest version SE 1.06.Ad -Aware, and click Check for updates now .General Button Tweak Button UN check "Always try to unload modules before deletion".Proceed .De select Search for negligible risk entries Select Search for low-risk threats Select Perform full system scan Click Next
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects"
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.
here Follow the install dialog routine.
Select "Search for updates" and then select all available updates.
Click on the drop-down box in the top center to choose a download location nearest to you.
Then click "Download updates".
Then click on "Check for problems".
When the scan has finished, select any entries listed in red and click "Fix selected problems".
HJT and post a fresh log, with only the Ewido scan log as well.
#4
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Popup problems
I have done all the things you said to do. It has made a difference although there are still some problems. Thanks for your help so far, also I have the 2 reports you asked for.SP1 (WinNT 5.01.2600)SP1 (6.00.2800.1106)DNS ] C:\Program Files\Common Files\mc-110-12-0000228.exehttp://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab http://software-dl.real.com/13c715bf...p/RdxIE601.cab http://update.microsoft.com/windowsu...?1146935809077 http://chat.yahoo.com/cab/yacsui.cab http://chat.yahoo.com/cab/yvwrctl.cab
#5
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Popup problems
ewido anti-malware - Scan reportDNS -> Adware.Shorty : Cleaned with backupVB .an : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupad .yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backup
#6
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Report continued
C:\Documents and Settings\Wasim Arif\Shared\_\e-PDF Document Converter 2.1.exe -> Dropper.VB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupIP Platinum 1.53.exe -> Dropper.VB .lu : Cleaned with backupIP Platinum 2.8.exe -> Dropper.VB .lu : Cleaned with backupIP Platinum v1.75.exe -> Dropper.VB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupHTTP Debugger Pro v3.1.exe -> Dropper.VB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backup
#7
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Report continued
C:\Documents and Settings\Wasim Arif\Shared\_\Screen VidShot v2.1.exe -> Dropper.VB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupFTP 4 v4.0.1.exe -> Dropper.VB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupVB .lu : Cleaned with backupDNS \Catcher.dll -> Adware.Maxifiles : Cleaned with backupDNS \cwebpage.dll -> Adware.Maxifiles : Cleaned with backupVB .mz : Cleaned with backupVB .an : Cleaned with backupVB .an : Cleaned with backup
#8
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Final report
C:\WINDOWS\SYSTEM32\0mcamcap.exe -> Proxy.Small.bo : Cleaned with backup
#9
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
OK, good work, we still have 2-3 specific fixes to work thru tho.Look2Me-Destroyer.exe Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK .
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer , click OK .
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.http://www.ascentive.com/support/new...b/MSWINSCK.OCX
#10
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Look2me report
Look2Me-Destroyer V1.0.12
#11
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Look2me continued
Attempting to delete infected files...
#12
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
HJT report
Logfile of HijackThis v1.99.1SP1 (WinNT 5.01.2600)SP1 (6.00.2800.1106)http://www.google.co.uk/ DNS ] C:\Program Files\Common Files\mc-110-12-0000228.exehttp://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab http://software-dl.real.com/13c715bf...p/RdxIE601.cab http://update.microsoft.com/windowsu...?1146935809077 http://chat.yahoo.com/cab/yacsui.cab http://chat.yahoo.com/cab/yvwrctl.cab
#13
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
OK, that seemed to clean up quite a bit, lets move onto the next infection fix, SmithFraud:SmitfraudFix S!Ri )SmitfraudFix ) to your Desktop.SmitfraudFix folder and double-click smitfraudfix.cmd Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).Note process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm
#14
Inactive
Profile: Join Date: Jun 2006
Posts: 11
Computer Experience:
Smithfraudfix report
SmitFraudFix v2.56
#15
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
OK, here is the second part of that fix:Install background guard
Install scan via context menu
Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
SmitfraudFix folder again and double-click SmitfraudFix.cmd Clean by typing 2 and press "Enter " to delete infected files.Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".AFTER SmitfraudFix finishes (and after a reboot if required), please open Ewido. (If a reboot is required, please boot BACK into Safe Mode.)Click on Scanner
Click on Complete System Scan and the scan will begin.
If ewido finds anything, it will pop up a notification. You can select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido
C:\rapport.txt into this thread, along with the Ewido report and a new HijackThis log.
All times are GMT +1. The time now is 06:25 .
