Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Help Sos Sos F1 F1


  • This topic is locked This topic is locked
4 replies to this topic

#1 bobby59

bobby59

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 03 June 2008 - 08:06 PM

ok....clicked on a banner that I did not intend...
My homepage changed
Task Manager Button does not let me select it after I press ctrl alt dlet
background changed
etc etc etc

I ran CA Security Center Anti-Spyware remover and it found a list of about 80 items
I quarantine them, but they just regenerate

I noticed some items are located in the registry... I tried to delete the specified files and they just keep comming back...

So.... I downloaded ComboFix and created a report(see below)

____________________________________
ComboFix 08-06-03.1 - Administrator 2008-06-03 20:19:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.176 [GMT
-4:00]
Running from: C:\Documents and
Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE
INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\tmpvc14
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\qoMgdbaY.dll
C:\WINDOWS\system32\YabdgMoq.ini
C:\WINDOWS\system32\YabdgMoq.ini2
C:\WINDOWS\x.exe
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04
)))))))))))))))))))))))))))))))
.

2008-06-03 19:23 . 2008-06-03 19:23 28,672 --a------
C:\WINDOWS\svchost32.exe
2008-06-03 19:23 . 2008-06-03 19:23 25,600 --a------
C:\WINDOWS\msupdate.exe
2008-06-03 07:46 . 2008-06-03 20:27 1,853 --a------
C:\WINDOWS\system32\default.htm
2008-06-03 07:37 . 2008-06-03 07:37 95,833 --a------
C:\WINDOWS\system32\{b0e06d04-8531-83f2-1ce5-30209c297425}.dll-uninst.exe
2008-06-03 07:36 . 2008-06-03 07:36 <DIR> d--------
C:\WINDOWS\system32\Dev3
2008-06-03 07:36 . 2008-06-03 07:36 <DIR> d--------
C:\WINDOWS\system32\a053
2008-06-03 07:36 . 2008-06-03 07:36 <DIR> d--------
C:\WINDOWS\system32\6026c
2008-06-03 07:36 . 2008-06-03 07:36 <DIR> d-------- C:\Documents and
Settings\NetworkService\Application Data\Yahoo!
2008-06-03 07:36 . 2008-06-03 07:37 <DIR> d-------- C:\Documents and
Settings\NetworkService\Application Data\CallingID
2008-06-03 07:36 . 2008-06-03 07:36 298,312 --a------
C:\WINDOWS\system32\gside.exe
2008-06-03 07:36 . 2008-06-03 07:36 200,777 --a------
C:\WINDOWS\system32\kcntrkdm.exe
2008-06-03 07:36 . 2008-06-03 07:36 89,049 --a------
C:\WINDOWS\system32\vbpdtvdp.exe
2008-06-03 07:36 . 2008-06-03 07:36 88,961 --a------
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-06-03 07:36 . 2008-06-03 07:36 859 --a------
C:\WINDOWS\system32\winpfz33.sys
2008-06-03 07:36 . 2008-06-03 07:36 4 --a------
C:\WINDOWS\system32\hljwugsf.bin
2008-06-03 07:35 . 2008-06-03 07:35 <DIR> d--------
C:\WINDOWS\system32\vntiho01
2008-06-03 07:35 . 2008-06-03 07:36 <DIR> d--------
C:\WINDOWS\system32\Vco1
2008-06-03 07:35 . 2008-06-03 07:35 <DIR> d--------
C:\WINDOWS\system32\sTMP
2008-05-20 17:02 . 2008-05-20 17:02 32,768 --a------
C:\WINDOWS\system32\vntiho01\vntiho011065.exe
2008-05-20 08:29 . 2008-05-20 08:29 <DIR> d-------- C:\qrnt
2008-05-20 08:21 . 2008-06-03 20:02 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\CallingID
2008-05-20 08:20 . 2008-05-20 08:20 <DIR> d-------- C:\Program
Files\Common Files\Wise Installation Wizard
2008-05-20 08:19 . 2008-05-20 08:19 <DIR> d-------- C:\Program
Files\Common Files\Scanner
2008-05-20 08:18 . 2008-05-20 21:22 <DIR> d-------- C:\WINDOWS\rnapxs
2008-05-20 08:18 . 2007-11-14 12:34 11,333,632 --a------
C:\WINDOWS\cfgmng32.exe
2008-05-20 08:18 . 2008-05-20 08:18 2,732,032 --a------
C:\WINDOWS\system32\win32cpr.dll
2008-05-20 08:18 . 2007-11-14 12:26 1,830,912 --a------
C:\WINDOWS\system32\winsflte.dll
2008-05-20 08:18 . 2008-05-20 08:18 1,564,771 --a------
C:\WINDOWS\system32\winsflt.dll
2008-05-20 08:18 . 2007-11-14 12:34 1,212,416 --a------
C:\WINDOWS\system32\mdmcls32.exe
2008-05-20 08:18 . 2007-11-14 12:35 823,296 --a------
C:\WINDOWS\system32\svcprs32.exe
2008-05-20 08:18 . 2002-01-01 13:02 7,440 --a------
C:\WINDOWS\system32\sporder.dll
2008-05-20 08:17 . 2008-05-20 08:19 <DIR> d-------- C:\Program Files\CA
2008-05-20 08:17 . 2008-05-20 08:17 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\CA
2008-05-20 08:15 . 2007-07-30 19:19 216,408 --a------
C:\WINDOWS\system32\wuaucpl.cpl
2008-05-20 08:15 . 2007-07-30 19:19 43,352 --a------
C:\WINDOWS\system32\wups2.dll
2008-05-20 08:15 . 2007-07-30 19:18 34,136 --a------
C:\WINDOWS\system32\wucltui.dll.mui
2008-05-20 08:15 . 2007-07-30 19:19 25,944 --a------
C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-20 08:15 . 2007-07-30 19:18 20,312 --a------
C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-20 08:06 . 2008-05-20 08:08 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\GetRightToGo
2008-05-19 09:55 . 2008-05-19 09:55 439,808 --a------
C:\WINDOWS\system32\{b0e06d04-8531-83f2-1ce5-30209c297425}.dll
2008-05-18 13:35 . 2001-08-17 22:36 146,944 --a------
C:\WINDOWS\system32\ptpusd.dll
2008-05-18 13:35 . 2001-08-17 13:53 13,824 --a------
C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-18 13:35 . 2001-08-17 13:53 13,824 --a--c---
C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-18 13:35 . 2001-08-17 22:36 5,632 --a------
C:\WINDOWS\system32\ptpusb.dll
2008-05-14 22:12 . 2008-05-20 08:52 <DIR> d-------- C:\Program
Files\Advanced Spyware Remover
2008-05-14 21:22 . 2008-05-18 11:57 <DIR> d-------- C:\Program
Files\Enigma Software Group
2008-05-14 14:14 . 2008-05-14 14:19 <DIR> d--------
C:\WINDOWS\system32\dFrnx01
2008-05-14 14:14 . 2008-06-03 20:20 <DIR> d-------- C:\Temp
2008-05-05 17:15 . 2008-05-31 10:41 <DIR> d-------- C:\Program
Files\PartyGaming

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 12:51 --------- d-----w C:\Documents and Settings\All
Users\Application Data\avg7
2008-05-20 12:51 --------- d-----w C:\Documents and
Settings\Administrator\Application Data\AVG7
2008-05-20 12:24 880,432 ----a-w
C:\WINDOWS\system32\drivers\vetefile.sys
2008-05-20 12:24 108,368 ----a-w
C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-20 12:22 --------- d-----w C:\Program Files\Common
Files\InstallShield
2008-05-20 12:18 --------- d--h--w C:\Program Files\InstallShield
Installation Information
2008-05-19 09:51 --------- d-----w C:\Documents and Settings\All
Users\Application Data\Symantec
2008-05-16 20:52 --------- d-----w C:\Program Files\Common
Files\Symantec Shared
2008-05-05 02:01 --------- d-----w C:\Documents and
Settings\Administrator\Application Data\LimeWire
2008-05-04 14:31 --------- d-----w C:\Program Files\Picasa2
2008-04-13 19:33 --------- d-----w C:\Documents and
Settings\Administrator\Application Data\Winamp
2008-03-11 05:46 99,592 ----a-w C:\WINDOWS\system32\isafeif.dll
2008-03-11 05:46 91,400 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-03-11 05:46 83,256 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-11-21 04:13 17,920 ----a-w C:\Documents and
Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855
C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program
Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
[2007-08-30 18:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 05:06
1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-20
00:16 286720]
"cctray"="C:\Program Files\CA\CA Internet Security
Suite\cctray\cctray.exe" [2008-05-21 16:34 181512]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [2007-11-14 12:34 11333632]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA
Anti-Virus\CAVRID.exe" [2008-03-11 01:46 234760]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA
Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-05-20 08:20 14088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"=
C:\WINDOWS\System32\khfDsrQg.dll [ ]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA
Internet Security Suite\CA Website
Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\System32\\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\khfDsrQg]
khfDsrQg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start
Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Administrator\Start
Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger
4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 18:19 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 18:22 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 05:06 1667584 C:\Program
Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 18:23 114688 C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-20 00:16 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 18:42 1404928 C:\Program Files\Analog
Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program
Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2007-11-22 03:24 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security
center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 WinSvchostManager;WinSock Svchost
Manager;C:\WINDOWS\system32\svcprs32.exe [2007-11-14 12:35]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security
Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-04-10 10:39]
S1 tapee;tapee;C:\WINDOWS\System32\drivers\tapee.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 15:06:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-21 20:26:12 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as
Administrator at 8 20 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA
Anti-Spyware\CAAntiSpyware.exe
"2008-06-04 00:27:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 20:27:27
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes
------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network
Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network
Monitor\WUSB54GC.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\Program Files\CA\CA Internet Security Suite\CA
Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-03 20:30:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 00:30:20

Pre-Run: 64,314,908,672 bytes free
Post-Run: 64,512,258,048 bytes free

241


____________________________________________________

Im not sure on what to do next.... HELP ME PLEASE....


Thanks in advance

Bob

BC AdBot (Login to Remove)

 


#2 bobby59

bobby59
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 03 June 2008 - 08:12 PM

OOPS...IM BRAND NEW TO THE BOARD.. I DIDNT KNOW I HAD TO WAIT TO LIST A COMBOFIX LOG...

APOLOGIES

#3 bobby59

bobby59
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 03 June 2008 - 08:25 PM

Im not sure if this would help,,, but this is my CA Security Center Anti-SpyWare Removal Report... With all the spyware it has found.. I quarantine them, but they just regenerate...


REPORT
CA Anti-Spyware Quarantined Spyware Report
This report was generated on: 6/3/2008-9:19:57 PM

6/3/2008 9:19:07 PM <<20080604011907>>
() CWS.LoadAdv.798
hkey_local_machine
\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{086AE192-23A6-48D6-96EC-715F53797E85}

() CWS
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{00110011-4b0b-44d5-9718-90c88817369b}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765721306}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{150fa160-130d-451f-b863-b655061432ba}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{b847676d-72ac-4393-bfff-43a1eb979352}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
c:\windows\olehelp.exe

() CWS.GoogleMS
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}

() CWS.PayForTraffic.net
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}

() CWS.GonnaSearch
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{a55581dc-2cdb-4089-8878-71a080b22342}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{799a370d-5993-4887-9df7-0a4756a77d00}

() Ideach A
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}

() CWS.MSSearch
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd9bc004-8331-4457-b830-4759ff704c22}
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}

() Disable Task Manager Reg Entry
hkey_current_user
\software\microsoft\windows\currentversion\policies\system

() CWS.Yexe
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}

() ClientMan
hkey_local_machine
\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

() FakeAlert PrivProt
c:\windows\users32.exe
c:\windows\mswsc10.dll
c:\windows\x.exe
c:\windows\gfmnaaa.dll
c:\windows\cpan.dll
c:\windows\searchword.dll
c:\windows\helpcvs.exe
c:\windows\directx32.exe
c:\windows\mtwirl32.dll
c:\windows\mswsc20.dll
c:\windows\systemcritical.exe
c:\windows\funniest.exe
c:\windows\dnsrelay.dll
c:\windows\inetinf.exe
c:\windows\win32e.exe
c:\windows\ctfmon32.exe
c:\windows\msspi.dll
c:\windows\y.exe
c:\windows\xplugin.dll
c:\windows\winajbm.dll
c:\windows\accesss.exe
c:\windows\notepad32.exe
c:\windows\time.exe
c:\windows\winmgnt.exe
c:\windows\explorer32.exe
c:\windows\clrssn.exe
c:\windows\win64.exe
c:\windows\window.exe
c:\windows\systeem.exe
c:\windows\astctl32.ocx
c:\windows\xxxvideo.hta
c:\windows\rundll32.vbe
c:\windows\funny.exe
c:\windows\svcinit.exe

() BrowserAid.RunDLL16
c:\windows\rundll16.exe

() TrojanSpy.Win32.Conspy.e
c:\windows\waol.exe

() CWS.SmartSearch
c:\windows\sistem.exe
c:\windows\explore.exe
c:\windows\iexplorer.exe

() Nusexplorer
c:\windows\internet.exe

() ToonComics
c:\windows\loader.exe
c:\windows\iedll.exe

() CWS.MSConfd.2
c:\windows\ctrlpan.dll
c:\windows\avpcc.dll

() CWS.TheRealSearch
c:\windows\quicken.exe
c:\windows\editpad.exe

() CWS.QTTasks
c:\windows\qttasks.exe

() CWS.MSConfd
c:\windows\msconfd.dll

() CWS.Svcinit
c:\windows\mssys.exe

6/3/2008 9:19:07 PM <<20080604011907>>
***End Report***


#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 June 2008 - 03:17 PM

HI

Sorry for the delay in responding to you, we have a long list of posters waiting for their threads to be analysed.

As it has been some time since you posted, you may have resolved your problem, please let us know if you have ?

If you still require help, Please make sure you have read this :-

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please follow all the directions in the above thread, then come back here & copy & paste the requested updated logs... do NOT attach them

Logs requested :-

1. Deckard's System Scanner main.txt & extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...

2. KASPERSKY ONLINE SCANNER 7 REPORT

Please be sure to give as detailed an explanation of your problem as you can, tell us what programs you may have run whilst waiting for a reply & if you have received help elsewhere ... also any new developments with your problem ?

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 26 July 2008 - 04:06 PM

Due to lack of feedback This thread is now treated as resolved and duly closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users