PDA

View Full Version : why wont the infections go away. PLEASE HELP!!6/16/07


Wizit
2007-06-16, 23:24
Help me please,
I have ran spybot several times and it says all of the malware is gone. But my computer keeps saying "your computer is infected!" and then AUTOMATICALY downloads some contra virus 2.0 thing. Please help me ASAP.

Posted:6/16/07 S.O.S
tashi
2007-06-16, 23:54
Hello.

Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Copy/paste the logs requested into this topic, and a helper will assist you when available.

I removed your post in another member's malware topic and your duplicates. ;)
Wizit
2007-06-17, 01:31
I copied the problems onto the clipboard and here it is. Please help with the problem.

Ad-Protect: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{BBBD3E11-D201-46C9-8471-091D33159287}

Ad-Protect: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}

Ad-Protect: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}

Ad-Protect: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49}

Ad-Protect: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F51BC478-D997-4C56-988D-79D9EEAAD1EC}

Ad-Protect: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{FD4DCB8B-C33A-4E70-A351-6FAB7E1071A4}

Ad-Protect: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{32BD20FD-41FD-47FB-9BC9-28DCBD7D55D7}

Ad-Protect: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\Office\Outlook\Addins\Ad-Protect.Addin.1\CommandLineSafe

Ad-Protect: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\Office\Outlook\Addins\Ad-Protect.Addin.1\Description

Ad-Protect: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\Office\Outlook\Addins\Ad-Protect.Addin.1\FriendlyName

Ad-Protect: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\Office\Outlook\Addins\Ad-Protect.Addin.1\LoadBehavior

Ad-Protect: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Ad-Protect.Addin

Ad-Protect: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Ad-Protect.Addin.1

Ad-Protect: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BBBD3E11-D201-46C9-8471-091D33159287}

Contra-Virus: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA038DDD-0FE0-41F5-BA60-FC3660529E71}

Contra-Virus: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{6B677F1F-F86C-4757-BF24-7D865EF20639}

Contra-Virus: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{7C11C36C-2AE0-4489-9B09-A6129139D52D}

Contra-Virus: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1BE8C6A5-A75F-4e33-89C3-18CC58A0B952}

Contra-Virus: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{61877300-54DB-4746-BA42-03E03A2B269C}

Contra-Virus: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}

Contra-Virus: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{EA038DDD-0FE0-41f5-BA60-FC3660529E71}

Contra-Virus: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{61877300-54DB-4746-BA42-03E03A2B269C}

Contra-Virus: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{63321A5C-D8FE-432C-8D2F-61C0FC264320}

Contra-Virus: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{2C02E5FC-7FE3-4122-911F-829314FE9BBC}

Contra-Virus: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{6B677F1F-F86C-4757-BF24-7D865EF20639}

Contra-Virus: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\ContraVirus

Contra-Virus: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ContraVirus.exe

Contra-Virus: IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA038DDD-0FE0-41f5-BA60-FC3660529E71}

Contra-Virus: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\SCToolBand.SCToolBandObj

Contra-Virus: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\SCToolBand.SCToolBandObj.1

Contra-Virus: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EA038DDD-0FE0-41f5-BA60-FC3660529E71}

Contra-Virus: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContraVirus

Contra-Virus: Program directory (Directory, nothing done)
C:\Documents and Settings\kids\Start Menu\Programs\ContraVirus\

Contra-Virus: Link (File, nothing done)
C:\Documents and Settings\kids\Start Menu\Programs\ContraVirus\Uninstall ContraVirus.lnk

Contra-Virus: Data (File, nothing done)
C:\Program Files\ContraVirus\blacklist.db

Contra-Virus: Library (File, nothing done)
C:\Program Files\ContraVirus\DbgHelp.Dll

Contra-Virus: Library (File, nothing done)
C:\Program Files\ContraVirus\msvcr71.dll

Contra-Virus: Text file (File, nothing done)
C:\Program Files\ContraVirus\tips.txt

Contra-Virus: Library (File, nothing done)
C:\Program Files\ContraVirus\ToolBand.dll

Contra-Virus: Library (File, nothing done)
C:\Program Files\ContraVirus\ToolBarNotifierPS.dll

VirusBlast: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49}

VirusBlast: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{283ED043-D403-4808-BF28-FCDE29DCF1FB}

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

SpyShield: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B}

SpyShield: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\spamdet.DLL

SpyShield: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}

SpyShield: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\spamdet.SpamDetector

SpyShield: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\spamdet.SpamDetector.1

SpyShield: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-13 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-13 Includes\DialerC.sbi (*)
2007-06-13 Includes\Hijackers.sbi (*)
2007-06-13 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-06-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-06-13 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-13 Includes\PUPSC.sbi (*)
2007-06-13 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-13 Includes\SecurityC.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-06-13 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-06-13 Includes\TrojansC.sbi (*)



Thanx for helping- wizit
tashi
2007-06-17, 02:38
Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Copy/paste the logs requested into this topic, and a helper will assist you when available.

Copy/paste the logs requested into a new topic. The HJT log and the results of an on-line anti virus scan.

I will close this thread as helpers look for zero response.

Edit:
http://forums.spybot.info/showthread.php?p=95564#post95564