Home > Rootkit > RootKit / Ccapp.exe And Vptray.exe At 100% CPU

RootKit / Ccapp.exe And Vptray.exe At 100% CPU

Thread Status: Not open for further replies. Please re-enable javascript to access full functionality. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Join thousands of tech enthusiasts and participate. navigate here

This makes it very difficult to open any programs its been trying to restart the gmer program for a half hour now with those two chewing up my cpu and i HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. I rebooted in safemode and i was able to preform a fullscan with my symantec antivirus 22 infected files or folders. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Then click 'Run Fix'. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Here it is:Logfile of HijackThis v1.99.1Scan saved at 8:07:45 PM, on 1/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. I couldn't do anythimg at that point so I tried draining the batteries of my laptop. c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

No, create an account now. It'll produce PragmaFix.log in the C:\ folder.Post the log. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. I generally do a simple CCleaner run before I do any browser session, on the theory that it cleans out gunk that's slowing things down.

c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. The system looks to be about as fast as it's ever going to get with the current stuff on there, so I think you're right - he's got so much junk Messenger 1720 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe Network activity ---------------- Process firefox.exe (2912) connected on port 80 (HTTP) --> 199.7.51.190 Process firefox.exe (2912) connected on port 80 (HTTP) --> 69.171.228.40 Process firefox.exe (2912) connected on Already have an account?

A case like this could easily cost hundreds of thousands of dollars. I have only completed up to the part where you said: "C:\WINDOWS\logonui.exe - delete this file" I searched for logonui.exe within the windows folder and found it, but it was in The first time I turned it on, my desktop disappeared and it remained on the "Killing Processes. Ask a question and give support.

c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. check over here HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. his comment is here HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Lots of conflicting info on this stuff, and if I uninstall ZA it's permanent, because their new version is laden with some kind of prohibitive lard that the preceding versions didn't RootKit / ccapp.exe and vptray.exe at 100% CPU Started by qp91 , Nov 25 2010 04:13 PM This topic is locked 3 replies to this topic #1 qp91 qp91 Members 4 As for MBAM, it seems to have helped.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

I've know restarted my laptop and I am running OTL again. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Alex\DoctorWeb\Quarantine\SetupPoker.exe -> Adware.Casino : Cleaned. Back to top #2 cnm cnm Mother Lion of SWI Administrators 25,317 posts Posted 09 June 2011 - 11:35 AM Hello jb_10rvd.Please print or copy these directions.Important, take care of this

Back to top #4 cnm cnm Mother Lion of SWI Administrators 25,317 posts Posted 10 June 2011 - 10:30 AM OTL behavior is strange and unexpected. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Several functions may not work. weblink c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes".

Should I delete it? 0 Back to top #7 HappyPete HappyPete TEG Forum Member Members 14 posts Posted 21 January 2007 - 01:43 PM SmitFraudFix v2.133Scan done at 13:40:30.59, Sun 01/21/2007Run c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. Any insight on any of these problems would be greatly appreciated. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.