HELP! winantivirus popups and others....

Hello,

Could you please follow my directions above? I can't help with the problem if I can't see what I need to see.

Thanks,
tea
 
teacup61 said:
Hello,

Could you please follow my directions above? I can't help with the problem if I can't see what I need to see.

Thanks,
tea
Click to expand...

Logfile of HijackThis v1.99.1
Scan saved at 4:07:12 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\MyHJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

therer u go
 
teacup61 said:
And the Ewido report please? :)
Click to expand...

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:35:44 AM 9/13/2006

+ Scan result:



:mozilla.12:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wr7zvj0k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.13:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wr7zvj0k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.


::Report end

heres my spyware doctor log cuz i used spyware other than ewido before

Scan Results:
scan start: 9/10/2006 11:27:47 AM
scan stop: 9/10/2006 11:42:06 AM
scanned items: 147145
found items: 212
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Virtumonde C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@202.67.220[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@88clicks[2].txt Low
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads15.bpath[1].txt Low
2nd-thought.com C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[1].txt High
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@edge.ru4[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pogo[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pogo[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt Low
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revenue[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[2].txt Low
SysProtectFree C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@scanner.sysprotect[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[2].txt Low
SysProtectFree C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sysprotect[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt Low
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[1].txt Low
Rogue Anti-Spyware Products C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.winantiviruspro[2].txt High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\0EFYUV9D\August_L3K_CNET_728x90_08765[1].swf High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7UVYH5B4\BT_BB_HUB_explodingtext_468x60[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7UVYH5B4\BT_BB_HUB_gate_120x600[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7UVYH5B4\leaderboard1static[1].jpg High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\1036509761440e501f2ba39[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\10900897694277ce82ce630[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\12677620384411ae17e59e7[1].swf High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\12677620384411ae17e59e7[2].swf High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\420688808434281ebcef7a[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\BJFFGOKC\1-Gadgets_-_General_-_Branding_1_-_Billboard[1].jpg High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\HYKDJLGF\1627105720440e523066bca[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\HYKDJLGF\19121313224464ef1eb5682[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\NDH52JM2\817-grey[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\P6SFGXLQ\6-1x1[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\P6SFGXLQ\817-grey[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\QQ31NIQ1\logo-15x15[1].png High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SD2BPOLP\DartRichMedia_1_03[1].js High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UYAZTKX6\160x600_snowylunchrush[1].jpg High
Maxifiles C:\Program Files\Common Files\{7E37DA48-07CF-1033-0309-050804030001}\services.dll High
SahAgent C:\WINDOWS\system32\ptljom6c.ini Elevated
Common Components Unrelated C:\WINDOWS\system32\SVKP.sys Medium
Tracking Cookie(s) cookies.txt - Line #26 Low
Advertising cookies.txt - Line #27 Low
Tracking Cookie(s) cookies.txt - Line #31 Low
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0} High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore##Count High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore##Time High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore##Type High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BPTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##OCCUR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Startup High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Startup High
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##DisplayName Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##ErrorControl Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##ImagePath Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##Start Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##Type Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum##0 Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum##Count Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum##NextInstance Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Security Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Security## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Security##Security Medium
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##DependOnGroup Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##DependOnService Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf\Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf\Security##Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk\Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk\Security##Security Elevated
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##DisplayName Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##ErrorControl Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##ImagePath Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##Start Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##Type Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP\Security Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP\Security## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP\Security##Security Medium
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##DependOnGroup Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##DependOnService Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf\Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf\Security##Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk\Security Elevated

to be continued.......
 
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk\Security##Security Elevated
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP##NextInstance Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000 Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Capabilities Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Class Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##ClassGUID Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##ConfigFlags Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##DeviceDesc Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Legacy Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Service Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000\Control Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000\Control## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000\Control##ActiveService Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##DisplayName Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##ErrorControl Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##ImagePath Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##Start Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##Type Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum##0 Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum##Count Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum##NextInstance Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security##Security Medium
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##DependOnGroup Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##DependOnService Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Group Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Start Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Tag Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Type Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security##Security Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Group Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Start Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Tag Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Type Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security##Security Elevated
Maxifiles C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP450\A0084128.dll High
SahAgent C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP450\A0084129.ini Elevated
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP## Medium
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk## Elevated
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP## Medium
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk## Elevated
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP## Medium
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk## Elevated
 
Hello,

I asked for Ewido.

Please download, install, and update Ewido anti-spyware
  1. Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  2. After the update finishes (the status bar at the bottom will display "Update successful")
  3. Close ewido. Do not run it yet.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

  • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.

Thank you,
tea
 
:sad:

As the information requested has not been provided, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
 
You must log in or register to reply here.
Back
Top