1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HijackThis log/Superantispyware log

Discussion in 'Windows - Virus and spyware problems' started by Kamelkiss, Nov 3, 2008.

  1. Kamelkiss

    Kamelkiss Member

    Joined:
    Nov 3, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Alright so awhile ago I got a virus that was popping up rogue virus programs and stopping me from updating AVG anti-virus and from going to any threads or anything that happened to have anti-virus stuff in it.
    I was able to delete a large portion of the virus from the computer to the point were I was able to update avg and run it and that allowed the computer to run normal and stop the rogue programs and internet blocks. However the virus is still on my computer, as you can tell from the hijack this log, its still there.
    My computer has been acting a lot slower since I got it and so I just want to clear it all out. Also in msconfig the yar###.exe files sho up in the startup area, I can uncheck them and click apply and they just get rechecked, and no yar###.exe files show up in the task manager anymore.
    Since the avg scan that eliminated a lot of the virus I have since ran multiple more AVG scans as well as a SuperAntiSpyWare Free edition scan, I also have ran vcleaner from the AVG site and so far the virus seems to still be there.

    Any help would be greatly appreciated.
    I am running Windows Vista Ultimate 64-bit







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:51:24 AM, on 11/3/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\AVG\AVG8\avgtray.exe
    C:\Users\Kamie\Documents\Downloads\removtool.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: QXK Olive - {11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\Windows\dfmlxbpkvlo.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - C:\Windows\SysWow64\ddcyYQjG.dll (file missing)
    O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
    O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
    O4 - HKLM\..\Run: [\YURCA62.exe] C:\Windows\system32\YURCA62.exe
    O4 - HKLM\..\Run: [\YURCB6B.exe] C:\Windows\system32\YURCB6B.exe
    O4 - HKLM\..\Run: [\YURCF71.exe] C:\Windows\system32\YURCF71.exe
    O4 - HKLM\..\Run: [\YURD396.exe] C:\Windows\system32\YURD396.exe
    O4 - HKLM\..\Run: [\YUR5350.exe] C:\Windows\system32\YUR5350.exe
    O4 - HKLM\..\Run: [\YUREEF6.exe] C:\Windows\system32\YUREEF6.exe
    O4 - HKLM\..\Run: [\YUR6A8E.exe] C:\Windows\system32\YUR6A8E.exe
    O4 - HKLM\..\Run: [\YURE655.exe] C:\Windows\system32\YURE655.exe
    O4 - HKLM\..\Run: [\YUR622C.exe] C:\Windows\system32\YUR622C.exe
    O4 - HKLM\..\Run: [\YURDDE3.exe] C:\Windows\system32\YURDDE3.exe
    O4 - HKLM\..\Run: [\YUR596C.exe] C:\Windows\system32\YUR596C.exe
    O4 - HKLM\..\Run: [\YURE94F.exe] C:\Windows\system32\YURE94F.exe
    O4 - HKLM\..\Run: [\YUR6A73.exe] C:\Windows\system32\YUR6A73.exe
    O4 - HKLM\..\Run: [\YUREB97.exe] C:\Windows\system32\YUREB97.exe
    O4 - HKLM\..\Run: [\YUR6DA5.exe] C:\Windows\system32\YUR6DA5.exe
    O4 - HKLM\..\Run: [\YURF119.exe] C:\Windows\system32\YURF119.exe
    O4 - HKLM\..\Run: [\YUR6E28.exe] C:\Windows\system32\YUR6E28.exe
    O4 - HKLM\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [\YURF601.exe] C:\Windows\system32\YURF601.exe
    O4 - HKLM\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
    O4 - HKLM\..\Run: [\YUR878.exe] C:\Windows\system32\YUR878.exe
    O4 - HKLM\..\Run: [\YUR8526.exe] C:\Windows\system32\YUR8526.exe
    O4 - HKCU\..\Run: [\YURCA62.exe] C:\Windows\system32\YURCA62.exe
    O4 - HKCU\..\Run: [\YURCB6B.exe] C:\Windows\system32\YURCB6B.exe
    O4 - HKCU\..\Run: [\YURCF71.exe] C:\Windows\system32\YURCF71.exe
    O4 - HKCU\..\Run: [\YURD396.exe] C:\Windows\system32\YURD396.exe
    O4 - HKCU\..\Run: [\YUR5350.exe] C:\Windows\system32\YUR5350.exe
    O4 - HKCU\..\Run: [\YUREEF6.exe] C:\Windows\system32\YUREEF6.exe
    O4 - HKCU\..\Run: [\YUR6A8E.exe] C:\Windows\system32\YUR6A8E.exe
    O4 - HKCU\..\Run: [\YURE655.exe] C:\Windows\system32\YURE655.exe
    O4 - HKCU\..\Run: [\YUR622C.exe] C:\Windows\system32\YUR622C.exe
    O4 - HKCU\..\Run: [\YURDDE3.exe] C:\Windows\system32\YURDDE3.exe
    O4 - HKCU\..\Run: [\YUR596C.exe] C:\Windows\system32\YUR596C.exe
    O4 - HKCU\..\Run: [\YURE94F.exe] C:\Windows\system32\YURE94F.exe
    O4 - HKCU\..\Run: [\YUR6A73.exe] C:\Windows\system32\YUR6A73.exe
    O4 - HKCU\..\Run: [\YUREB97.exe] C:\Windows\system32\YUREB97.exe
    O4 - HKCU\..\Run: [\YUR6DA5.exe] C:\Windows\system32\YUR6DA5.exe
    O4 - HKCU\..\Run: [\YURF119.exe] C:\Windows\system32\YURF119.exe
    O4 - HKCU\..\Run: [\YUR6E28.exe] C:\Windows\system32\YUR6E28.exe
    O4 - HKCU\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
    O4 - HKCU\..\Run: [\YURF601.exe] C:\Windows\system32\YURF601.exe
    O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
    O4 - HKCU\..\Run: [\YUR878.exe] C:\Windows\system32\YUR878.exe
    O4 - HKCU\..\Run: [\YUR8526.exe] C:\Windows\system32\YUR8526.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Xayv37fWBx] C:\ProgramData\nevuvifg\pedwjktg.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 11100 bytes










    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/03/2008 at 00:12 AM

    Application Version : 4.21.1004

    Core Rules Database Version : 3620
    Trace Rules Database Version: 1604

    Scan type : Complete Scan
    Total Scan Time : 00:52:29

    Memory items scanned : 62
    Memory threats detected : 0
    Registry items scanned : 6512
    Registry threats detected : 104
    File items scanned : 35651
    File threats detected : 39

    Trojan.Unclassified/DKWQGNBE
    HKLM\Software\Classes\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\InprocServer32
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\ProgID
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\Programmable
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\TypeLib
    HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\VersionIndependentProgID
    HKCR\dkwqgnbe.1
    HKCR\dkwqgnbe
    HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}
    HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0
    HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\0
    HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\0\win32
    HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\FLAGS
    HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\HELPDIR
    C:\WINDOWS\DKWQGNBE.DLL
    HKLM\Software\Classes\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\InprocServer32
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\InprocServer32#ThreadingModel
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\ProgID
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\Programmable
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\TypeLib
    HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\VersionIndependentProgID
    HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}
    HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0
    HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\0
    HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\0\win32
    HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\FLAGS
    HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\HELPDIR
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E3A3463-7B9C-44E9-B0BF-D71133330658}
    HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}
    HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\ProxyStubClsid
    HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\ProxyStubClsid32
    HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\TypeLib
    HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\TypeLib#Version
    HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}
    HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\ProxyStubClsid
    HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\ProxyStubClsid32
    HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\TypeLib
    HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\TypeLib#Version

    Trojan.Unclassified/PELTODGX
    HKLM\Software\Classes\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\InprocServer32
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\ProgID
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\Programmable
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\TypeLib
    HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\VersionIndependentProgID
    HKCR\peltodgx.1
    HKCR\peltodgx
    HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}
    HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0
    HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\0
    HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\0\win32
    HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\FLAGS
    HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\HELPDIR
    C:\WINDOWS\PELTODGX.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
    HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}
    HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\ProxyStubClsid
    HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\ProxyStubClsid32
    HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\TypeLib
    HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\TypeLib#Version

    Trojan.Net-MSV/VPS-Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3184AB8-23F0-4518-A798-326C31D95111}
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\InprocServer32
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\ProgID
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\Programmable
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\TypeLib
    HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\VersionIndependentProgID
    HKCR\QXK.Olive
    HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}
    HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0
    HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\0
    HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\0\win32
    HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\FLAGS
    HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\HELPDIR
    C:\WINDOWS\NKEFBLTDSAQ.DLL
    HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}
    HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\ProxyStubClsid
    HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\ProxyStubClsid32
    HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\TypeLib
    HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\TypeLib#Version
    HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}
    HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\ProxyStubClsid
    HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\ProxyStubClsid32
    HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\TypeLib
    HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\TypeLib#Version

    Adware.Tracking Cookie
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@atdmt[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@apmebf[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@media6degrees[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@account.91[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@dynamic.media.adrevolver[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ehg-foxsports.hitbox[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@2o7[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@microsoftwindows.112.2o7[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@iacas.adbureau[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adrevolver[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@www.googleadservices[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@kontera[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@doubleclick[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@statcounter[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adlegend[3].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@fastclick[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@wmvmedialease[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@advertising[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@media.adrevolver[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ad.yieldmanager[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@hitbox[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@revsci[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@realmedia[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@server.cpmstar[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@casalemedia[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.vlaze[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ehg-apollogroup.hitbox[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.revsci[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@clicktorrent[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.us.e-planning[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@media.ntsserve[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adserver.adreactor[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.realtechnetwork[1].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adlegend[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@trvlnet.adbureau[2].txt
    C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ad1.clickhype[1].txt

    Trojan.DNSChanger-Codec
    HKU\S-1-5-21-1097125929-1174763754-1016038576-1000\Software\uninstall

    Adware.Vundo Variant/Rel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\ddcyYQjG.dll,#1 ]

    Trojan.Net-MU/Gen
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

    Trojan.Unclassified/C00-WL
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Asynchronous
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#DllName
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Impersonate
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Startup
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Logon
     
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey Kamelkiss

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.


    • Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
  3. Kamelkiss

    Kamelkiss Member

    Joined:
    Nov 3, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    When I try to run combofix it says incompatible os, can only run on windows 2000 and xp.
    os not win32 compatible
    maybe you didn't see my note saying I am running vista ultimate 64bit
    What should I do since I am running that?
     
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey Kamelkiss

    Sorry I missed your note. :)

    Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

    Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

    Configuring Malwarebytes

    • Click on the tab Settings.
    • Make sure only these boxes are checked:
    Code:
    Terminate Internet Explorer
    Automatically save and display logfile after removal
    Always scan memory objects
    Always scan registry objects
    Always scan filesystem
    Always scan extra and heuristics objects
    Updating Malwarebytes

    • Click on the tab Update.
    • Press the button Check for Updates
    • Wait for Malwarebytes to be fully updated.

    Scanning Time

    • Click on the tab Scanner.
    • Check Perform full scan and click on Scan
    • Wait for the scan to complete, and then click on Show Results.
    • Make sure all items are checked, then click on Remove Selected.
    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

    Post A Log

    • A text box will pop up after the removal process is over. Post the contents of the text here.
    • If no text box pops up, launch Malwarebytes, and click on the tab Logs.
    • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
    Post the log here.

    Best Regards :D
     
  5. Kamelkiss

    Kamelkiss Member

    Joined:
    Nov 3, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Malwarebytes' Anti-Malware 1.30
    Database version: 1368
    Windows 6.0.6001 Service Pack 1

    11/5/2008 10:30:28 AM
    mbam-log-2008-11-05 (10-30-28).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 477702
    Time elapsed: 1 hour(s), 26 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\peltodgx.batg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dkwqgnbe.bbtw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dkwqgnbe.bvas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dkwqgnbe.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11dfb01a-0852-4955-9747-c59e21dbbda5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{11dfb01a-0852-4955-9747-c59e21dbbda5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Kamie\AppData\Local\Temp\TDSS57e9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\TDSS5820.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\TDSS663d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\TDSS7145.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\TDSS18d3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\TDSS231c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Kamie\AppData\Local\Temp\TDSS8d2a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
  6. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey KamelKiss

    Hmm.... please post a new HijackThis log and tell me what problems you have left.

    Best Regards :D
     
  7. Kamelkiss

    Kamelkiss Member

    Joined:
    Nov 3, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:27:31 AM, on 11/6/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\AVG\AVG8\avgtray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
    O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Xayv37fWBx] C:\ProgramData\nevuvifg\pedwjktg.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 8282 bytes
     
  8. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey KamelKiss

    • Click Start.
    • Open Computer.
    • Press the ALT key.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    Does this file exist?
    C:\Windows\system32\lsass.exe

    What problems do you have left?

    Best Regards :D
     
  9. Kamelkiss

    Kamelkiss Member

    Joined:
    Nov 3, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    yes that file does exist.
    It doesn't seem to have any more problems of any kind, does it look clean? Am I perhaps Good to go?
     
  10. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    You are indeed good to go! Enjoy your clean computer!
     
  11. Kamelkiss

    Kamelkiss Member

    Joined:
    Nov 3, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    THANK YOU!
     
  12. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome!
     

Share This Page