Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 5.3.2025 / 22:13
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis log/superantispyware log
Show topics
 
Forums
Forums
HijackThis log/Superantispyware log
  Jump to:
 
Posted Message
Kamelkiss
Newbie
_ 		3. November 2008 @ 14:28 _ Link to this message    Send private message to this user   
Alright so awhile ago I got a virus that was popping up rogue virus programs and stopping me from updating AVG anti-virus and from going to any threads or anything that happened to have anti-virus stuff in it.
I was able to delete a large portion of the virus from the computer to the point were I was able to update avg and run it and that allowed the computer to run normal and stop the rogue programs and internet blocks. However the virus is still on my computer, as you can tell from the hijack this log, its still there.
My computer has been acting a lot slower since I got it and so I just want to clear it all out. Also in msconfig the yar###.exe files sho up in the startup area, I can uncheck them and click apply and they just get rechecked, and no yar###.exe files show up in the task manager anymore.
Since the avg scan that eliminated a lot of the virus I have since ran multiple more AVG scans as well as a SuperAntiSpyWare Free edition scan, I also have ran vcleaner from the AVG site and so far the virus seems to still be there.

Any help would be greatly appreciated.
I am running Windows Vista Ultimate 64-bit







[color=blue]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:24 AM, on 11/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Users\Kamie\Documents\Downloads\removtool.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: QXK Olive - {11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\Windows\dfmlxbpkvlo.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - C:\Windows\SysWow64\ddcyYQjG.dll (file missing)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [\YURCA62.exe] C:\Windows\system32\YURCA62.exe
O4 - HKLM\..\Run: [\YURCB6B.exe] C:\Windows\system32\YURCB6B.exe
O4 - HKLM\..\Run: [\YURCF71.exe] C:\Windows\system32\YURCF71.exe
O4 - HKLM\..\Run: [\YURD396.exe] C:\Windows\system32\YURD396.exe
O4 - HKLM\..\Run: [\YUR5350.exe] C:\Windows\system32\YUR5350.exe
O4 - HKLM\..\Run: [\YUREEF6.exe] C:\Windows\system32\YUREEF6.exe
O4 - HKLM\..\Run: [\YUR6A8E.exe] C:\Windows\system32\YUR6A8E.exe
O4 - HKLM\..\Run: [\YURE655.exe] C:\Windows\system32\YURE655.exe
O4 - HKLM\..\Run: [\YUR622C.exe] C:\Windows\system32\YUR622C.exe
O4 - HKLM\..\Run: [\YURDDE3.exe] C:\Windows\system32\YURDDE3.exe
O4 - HKLM\..\Run: [\YUR596C.exe] C:\Windows\system32\YUR596C.exe
O4 - HKLM\..\Run: [\YURE94F.exe] C:\Windows\system32\YURE94F.exe
O4 - HKLM\..\Run: [\YUR6A73.exe] C:\Windows\system32\YUR6A73.exe
O4 - HKLM\..\Run: [\YUREB97.exe] C:\Windows\system32\YUREB97.exe
O4 - HKLM\..\Run: [\YUR6DA5.exe] C:\Windows\system32\YUR6DA5.exe
O4 - HKLM\..\Run: [\YURF119.exe] C:\Windows\system32\YURF119.exe
O4 - HKLM\..\Run: [\YUR6E28.exe] C:\Windows\system32\YUR6E28.exe
O4 - HKLM\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [\YURF601.exe] C:\Windows\system32\YURF601.exe
O4 - HKLM\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
O4 - HKLM\..\Run: [\YUR878.exe] C:\Windows\system32\YUR878.exe
O4 - HKLM\..\Run: [\YUR8526.exe] C:\Windows\system32\YUR8526.exe
O4 - HKCU\..\Run: [\YURCA62.exe] C:\Windows\system32\YURCA62.exe
O4 - HKCU\..\Run: [\YURCB6B.exe] C:\Windows\system32\YURCB6B.exe
O4 - HKCU\..\Run: [\YURCF71.exe] C:\Windows\system32\YURCF71.exe
O4 - HKCU\..\Run: [\YURD396.exe] C:\Windows\system32\YURD396.exe
O4 - HKCU\..\Run: [\YUR5350.exe] C:\Windows\system32\YUR5350.exe
O4 - HKCU\..\Run: [\YUREEF6.exe] C:\Windows\system32\YUREEF6.exe
O4 - HKCU\..\Run: [\YUR6A8E.exe] C:\Windows\system32\YUR6A8E.exe
O4 - HKCU\..\Run: [\YURE655.exe] C:\Windows\system32\YURE655.exe
O4 - HKCU\..\Run: [\YUR622C.exe] C:\Windows\system32\YUR622C.exe
O4 - HKCU\..\Run: [\YURDDE3.exe] C:\Windows\system32\YURDDE3.exe
O4 - HKCU\..\Run: [\YUR596C.exe] C:\Windows\system32\YUR596C.exe
O4 - HKCU\..\Run: [\YURE94F.exe] C:\Windows\system32\YURE94F.exe
O4 - HKCU\..\Run: [\YUR6A73.exe] C:\Windows\system32\YUR6A73.exe
O4 - HKCU\..\Run: [\YUREB97.exe] C:\Windows\system32\YUREB97.exe
O4 - HKCU\..\Run: [\YUR6DA5.exe] C:\Windows\system32\YUR6DA5.exe
O4 - HKCU\..\Run: [\YURF119.exe] C:\Windows\system32\YURF119.exe
O4 - HKCU\..\Run: [\YUR6E28.exe] C:\Windows\system32\YUR6E28.exe
O4 - HKCU\..\Run: [\YURA0C.exe] C:\Windows\system32\YURA0C.exe
O4 - HKCU\..\Run: [\YURF601.exe] C:\Windows\system32\YURF601.exe
O4 - HKCU\..\Run: [\YURF5F2.exe] C:\Windows\system32\YURF5F2.exe
O4 - HKCU\..\Run: [\YUR878.exe] C:\Windows\system32\YUR878.exe
O4 - HKCU\..\Run: [\YUR8526.exe] C:\Windows\system32\YUR8526.exe
O4 - HKLM\..\Policies\Explorer\Run: [Xayv37fWBx] C:\ProgramData\nevuvifg\pedwjktg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 11100 bytes[/color]









SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2008 at 00:12 AM

Application Version : 4.21.1004

Core Rules Database Version : 3620
Trace Rules Database Version: 1604

Scan type : Complete Scan
Total Scan Time : 00:52:29

Memory items scanned : 62
Memory threats detected : 0
Registry items scanned : 6512
Registry threats detected : 104
File items scanned : 35651
File threats detected : 39

Trojan.Unclassified/DKWQGNBE
HKLM\Software\Classes\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\InprocServer32
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\InprocServer32#ThreadingModel
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\ProgID
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\Programmable
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\TypeLib
HKCR\CLSID\{0E3A3463-7B9C-44E9-B0BF-D71133330658}\VersionIndependentProgID
HKCR\dkwqgnbe.1
HKCR\dkwqgnbe
HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}
HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0
HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\0
HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\0\win32
HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\FLAGS
HKCR\TypeLib\{0B6BE811-089F-4FA3-8C9B-46A16EB176D8}\1.0\HELPDIR
C:\WINDOWS\DKWQGNBE.DLL
HKLM\Software\Classes\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\InprocServer32
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\InprocServer32#ThreadingModel
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\ProgID
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\Programmable
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\TypeLib
HKCR\CLSID\{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}\VersionIndependentProgID
HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}
HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0
HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\0
HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\0\win32
HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\FLAGS
HKCR\TypeLib\{1FCC9348-A600-49FB-B687-8AF0B1F09841}\1.0\HELPDIR
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E3A3463-7B9C-44E9-B0BF-D71133330658}
HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}
HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\ProxyStubClsid
HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\ProxyStubClsid32
HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\TypeLib
HKCR\Interface\{9FF9B973-6F68-4142-B9F3-449E73E2C9FC}\TypeLib#Version
HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}
HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\ProxyStubClsid
HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\ProxyStubClsid32
HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\TypeLib
HKCR\Interface\{C30D6320-1DBB-44CD-91E8-347AB778B27F}\TypeLib#Version

Trojan.Unclassified/PELTODGX
HKLM\Software\Classes\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\InprocServer32
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\InprocServer32#ThreadingModel
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\ProgID
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\Programmable
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\TypeLib
HKCR\CLSID\{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}\VersionIndependentProgID
HKCR\peltodgx.1
HKCR\peltodgx
HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}
HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0
HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\0
HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\0\win32
HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\FLAGS
HKCR\TypeLib\{9C49F28F-9285-4659-9EB9-CEE15DA85009}\1.0\HELPDIR
C:\WINDOWS\PELTODGX.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5}
HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}
HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\ProxyStubClsid
HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\ProxyStubClsid32
HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\TypeLib
HKCR\Interface\{A87F2637-2D4B-46DC-8948-82A4451EFD70}\TypeLib#Version

Trojan.Net-MSV/VPS-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3184AB8-23F0-4518-A798-326C31D95111}
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\InprocServer32
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\InprocServer32#ThreadingModel
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\ProgID
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\Programmable
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\TypeLib
HKCR\CLSID\{A3184AB8-23F0-4518-A798-326C31D95111}\VersionIndependentProgID
HKCR\QXK.Olive
HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}
HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0
HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\0
HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\0\win32
HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\FLAGS
HKCR\TypeLib\{D8C75B82-AFFA-429E-B91C-5D4781C63CF2}\1.0\HELPDIR
C:\WINDOWS\NKEFBLTDSAQ.DLL
HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}
HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\ProxyStubClsid
HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\ProxyStubClsid32
HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\TypeLib
HKCR\Interface\{5172BA48-C7AA-4120-AAB6-477D47E8AA28}\TypeLib#Version
HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}
HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\ProxyStubClsid
HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\ProxyStubClsid32
HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\TypeLib
HKCR\Interface\{E0C6C01C-8CAD-498C-AE89-1B6F66B6FDA7}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@atdmt[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@apmebf[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@media6degrees[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@account.91[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@dynamic.media.adrevolver[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ehg-foxsports.hitbox[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@2o7[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@microsoftwindows.112.2o7[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@iacas.adbureau[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adrevolver[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@www.googleadservices[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@kontera[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@doubleclick[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@statcounter[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adlegend[3].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@fastclick[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@wmvmedialease[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@advertising[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@media.adrevolver[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ad.yieldmanager[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@hitbox[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@revsci[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@realmedia[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@server.cpmstar[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@casalemedia[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.vlaze[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ehg-apollogroup.hitbox[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.revsci[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@clicktorrent[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.us.e-planning[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@media.ntsserve[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adserver.adreactor[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ads.realtechnetwork[1].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@adlegend[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@trvlnet.adbureau[2].txt
C:\Users\Kamie\AppData\Roaming\Microsoft\Windows\Cookies\kamie@ad1.clickhype[1].txt

Trojan.DNSChanger-Codec
HKU\S-1-5-21-1097125929-1174763754-1016038576-1000\Software\uninstall

Adware.Vundo Variant/Rel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\ddcyYQjG.dll,#1 ]

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A6E34#Logon
[ + quote]
Advertisement
_ 		__
cdavfrew
Senior Member
_ 		4. November 2008 @ 04:52 _ Link to this message    Send private message to this user   
Hey Kamelkiss

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards :D
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Kamelkiss
Newbie
_ 		4. November 2008 @ 09:35 _ Link to this message    Send private message to this user   
When I try to run combofix it says incompatible os, can only run on windows 2000 and xp.
os not win32 compatible
maybe you didn't see my note saying I am running vista ultimate 64bit
What should I do since I am running that?
[ + quote]
cdavfrew
Senior Member
_ 		4. November 2008 @ 22:19 _ Link to this message    Send private message to this user   
Hey Kamelkiss

Sorry I missed your note. :)

Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

Configuring Malwarebytes

? Click on the tab Settings.
? Make sure only these boxes are checked: 
Terminate Internet Explorer

Automatically save and display logfile after removal

Always scan memory objects

Always scan registry objects

Always scan filesystem

Always scan extra and heuristics objects
Updating Malwarebytes

? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.

Scanning Time

? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

Post A Log

? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.

Best Regards :D

[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Kamelkiss
Newbie
_ 		5. November 2008 @ 12:32 _ Link to this message    Send private message to this user   
Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 6.0.6001 Service Pack 1

11/5/2008 10:30:28 AM
mbam-log-2008-11-05 (10-30-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 477702
Time elapsed: 1 hour(s), 26 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.batg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dkwqgnbe.bbtw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dkwqgnbe.bvas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dkwqgnbe.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11dfb01a-0852-4955-9747-c59e21dbbda5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11dfb01a-0852-4955-9747-c59e21dbbda5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b09e0f0b-28fe-4a7e-90f6-6d09e4234852} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Kamie\AppData\Local\Temp\TDSS57e9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\TDSS5820.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\TDSS663d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\TDSS7145.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\TDSS18d3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\TDSS231c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Kamie\AppData\Local\Temp\TDSS8d2a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
[ + quote]
cdavfrew
Senior Member
_ 		5. November 2008 @ 22:22 _ Link to this message    Send private message to this user   
Hey KamelKiss

Hmm.... please post a new HijackThis log and tell me what problems you have left.

Best Regards :D

[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Kamelkiss
Newbie
_ 		6. November 2008 @ 12:29 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:31 AM, on 11/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files (x86)\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [Xayv37fWBx] C:\ProgramData\nevuvifg\pedwjktg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8282 bytes
[ + quote]
cdavfrew
Senior Member
_ 		6. November 2008 @ 20:39 _ Link to this message    Send private message to this user   
Hey KamelKiss

? Click Start.
? Open Computer.
? Press the ALT key.
? Select the Tools menu and click Folder Options.
? Select the View Tab.
? Under the Hidden files and folders heading select Show hidden files and folders.
? Uncheck the Hide protected operating system files (recommended) option.
? Click Yes to confirm.
? Click OK.

Does this file exist?
C:\Windows\system32\lsass.exe

What problems do you have left?

Best Regards :D
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Kamelkiss
Newbie
_ 		7. November 2008 @ 01:34 _ Link to this message    Send private message to this user   
yes that file does exist.
It doesn't seem to have any more problems of any kind, does it look clean? Am I perhaps Good to go?
[ + quote]
cdavfrew
Senior Member
_ 		7. November 2008 @ 04:37 _ Link to this message    Send private message to this user   
You are indeed good to go! Enjoy your clean computer!
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Kamelkiss
Newbie
_ 		7. November 2008 @ 09:27 _ Link to this message    Send private message to this user   
THANK YOU!
[ + quote]
Advertisement
_ 		__
 
_
cdavfrew
Senior Member
_ 		7. November 2008 @ 10:49 _ Link to this message    Send private message to this user   
You're welcome!
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis log/superantispyware log
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork