Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this file


  • This topic is locked This topic is locked
4 replies to this topic

#1 Zomblue

Zomblue

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 21 October 2010 - 10:19 AM

Hiya, my comp is a little slow, I run & update my programs regularly & they are not finding anything: Spybot/Malwarebytes/Microsoft Security Essentials/McAfee/Windows Defender - Cleaners: Ccleaner/Pointstone System Cleaner/Disk Cleaner & Defrag, SO I - Ran HiJackThis & it found one thing, don't know what to do to get that problem off, will post scan below, also noticed malwarebytes will not update (keeps giving me an error). Number 15 on hijackthis was named a virus? Startup is a bit slow,(I have used msconfig to cut it down to 5 programs)although MS security essentials is on startup, so that could be causing the lag there. ANY help is appreciated! I know there's got to be something hiding here, but I'm at a loss to find it.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:31 AM, on 10/21/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Users\Pamela\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361209k115l03c4z1i5a49j2x320
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361209k115l03c4z1i5a49j2x320
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361209k115l03c4z1i5a49j2x320
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101019205930.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10228 bytes

Here is the Scan Results from Hijackthis logfileauswertung


headleft


HijackThis.de Security
Direct download
To the authors homepage
Deutsch English Français Italian Czech

headright

HijackThis log file analysis
HijackThis opens you a possibility to find and fix nasty entries on your computer easier.
Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.
A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page.
Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program.

Service & Support
HijackThis.de Supportforum Deutsch | English
Forospyware.com (Spanish) www.forospyware.com
Malwarecrypt.com www.malwarecrypt.com
Computerhilfen www.computerhilfen.com

Did you know...?
..., that you can also use the MD5-Hash function of HijackThis in order to get a better analyzing result?

Log file
You can paste a logfile in this textbox

or you can choose a logfile from your computer



Show the visitors ratings

Help us to keep this free service online! Please give us a small donation via PayPal.
We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
Actions

Entry

Kind

Visitor's assessment

Information
Analyzerdetails
Logfile of Trend Micro HijackThis v2.0.4

Kind


This should be the newest version.

Platform: Windows 7 (WinNT 6.00.3504)

Kind



Analyzerdetails
MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Kind


This should be the newest version.
Visitor's assessment Analyzerdetails
Boot mode: Normal

Kind

Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\Users\Pamela\Desktop\HijackThis.exe

Kind


Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Visitor's assessment Analyzerdetails
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361209k115l03c4z1i 5a49j2x320

Kind


This page has been identified as safe.
Visitor's assessment Analyzerdetails
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home

Kind


This page has been identified as safe.
Visitor's assessment Analyzerdetails
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361209k115l03c4z1i 5a49j2x320

Kind


This page has been identified as safe.
Visitor's assessment Analyzerdetails
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361209k115l03c4z1i 5a49j2x320

Kind


This page has been identified as safe.
Visitor's assessment Analyzerdetails
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Kind


Safe (4.1 / 5.00)
Visitor's assessment Analyzerdetails
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

Kind


jccatch.dll - FlashGet, http://www.trendmicro.com/vinfo/virusenc yclo/default5.asp?VName=ADW_FLASHGET.A
Visitor's assessment Analyzerdetails
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Kind

Safe
Safe
Unknown application.
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)

Kind


Unknown application.
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101019205930.dll

Kind


scriptproxy.dll, scriptsn.dll - McAfee, http://us.mcafee.com/ ScriptScan
Visitor's assessment Analyzerdetails
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Kind


WindowsLiveLogin.dll - Microsoft Windows_Live, http://ideas.live.com/
Visitor's assessment Analyzerdetails
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

Kind

Safe
Safe
googletoolbar.dll, googletoolbar*.dll (* = number), googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. - Google toolbar, http://toolbar.google.com/
Visitor's assessment Analyzerdetails
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

Kind


swg.dll - Google Toolbar Notifier, http://googlesystem.blogspot.com/2006/07 /google-is-your-default-search.html
Visitor's assessment Analyzerdetails
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

Kind

Neutral
Neutral
jp2ssv.dll - Sun_Java, http://java.sun.com/javase/downloads/ind ex.jsp browser plugin
Visitor's assessment Analyzerdetails
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

Kind


getflash.dll - FlashGet, http://www.flashget.com
Visitor's assessment Analyzerdetails
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

Kind

Safe
Safe
googletoolbar.dll, googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll, googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll - Google Toolbar
Visitor's assessment Analyzerdetails
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)

Kind


Unknown application.
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

Kind


Safe (4.12 / 5.00)
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

Kind

Very safe
Very safe
ATI Core Component
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

Kind


Safe (4.41 / 5.00)
Visitor's assessment Analyzerdetails
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

Kind

Safe
Safe
Desktop Sidebar
Visitor's assessment Analyzerdetails
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

Kind

Safe
Safe
Desktop Sidebar
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

Kind


The entry &Download All with FlashGet has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

Kind


The entry &Download with FlashGet has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

Kind


The entry E&xport to Microsoft Excel has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.ht ml

Kind


The entry Google Sidewiki... has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Kind


The entry Blog This has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Kind


The entry &Blog This in Windows Live Writer has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

Kind


The entry FlashGet has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

Kind


The entry FlashGet has been identified as safe.
Visitor's assessment Analyzerdetails
O15 - Trusted Zone: http://software.kuaiche.com

Kind

Nasty
Nasty
If you did not add these pages to your trusted pages, they should be fixed.
Visitor's assessment Analyzerdetails
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

Kind


This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Kind

Safe
Safe
Check if you know this site and fix it if you do not. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

Kind

Safe
Safe
Unknown service. (alg.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

Kind

Very safe
Very safe
Unknown service. (atiesrxx.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

Kind

Safe
Safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

Kind


Safe (4.33 / 5.00)
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

Kind

Safe
Safe
This service (fxssvc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

Kind


Neutral (3.43 / 5.00)
Visitor's assessment Analyzerdetails
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Kind


Safe (3.82 / 5.00)
Visitor's assessment Analyzerdetails
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

Kind


This service (GoogleUpdaterService.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Kind


This service (IDriverT.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Safe
Safe
This service (lsass.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

Kind


Unknown service. (McSvHost.exe)
Visitor's assessment Analyzerdetails
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

Kind


Unknown service. (McSvHost.exe)
Visitor's assessment Analyzerdetails
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

Kind


Unknown service. (McSvHost.exe)
Visitor's assessment Analyzerdetails
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

Kind


This service (mcods.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

Kind


Unknown service. (McSvHost.exe)
Visitor's assessment Analyzerdetails
O23 - Service: McShield - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeSystemCore\mcshield.exe

Kind


This service (mcshield.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeSystemCore\mfefire.exe

Kind

Very safe
Very safe
Unknown service. (mfefire.exe)
Visitor's assessment Analyzerdetails
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

Kind

Very safe
Very safe
Unknown service. (mfevtps.exe)
Visitor's assessment Analyzerdetails
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

Kind

Very safe
Very safe
This service (msdtc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

Kind


Safe (4.22 / 5.00)
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Safe
Safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

Kind


This service (RoxioUPnPRenderer9.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe

Kind


This service (RoxioUpnpService9.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

Kind


This service (RoxLiveShare9.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

Kind


This service (RoxMediaDB9.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

Kind


This service (RoxWatch9.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Safe
Safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

Kind

Safe
Safe
Unknown service. (snmptrap.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

Kind

Safe
Safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

Kind

Safe
Safe
Unknown service. (sppsvc.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

Kind

Safe
Safe
Unknown service. (UI0Detect.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

Kind


Unknown service. (UpdaterService.exe)
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

Kind

Safe
Safe
Unknown service. (vds.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

Kind

Safe
Safe
This entry is not running from the System32 folder, so it is probably nasty. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

Kind

Safe
Safe
Unknown service. (WatAdminSvc.exe) This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

Kind

Very safe
Very safe
This service (wbengine.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

Kind

Very safe
Very safe
This service (WmiApSrv.exe) was identified as a good one. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Kind

Very safe
Very safe
This service (wmpnetwk.exe) was identified as a good one.
Short analysis
Use these tips at your own risk!

© 2004 - 2010 Mathias Mattner | Contact

bottomleft

bottomright

Edited by Zomblue, 22 October 2010 - 10:14 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 30 October 2010 - 07:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Zomblue

Zomblue
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 31 October 2010 - 10:19 PM

Thanks for your response - I appreciate it!

I did post at another forum (forgive me because your response took a bit - I know you're busy) & they got back to me right away & had me run a coupla scans, but nothing is resolved yet, except for me taking off the Microsoft Security Essentials (which did greatly improve my speed) I didn't realize it was fighting McAfee. I know better than to try to have 2 different people help me at once, so I will let you move on to another persons problem & I will post back here either if I find the solution (for FYI) or if it is not fixed. I will try to have more patience next time, as you guys were my first choice for computer help.

I have found a file that will not let me access it to delete/shred it, that is named for a kids game I bought & have uninstalled a long time ago, so I think that might be one of my problems. Says the file is in use etc. So that's another thing I want to check out.

Thanks again, you are very kind to help people the way you guys do here, your forum has a very good reputation!
Keep up the good work! Hope you have a nice day!

Edited by Zomblue, 01 November 2010 - 10:58 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 01 November 2010 - 06:24 PM

OK, thanks for letting me know! It's definitely smarter to keep working with one person, otherwise we'd end up giving you conflicting directions and potentially turn your computer into a brick. I'll keep this thread open for 5 days or so if you have any issues. Sorry for the wait..we're getting slammed the past couple of weeks.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 07 November 2010 - 04:12 PM

Since this issue appears to be handled elsewhere, this thread is now closed.

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users