Thread: Problem with lsass.exe process, memory
View Single Post
Join Date: Feb 2004
Posts: 9,925
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 709
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Problem with lsass.exe process, memory

 
0
  #2
May 31st, 2008
Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {6d4a3bf5-d82c-4bd2-aa96-b736c38ea7af} - C:\WINDOWS\system32\geBuVOFu.dll (file missing)
O2 - BHO: {b42f243e-b185-eb4b-a8d4-8476a770f667} - {766f077a-6748-4d8a-b4be-581be342f24b} - C:\WINDOWS\system32\kpyabpps.dll
O2 - BHO: (no name) - {b6e95516-27c0-443d-9ba9-abd8c12bae16} - C:\WINDOWS\system32\iifedbyV.dll (file missing)

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)

O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?

O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: przfsc - przfsc.dll (file missing)
O20 - Winlogon Notify: winctrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\system32\kpyabpps.dll
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\SYSTEM32\WLCtrl32.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote