LSASSMGR.exe

Sparky1567 · #1 16th Sep 2008, 11:27

Hello, i think i have a similar problem. I get Lssmon.exe in my Task manager and when i end this task, the spyware ad thing he was talking of goes away. I Also have a bunch of pop up windows and LSASSMGR.exe running in my task manager as well. I downloaded Combo fix and here is what it told me: (kinda big, but oh well)

ComboFix 08-09-15.02 - Owner 2008-09-16 10:51:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.643 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanag er[2].txt
C:\Documents and Settings\LocalService\Cookies\system@antispywarema ster[1].txt
C:\WINDOWS\system32\spool.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-16 10:37 . 2008-09-16 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-16 07:42 . 2008-09-16 07:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 22:59 . 2008-09-15 23:15 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-15 22:59 . 2008-09-15 23:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-15 22:59 . 2008-09-15 23:15 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 22:58 . 2008-09-16 06:45 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-15 22:58 . 2008-09-15 22:58 <DIR> d-------- C:\Program Files\AVG
2008-09-15 22:58 . 2008-09-15 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-15 21:10 . 2008-09-15 21:10 918,016 --a------ C:\WINDOWS\system32\lssmon.exe
2008-09-15 21:10 . 2008-09-15 21:10 918,016 --a------ C:\WINDOWS\divx32.dll
2008-09-15 21:10 . 2008-09-15 21:10 17,920 --a------ C:\WINDOWS\system32\srtsrv32.exe
2008-09-15 21:10 . 2008-09-15 21:10 17,920 --a------ C:\WINDOWS\system32\LSASSMGR.EXE
2008-09-15 21:10 . 2008-09-16 10:45 5,903 --a------ C:\WINDOWS\system32\mssc32.dll
2008-09-15 21:10 . 2008-09-16 10:45 5,903 --a------ C:\WINDOWS\system32\bsc32.dll
2008-09-08 20:07 . 2008-09-15 21:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Corel
2008-09-08 20:07 . 2008-09-13 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-08 20:07 . 2008-09-08 20:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-08 19:57 . 2008-09-08 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-09-08 19:53 . 2008-09-08 19:54 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-09-08 19:45 . 2008-09-15 09:23 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-08 19:45 . 2008-09-15 09:23 88 -r-hs---- C:\WINDOWS\system32\0DD1EE6CC1.sys
2008-09-08 19:44 . 2008-09-08 20:07 <DIR> d-------- C:\Program Files\Corel
2008-09-08 18:11 . 2008-09-08 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-09-08 18:10 . 2008-09-08 18:11 <DIR> d-------- C:\Program Files\AIM6
2008-09-05 17:42 . 2008-09-05 17:42 <DIR> d-------- C:\Program Files\Xvid
2008-09-05 17:42 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-05 17:42 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-05 17:42 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-09-03 15:51 . 2008-09-03 15:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-08-29 15:08 . 2008-08-29 15:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-28 13:40 . 2008-08-28 13:43 <DIR> d-------- C:\Documents and Settings\Owner\mindterm
2008-08-26 20:31 . 2008-08-26 20:31 <DIR> d-------- C:\Program Files\Mp3 File Editor
2008-08-26 20:31 . 2008-08-26 20:31 286,720 --a------ C:\WINDOWS\iun506.exe
2008-08-26 20:23 . 2008-08-26 20:23 <DIR> d-------- C:\Program Files\Free WMA to MP3 Converter
2008-08-20 19:41 . 2006-10-04 07:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-20 19:41 . 2006-10-04 07:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-20 19:41 . 2006-10-04 07:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-20 19:39 . 2008-08-20 19:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-16 05:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-16 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-16 04:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\FileZilla
2008-09-16 04:00 --------- d-----w C:\Program Files\Starcraft
2008-09-09 02:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-09 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-09 01:10 --------- d-----w C:\Program Files\Common Files\AOL
2008-09-09 01:08 --------- d-----w C:\Program Files\Google
2008-09-09 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-03 07:57 9,080 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-09-02 06:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-08-27 03:28 --------- d-----w C:\Program Files\Easy MP3 Cutter
2008-07-18 03:59 --------- d-----w C:\Program Files\7-Zip
2008-07-15 21:22 94,208 -c--a-w C:\WINDOWS\ScUnin.exe
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-25 01:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-11-15 01:29 62,584 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 158208]
"Layersecurity Servicemonitor"="C:\WINDOWS\system32\LSSMON.EXE" [2008-09-15 918016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firefox.exe]
"Debugger"=C:\Program Files\Mozilla Firefox\firefoxe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=C:\Program Files\Internet Explorer\iexplor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv.exe]
"Debugger"=C:\WINDOWS\system32\spool.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 08:21 50472 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 07:33 963072 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-09-15 23:16 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-08-04 11:00 462336 C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 02:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 22:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-08-21 10:15 483328 C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-08-21 10:23 49152 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 23:04 52736 c:\WINDOWS\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-17 02:16 229376 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-12 02:02 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Layersecurity Servicemonitor]
--a------ 2008-09-15 21:10 918016 C:\WINDOWS\system32\lssmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-20 18:18 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-10-16 22:57 81920 C:\WINDOWS\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 13:43 233472 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
--a------ 1999-11-07 14:11 27136 c:\hp\bin\cloaker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-18 06:31 118784 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-02-28 08:07 88364 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-15 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Antispyware - C:\Program Files\AntiSpywareApp\Antispyware.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-VTTimer - VTTimer.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wc1a2vof.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 10:56:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\M ySQL]
"ImagePath"="\"F:\bin\mysqld-nt\" --defaults-file=\"F:\my.ini\" MySQL"
.
Completion time: 2008-09-16 11:01:14
ComboFix-quarantined-files.txt 2008-09-16 18:00:11
Pre-Run: 5,475,741,696 bytes free
Post-Run: 5,604,921,344 bytes free
233 --- E O F --- 2008-09-10 10:02:12

**evilfantasy** · #2 16th Sep 2008, 11:48

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

File::
C:\WINDOWS\system32\lssmon.exe
C:\WINDOWS\divx32.dll
C:\WINDOWS\system32\srtsrv32.exe
C:\WINDOWS\system32\LSASSMGR.EXE
C:\WINDOWS\system32\mssc32.dll
C:\WINDOWS\system32\bsc32.dll
C:\WINDOWS\system32\0DD1EE6CC1.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Layersecurity Servicemonitor"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv.exe]
"Debugger"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Layersecurity Servicemonitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

Double-click on HJTInstall.
Click on the Install button.
It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
Upon install, HijackThis should open for you.
Click on the Do a system scan and save a log file button
HijackThis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your post.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Lsassmgr.exe	Lovelyeyes	Virus, Spyware & Security	4	21st Dec 2008 13:28
LSASSMGR.exe (& others) infected! Any info/help?	teddynicholas	Virus, Spyware & Security	7	23rd Sep 2008 10:25
LSSMON.exe LSASSMGR.exe and srtsrv.exe	krellda	Virus, Spyware & Security	8	15th Sep 2008 12:58