my computer is barely starting up.

[Leigh PARK]

my friend was surfing the internet looking for graphics for her website and she picked up a bunch of viruses and malware by accident. could someone help me get rid of them? it's to the point where i can barely start up my computer.

thanks.

- leigh.

Logfile of HijackThis v1.99.1
Scan saved at 7:55:31 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\xxktlib.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Desktop\anti bad things\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [fgrlnz] c:\windows\system32\xxktlib.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: things to do..txt
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\ruvpsp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

[MFDnNC]

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:


Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your desktop
This will take some time to run!
____________________________________________

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
___________________________________

Post both logs and a new hjt log after booting - don't worry about having to do multiple posts to post the 3 logs

 

[Leigh PARK]

this is my ewido scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:04:21 PM, 7/16/2005
+ Report-Checksum: 6EB7B260

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{017C20C1-F86F-11D8-9B25-000ACD002AE3} -> Spyware.EnhanceMySearch : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1004\Software\WinUpdt -> Spyware.SecondThought : Cleaned with backup
C:\Documents and Settings\All Users\Desktop\anti bad things\backups\backup-20050227-150211-347.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\All Users\Desktop\anti bad things\backups\backup-20050710-210415-856.dll -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\All Users\Desktop\anti bad things\backups\backup-20050710-213720-515.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temp\!update.exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temp\945.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temp\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temp\Cookies\leighann [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLK10DQP\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\45UV8PM3\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\45UV8PM3\bridge-c3[1].cab/MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\89ERODM7\QDow_AS2[1].cab/QDow_AS2.dll -> TrojanDownloader.QDown.s : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\8F8VIPOB\installer_MARKETING13[1].cab/installer_MARKETING13.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\8RT7AEN5\Oversexe[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\8Z7JIOX5\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\9KCB55WH\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\ANGPY10V\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\ANGPY10V\installer_MEDIAWHIZ8[1].cab/installer_MEDIAWHIZ8.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\ANGPY10V\upd207[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\GTIR4X6N\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\U74R6ZCR\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\U74R6ZCR\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\WL01MR8H\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\WL01MR8H\bridge-c5[1].cab/MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Leighann Sainato\Local Settings\Temporary Internet Files\Content.IE5\Y5381WVQ\bridge-c8[1].cab/MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\aaao\uiaw.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING13.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EasyMessengerAX.dll/em2.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_MARKETING13.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Cache\HelperInstaller.exe -> TrojanDropper.Delf.z : Cleaned with backup
C:\WINDOWS\system32\kndfo.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\meobjs.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mfcpxl32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mjtscax.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mrtscax.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ruvpsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\spvsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\umrv42a.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\umrvpa.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\vaa64k.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\vthelper.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wcnsta.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wυauclt.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\xypwvc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\upd207.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup


::Report End

 

[Leigh PARK]

and this is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:28:23 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\windows\system32\oevdqu.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Desktop\anti bad things\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yogxout] c:\windows\system32\oevdqu.exe r
O4 - HKCU\..\Run: [Obrc] C:\Program Files\aaao\uiaw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Kgfta] C:\WINDOWS\system32\w?auclt.exe
O4 - Startup: things to do..txt
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

[Leigh PARK]

i couldn't get l2mfix to work for some reason. it just won't open. or, it will but it says that the program is already in use, even though it's not. it flickers open and then closes automatically. i don't really know why.

and sorry this took so long. i couldn't get my computer to turn on for a few days.

 

[MFDnNC]

from the fix

This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log

 

[Leigh PARK]

a log won't even appear after i 'run' it. is there another program or another way? i don't know what else to do. and svcproc.exe is taking over my computer, but it appears that i already deleted the file so i can't get rid of it.

 

[Leigh PARK]

please help. this is putting me way ebhind schedule on a lot of projects i'm supposed to be working on.

 

[MFDnNC]

Run this http://www.mypctuneup.com/evaluate.php

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [yogxout] c:\windows\system32\oevdqu.exe r

O4 - HKCU\..\Run: [Obrc] C:\Program Files\aaao\uiaw.exe

O4 - HKCU\..\Run: [Kgfta] C:\WINDOWS\system32\w?auclt.exe

DL http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\wupdt.exe
c:\windows\system32\oevdqu.exe
C:\WINDOWS\system32\w?auclt.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these folders

C:\Program Files\aaao

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log

Please give feedback on what worked/didn’t work and the current status of your system