Solved: Help! I have infestation of viruses,spybots, and adwares!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Wasper

Thread Starter
Joined
Jul 7, 2005
Messages
295
Hello,

I am currently using a Windows XP Home SP2 machine, with anti-virus protection andfirewalls installed. Yesdurday i was online and i got a wierd icon in my task bar next to my clock, a little red dot with an X in it, a bubble pops up and reads " Your computer is infected !". I have never seen this icon before so i dont know if its a legit windows warning some kind of non-legit program installed on my system.

If you right click it , no options appear, and if you left click , it then opens IE and proceeds to a Anti-Virus Gold web site. Shortly after the web site opened i got a virus alert from my V-Com SystemSuit anti-virus program, warning me that TROJ_STARTPAG.RE was found. I then noticed that in My Favorites in IE, there were many bookmarks i didnt put there, mortgage rates...bad credit loans, free adult web site passes... and so on.

I proceeded to use my installed anti-virus,spot-bot,and ad-ware programs to try to clean my system. Theese include V-Com System Suite 5's Trend Micro Anti-Virus Program,Spybot S+D v1.4, Ad-Aware SE personal, and Spy Blaster. it said that it removed some spybots,adware and it said it deleted files containing the troj virus.

The red dot however, never went away, so I rebooted my machine once i double checked that it was clean, but after the reboot my IE and Yahoo Browsers tried to connect to the internet.They were both stopped by my firewall before a connection could take place, but about 2 mins after that it once again said i had TROJ_STARTPAG.RE, the red dot was back,all the added bookmarks,the spybots, and the whole sha-bang.

I have tried for 5 hours straight, 2 nights in a row to fix this.. to no avail. I had tried doing all the scans in safe mode, admin mode, my main user mode and nothing seems to work. And not to mention my wife nneds computer for college work and im the culprit who was using the comp when it was effected :eek:


I dont know what im doing anymore..is that dasterdly red dot legit, or some kind of hijaker? why do theese viruses , spybots, and ad-wares keep coming back?

Please, Please help if you can, Thank you
 
Joined
Sep 7, 2004
Messages
49,014
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:


Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your desktop
Post that log

Also get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click unzip letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
 

Wasper

Thread Starter
Joined
Jul 7, 2005
Messages
295
Hello again,

I did what you said i should do in the reply to my question. That ewido program found a bunch of stuff, but when i booted in regular mode , that red dot is still there :mad:

here are the 2 logs you asked me to post.
 

Attachments

Joined
Sep 7, 2004
Messages
49,014
Add remove programs - remove Bear Share the source of your infection

DL http://www.downloads.subratam.org/KillBox.zip

Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:


C:\WINDOWS\addor32.exe
C:\WINDOWS\apidn.exe
C:\WINDOWS\apifo.exe
C:\WINDOWS\apixk32.dll
C:\WINDOWS\appzh.dll
C:\WINDOWS\atlgo32.dll
C:\WINDOWS\crep.exe
C:\WINDOWS\mfcpg.exe
C:\WINDOWS\netki32.exe
C:\WINDOWS\netkt.exe
C:\WINDOWS\netva.exe
C:\WINDOWS\ntki32.exe
C:\WINDOWS\orun32.ini:bhcjxe
C:\WINDOWS\pfe32.ini:uiuwro
C:\WINDOWS\screen.html:avcexh
C:\WINDOWS\screen.html:hkxrzy
C:\WINDOWS\sdktq.exe
C:\WINDOWS\setuplog.txt:ecgdn
C:\WINDOWS\smscfg.ini:rkkjjb
C:\WINDOWS\syslv.dll
C:\WINDOWS\sysqh32.exe
C:\WINDOWS\system32\addeh32.exe
C:\WINDOWS\system32\addrm32.exe
C:\WINDOWS\system32\addyr.exe
C:\WINDOWS\system32\apiav.exe
C:\WINDOWS\system32\apijj32.exe
C:\WINDOWS\system32\apipy.exe
C:\WINDOWS\system32\appes.exe
C:\WINDOWS\system32\atlev.dll
C:\WINDOWS\system32\atlev.exe
C:\WINDOWS\system32\atlil.dll
C:\WINDOWS\system32\crgw32.exe
C:\WINDOWS\system32\iejz32.exe
C:\WINDOWS\system32\ipyl.exe
C:\WINDOWS\system32\javafg.exe
C:\WINDOWS\system32\javatx32.exe
C:\WINDOWS\system32\javaxk.exe
C:\WINDOWS\system32\mfcgs.exe
C:\WINDOWS\system32\msue32.exe
C:\WINDOWS\system32\netky.dll
C:\WINDOWS\system32\netuc32.exe
C:\WINDOWS\system32\ntdu.exe
C:\WINDOWS\system32\PLSRemote.exe
C:\WINDOWS\system32\sysyd32.exe
C:\WINDOWS\system32\winbu.dll
C:\WINDOWS\translat.ini:xdfkr
C:\WINDOWS\winhz.exe
C:\WINDOWS\winwy.exe
C:\WINDOWS\_MSRSTRT.EXE:bsznw
C:\WINDOWS\_MSRSTRT.EXE:ezlpk
C:\WINDOWS\_MSRSTRT.EXE:fljup
C:\WINDOWS\_MSRSTRT.EXE:gyhpg
C:\WINDOWS\_MSRSTRT.EXE:htwah
C:\WINDOWS\_MSRSTRT.EXE:ihrzuw
C:\WINDOWS\_MSRSTRT.EXE:kqweh
C:\WINDOWS\_MSRSTRT.EXE:lknxk
C:\WINDOWS\_MSRSTRT.EXE:phhus
C:\WINDOWS\_MSRSTRT.EXE:qqoda
C:\WINDOWS\_MSRSTRT.EXE:rxdyn
C:\WINDOWS\_MSRSTRT.EXE:rxdynd
C:\WINDOWS\_MSRSTRT.EXE:wseue
C:\WINDOWS\_MSRSTRT.EXE:zthnb
C:\WINDOWS\_MSRSTRT.EXE:zxttl
C:\WINDOWS\_MSRSTRT.EXE

Now put a tick by Delete on reboot.
Click on the button with the red circle with the X. It will ask for confirmation. Click yes – repeat on all of the files – on the last one click yes twice

Download CWShredder http://www.intermute.com/products/cwshredder.html

Close all browser windows,
Open cwshredder.exe then click "Fix" and let it run.

DL http://forums.techguy.org/attachment.php?attachmentid=45240
· Double-click the cwsserviceremove.reg file you downloaded at the beginning.
· Answer Yes when prompted to add the contents to the registry.

Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ydkim.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {EF2B7C2D-742C-AC11-F013-B8534263D991} - C:\WINDOWS\system32\netky.dll (file missing)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll

O4 - HKLM\..\Run: [apifo.exe] C:\WINDOWS\apifo.exe
O4 - HKLM\..\RunOnce: [apipy.exe] C:\WINDOWS\system32\apipy.exe
O4 - HKLM\..\RunOnce: [winwy.exe] C:\WINDOWS\winwy.exe
O4 - HKLM\..\RunOnce: [appes.exe] C:\WINDOWS\system32\appes.exe
O4 - HKLM\..\RunOnce: [addrm32.exe] C:\WINDOWS\system32\addrm32.exe
O4 - HKLM\..\RunOnce: [mfcgs.exe] C:\WINDOWS\system32\mfcgs.exe
O4 - HKLM\..\RunOnce: [addor32.exe] C:\WINDOWS\addor32.exe
O4 - HKLM\..\RunOnce: [addeh32.exe] C:\WINDOWS\system32\addeh32.exe
O4 - HKLM\..\RunOnce: [netuc32.exe] C:\WINDOWS\system32\netuc32.exe
O4 - HKLM\..\RunOnce: [mfcpg.exe] C:\WINDOWS\mfcpg.exe
O4 - HKLM\..\RunOnce: [winhz.exe] C:\WINDOWS\winhz.exe
O4 - HKLM\..\RunOnce: [apiav.exe] C:\WINDOWS\system32\apiav.exe
O4 - HKLM\..\RunOnce: [ntki32.exe] C:\WINDOWS\ntki32.exe
O4 - HKLM\..\RunOnce: [msue32.exe] C:\WINDOWS\system32\msue32.exe
O4 - HKLM\..\RunOnce: [sdktq.exe] C:\WINDOWS\sdktq.exe
O4 - HKLM\..\RunOnce: [ntdu.exe] C:\WINDOWS\system32\ntdu.exe
O4 - HKLM\..\RunOnce: [addyr.exe] C:\WINDOWS\system32\addyr.exe
O4 - HKLM\..\RunOnce: [ipyl.exe] C:\WINDOWS\system32\ipyl.exe
O4 - HKLM\..\RunOnce: [netkt.exe] C:\WINDOWS\netkt.exe
O4 - HKLM\..\RunOnce: [netva.exe] C:\WINDOWS\netva.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe

O23 - Service: Network Security Service (NSS) ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apipy.exe" /s (file missing)

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log

Please give feedback on what worked/didn’t work and the current status of your system
 

Wasper

Thread Starter
Joined
Jul 7, 2005
Messages
295
Hello again,

I followed your instructions and did everything you asked me to do step-by-step. After i finished , I rebooted, and as soon as my desktop came up the IE Browser and my yahoo browser both tried to connect to the Internet again. My firewall stopped them from making a connection, but it seems like that problem did not go away.

What did go away was that annoying little red dot with the X in it saying my computers infected. I don't know if it really went away tho, because when i came home today and turned on my computer the red dot was not there. while following your instructions i had to reboot it once in middle of the fix, the red dot came back, now after final reboot after fix, its gone again.I didn't want to reboot again until i created a new HJT log and sent it to you.

Please take a look at the new HJT log and let me know if anything looks out of place, because its quite concerning that my browsers are still trying to connect on there own.

The latest HJT log is attached.

P.S. thank you for your help so far, i would have never in a million years got this far (y)
 

Attachments

Joined
Sep 7, 2004
Messages
49,014
Get these tools

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/...A8BD-DBF62EDA9671&displaylang=en&Hash=RDXMHB6 (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot and MS AntiSpy, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Fix these with HJT

O23 - Service: Network Security Service (NSS) ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apipy.exe" /s (file missing)

Boot and post a new log

O23 - Service: Network Security Service (NSS) ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apipy.exe" /s (file missing)

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Network Security Service (NSS)

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.


Please give feedback on what worked/didn’t work and the current status of your system
 

Wasper

Thread Starter
Joined
Jul 7, 2005
Messages
295
Hi again,

I followed your advice and downloaded and ran the programs you suggested i get, and removed what they told me to.

When iI tried to fix the file extention thru HJT it didnt show up in the list. So i rebooted my comp and at start up once again the IE browser and Yahoo browser tried to connect to the internet.

I looked for the Network Security Service (NSS) where you told me to look, but it also was not present in that list.

I supplied a new HJT log attached to this response. Please let me know if you have any other ideas as to why my IE and Yahoo try to connect on thier own.


Thank you
 

Attachments

Joined
Sep 7, 2004
Messages
49,014
Please post the log not attach

Logfile of HijackThis v1.99.1
Scan saved at 5:43:19 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YBrowser.exe] C:\Program Files\Yahoo!\browser\YBrowser.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 
Joined
Sep 7, 2004
Messages
49,014
Sorry I was concentrating on the problems in the log an not IE starting

Fix in normal mode - mark the entries - close IE - click fix checked

O4 - HKLM\..\Run: [YBrowser.exe] C:\Program Files\Yahoo!\browser\YBrowser.exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

Is there anything else that you know of??
 

Wasper

Thread Starter
Joined
Jul 7, 2005
Messages
295
Thank you for all your help,

My system is clean of all the viruses ,spybots, and adware, I scaned and rescaned my system to make sure. I also rebooted a few times and the problem with IE and Yahoo starting on their own is fixed. I'm sorry for putting thoose logs as attachments, im new to the forums ,and I now know for any future problems to post them right into the reply.


THANKS AGAIN FOR ALL YOUR HELP!!!!! :) :D (y) (y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top