Solved: PLease help HJT log inside

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
I am going insane, I know I have spyware, malware and possibly trojans going on in my PC but no matter what I do I just can't seem to get rid of them. Granted I am no dummy when it comes to PC's I have cws shredder, hijack this, killbox, spybot search and destroy, ad-aware SE. the only thing is I don't know how to read a HJT log. but I know how to use the rest of them. Now my web browser is giving me blank white pages on most of my favorites or some new places I go. I'm loosing my mind please help me someone.

here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:27:34 PM, on 1/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\mpcsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport...weblaunch2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65639E0C-45FC-459A-9194-550EB87F6849}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{79203C50-8227-4516-A6DF-21EB9BC70DA0}: NameServer = 85.255.114.103,85.255.112.80
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\New Folder\CWShredder.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
 
Joined
Jul 26, 2002
Messages
46,349
* Click here to download win32delfkil.exe.
  • Save it to your desktop.
  • Double click on win32delfkil.exe and install it.
  • This creates a new folder on your desktop called win32delfkil.
  • Close all windows, open the win32delfkil folder and double click on the fix.bat[/b file.
    [*]The computer will reboot automatically. If not please restart your computer manually.



* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Look on C:\for the windelf.txt file. Post it here along with a new HiJackThis log along and the results from ActiveScan
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
************************
* WIN32DELFKIL LOGFILE *
************************


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g3919328.dll
g489260640.dll
adsldpbf.dll
alt.exe

File(s) found in system32 folder
--------------------------------
browsela.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{381F6F3E-14A5-44FD-8A38-56BBAE9940DA} REG_SZ OLE Object
{EEA02B89-8EE5-4A9D-BBEB-4FB733661C7F} REG_SZ OLE Object
{31EE3286-D785-4E3F-95FC-51D00FDABC01} REG_SZ Master Browseui

Notify key
----------
subkey browsela is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------
g3919328.dll
g489260640.dll
alt.exe

File(s) found in system32 folder
--------------------------------
browsela.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{381F6F3E-14A5-44FD-8A38-56BBAE9940DA} REG_SZ OLE Object
{EEA02B89-8EE5-4A9D-BBEB-4FB733661C7F} REG_SZ OLE Object
{31EE3286-D785-4E3F-95FC-51D00FDABC01} REG_SZ Master Browseui

Notify key
----------
subkey browsela is present!


Here is the active scan results

Incident Status Location

Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-4fbc14ee-43b1bd47.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-4fbc14ee-61079003.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-393d648-5a78ee11.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-488fe19e-5d4ce279.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-38e10fd5.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-38e10fd5.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-38e10fd5.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-38e10fd5.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-33a58b25.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-33a58b25.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-33a58b25.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-33a58b25.zip[Beyond.class]
Adware:Adware/AzeSearch Not disinfected C:\Documents and Settings\Owner\Desktop\New Folder\backups\backup-20060102-014611-589.inf
Virus:Exploit/Metafile Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\01808300\1000.tmp
Adware:Adware/AzeSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\01808300\1760.tmp
Virus:Trj/Spamer.N Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\file.exe
Virus:Bck/Galapoper.IE Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5EJ05K7\paradise[1].raw
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5EJ05K7\tool2[1].txt
Virus:Trj/Goldun.EY Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5EJ05K7\tool4[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5EJ05K7\toolbar[1].txt
Virus:Bck/Galapoper.IC Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UV6B4X2L\tool3[1].txt
Virus:Exploit/Metafile Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UV6B4X2L\xpl[1].wmf
Virus:Exploit/LoadImage Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXM36961\free[1].anr
Virus:Trj/QHost.DS Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXM36961\hosts[1].txt
Virus:Trj/Banker.BTO Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXM36961\kl[1].txt
Virus:Exploit/Mhtredir.gen Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6XIXIX\index[1].htm
Virus:Exploit/Metafile Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WL6XIXIX\xpladv470[1].wmf
Virus:Exploit/Metafile Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FS2RVEF1\xpladv470[1].wmf
Virus:Exploit/LoadImage Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JRHOC7SS\free[1].anr
Adware:Adware/AzeSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9ANOPQR\azesearch[1].cab
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload1.exe
Virus:Trj/Banker.BTO Not disinfected C:\Program Files\Alwil Software\Avast4\DATA\moved\ibm00002.dll.vir
Virus:Trj/Banker.BTO Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
Virus:Trj/Torpig.Y Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe
Virus:W32/Locksky.R.worm Not disinfected C:\WINDOWS\batserv2.exe
Adware:adware/wupd Not disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/Miamore Not disinfected C:\WINDOWS\g3919328.dll
Adware:Adware/Miamore Not disinfected C:\WINDOWS\g489260640.dll
Adware:Adware/CWS.Yexe Not disinfected C:\WINDOWS\inet20001\services.exe
Virus:Trj/Banker.BTO Not disinfected C:\WINDOWS\kl.exe
Adware:Adware/AzeSearch Not disinfected C:\WINDOWS\LastGood\Downloaded Program Files\azesearch.inf
Adware:adware/sbsoft Not disinfected C:\WINDOWS\rdt.ini
Adware:Adware/WinHound Not disinfected C:\WINDOWS\s2u8.1.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\s3h8.1.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\ajtfmae.dll
Adware:adware/azesearch Not disinfected C:\WINDOWS\system32\azebar.xml
Adware:Adware/Miamore Not disinfected C:\WINDOWS\system32\browsela.dll
Virus:W32/Sasser.ftp Not disinfected C:\WINDOWS\system32\cmd.ftp
Virus:Trj/Downloader.FYV Not disinfected C:\WINDOWS\system32\csmcd.exe
Adware:adware/ideskbar Not disinfected C:\WINDOWS\system32\drivers\zpmodemnt.sys
Adware:Adware/Spoon Not disinfected C:\WINDOWS\system32\favset.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\hlwin.dll
Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\system32\howiper.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\kernels64.exe
Virus:Trj/Spamer.N Not disinfected C:\WINDOWS\system32\mpcsvc.exe
Virus:Bck/Galapoper.IE Not disinfected C:\WINDOWS\system32\paradise.raw
Adware:Adware/Secure32 Not disinfected C:\WINDOWS\system32\paytime.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\PreUninstallHL.exe
Virus:W32/LockSky.S.worm Not disinfected C:\WINDOWS\system32\sysc.exe
Virus:Bck/Galapoper.IE Not disinfected C:\WINDOWS\system32\sywsvcs.exe
Adware:adware/adsmart Not disinfected C:\WINDOWS\system32\vx.tll
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\system32\winctrl64.exe
Adware:adware/popupsandbannersNot disinfected C:\WINDOWS\teller2.chk
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\tool2.exe
Virus:Bck/Galapoper.IC Not disinfected C:\WINDOWS\tool3.exe
Virus:Trj/Goldun.EY Not disinfected C:\WINDOWS\tool4.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\toolbar.exe
Adware:Adware/Popup.pop Not disinfected C:\WINDOWS\winsx.inf
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
Here is the new HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 11:29:30 AM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\mpcsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65639E0C-45FC-459A-9194-550EB87F6849}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{79203C50-8227-4516-A6DF-21EB9BC70DA0}: NameServer = 85.255.114.103,85.255.112.80
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\New Folder\CWShredder.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Patiently and Eagerly awating next instructions
 
Joined
Jul 26, 2002
Messages
46,349
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll

O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll

O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe

O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan

O17 - HKLM\System\CCS\Services\Tcpip\..\{65639E0C-45FC-459A-9194-550EB87F6849}: NameServer = 85.255.114.103,85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\..\{79203C50-8227-4516-A6DF-21EB9BC70DA0}: NameServer = 85.255.114.103,85.255.112.80

O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll

O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll



* Exit Hijack This.


* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

  • Double-click the Network Connections icon
  • Right-click the Local Area Connection icon and select Properties.
  • Hilight Internet Protocol (TCP/IP) and click the Properties button.
  • Be sure Obtain DNS server address automatically is selected.
  • OK your way out.


* Go to Start > Run and type in cmd
  • Click OK.
  • This will open a commad prompt.
  • Type or copy and paste the following line in the command window:

    ipconfig /flushdns


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      C:\WINDOWS\System32\mpcsvc.exe

      C:\WINDOWS\SYSTEM32\avpe32.dll

      C:\WINDOWS\system32\browsela.dll

      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll

      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

      C:\Program Files\Daily Weather Forecast

      C:\WINDOWS\batserv2.exe

      C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll

      C:\WINDOWS\Downloaded Program Files\setup4002b.ini

      C:\WINDOWS\g3919328.dll

      C:\WINDOWS\g489260640.dll

      C:\WINDOWS\inet20001

      C:\WINDOWS\kl.exe

      C:\WINDOWS\LastGood\Downloaded Program Files\azesearch.inf

      C:\WINDOWS\rdt.ini

      C:\WINDOWS\s2u8.1.exe

      C:\WINDOWS\s3h8.1.exe

      C:\WINDOWS\system32\ajtfmae.dll

      C:\WINDOWS\system32\azebar.xml

      C:\WINDOWS\system32\browsela.dll

      C:\WINDOWS\system32\cmd.ftp

      C:\WINDOWS\system32\csmcd.exe

      C:\WINDOWS\system32\drivers\zpmodemnt.sys

      C:\WINDOWS\system32\favset.exe

      C:\WINDOWS\system32\hlwin.dll

      C:\WINDOWS\system32\howiper.exe

      C:\WINDOWS\system32\kernels64.exe

      C:\WINDOWS\system32\paradise.raw

      C:\WINDOWS\system32\paytime.exe

      C:\WINDOWS\system32\PreUninstallHL.exe

      C:\WINDOWS\system32\sysc.exe

      C:\WINDOWS\system32\sywsvcs.exe

      C:\WINDOWS\system32\vx.tll

      C:\WINDOWS\system32\winctrl64.exe

      C:\WINDOWS\teller2.chk

      C:\WINDOWS\tool2.exe

      C:\WINDOWS\tool3.exe

      C:\WINDOWS\tool4.exe

      C:\WINDOWS\toolbar.exe

      C:\WINDOWS\winsx.inf


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confimation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.


    * Go to Control Panel > Internet Options.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.


    * Restart back into Windows normally now.


    * Run Kaspersky online virus scan here.

    When the scan is finished, Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
the link you provided for the virus scan is no good but here is the new HJT log
I also did everything you asked.... the only file that did not want to die with the kill box is the browsella


Logfile of HijackThis v1.99.1
Scan saved at 5:16:24 PM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\uWDF.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA37118-7D5C-44FE-82C2-BDC9F19B0F35}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\New Folder\CWShredder.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
 
Joined
Jul 26, 2002
Messages
46,349
The Kaspersky link works fine for me. I still want you to run it after you do the following:

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll

O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll



* Exit Hijack This.


* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard:

    C:\WINDOWS\SYSTEM32\avpe32.dll
    C:\WINDOWS\system32\browsela.dll


  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, run Kaspersky online virus scan here.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
I was told to do this earlier and did I will now post both scans



Today, 03:43 PM

Cheeseball81
Moderator Posts: 31,092
Join Date: Mar 2004
Location: New York
Experience: Nerd

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
__________________
Peter: Oh my god Brian, there's a message in my Alpha-Bits. It says, 'Oooooo.'
Brian: Peter, those are Cheerios.
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:42:52 PM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe
C:\WINDOWS\alt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA37118-7D5C-44FE-82C2-BDC9F19B0F35}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\New Folder\CWShredder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

here is the ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:31:14 PM, 1/3/2006
+ Report-Checksum: B0EC3919

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01} -> Downloader.Delf.aeo : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000000} -> Spyware.Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
C:\!Submit\batserv2.exe -> Worm.Locksky.m : Cleaned with backup
C:\!Submit\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
C:\!Submit\csmcd.exe -> Downloader.Agent.uj : Cleaned with backup
C:\!Submit\favset.exe -> Trojan.Favadd.an : Cleaned with backup
C:\!Submit\g3919328.dll -> Downloader.Delf.aeo : Cleaned with backup
C:\!Submit\g489260640.dll -> Downloader.Delf.aeo : Cleaned with backup
C:\!Submit\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
C:\!Submit\ibm00001.exe -> Trojan.Zapchast.ad : Cleaned with backup
C:\!Submit\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
C:\!Submit\paradise.raw -> Proxy.Lager.f : Cleaned with backup
C:\!Submit\services.exe -> Downloader.CWS.r : Cleaned with backup
C:\!Submit\sysc.exe -> Worm.Locksky.m : Cleaned with backup
C:\!Submit\sywsvcs.exe -> Proxy.Lager.f : Cleaned with backup
C:\!Submit\tool3.exe -> Downloader.Small.bwr : Cleaned with backup
C:\!Submit\toolbar.exe -> Downloader.Adload.j : Cleaned with backup
C:\!Submit\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-4fbc14ee-43b1bd47.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-4fbc14ee-61079003.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-393d648-5a78ee11.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-488fe19e-5d4ce279.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\my games\splinx crack\run.exe -> Downloader.PassAlert.h : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\my games\splinx crack\snd-phlinxtogo1.0.0.0.patch.exe/run.exe -> Downloader.PassAlert.h : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\New Folder\backups\backup-20060103-155251-860.dll -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\New Folder\backups\backup-20060103-155251-940.dll -> Downloader.Delf.lh : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\a.exe -> Downloader.Small.cdz : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FS2RVEF1\xpladv470[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5U7KXAZ\install[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JRHOC7SS\free[1].anr -> Downloader.Ani.c : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9ANOPQR\loaderadv470[1].exe -> Downloader.Small.cdz : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.l : Cleaned with backup
C:\Program Files\Alwil Software\Avast4\DATA\moved\ibm00002.dll.vir -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\adsldpbf.dll -> Downloader.Delf.lh : Cleaned with backup
C:\WINDOWS\alt.exe -> Hijacker.Delf.eb : Cleaned with backup
C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\WINDOWS\system32\filesafer23.exe -> Hijacker.Small : Cleaned with backup
C:\WINDOWS\system32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup


::Report End
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
yup did them but kill box won't kill them and the link for the virus scanner doesn't work for me. sends me to another website. my web browser is goofin up any how, most of my favorites and some new places I go to keep coming up white blank pages when I know better........that was my sign to seek help for all this
 
Joined
Jul 26, 2002
Messages
46,349
Did you use Killbox with delete on reboot as instructed here?
Flrman1 said:
* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard:

    C:\WINDOWS\SYSTEM32\avpe32.dll
    C:\WINDOWS\system32\browsela.dll


  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, run Kaspersky online virus scan here.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
That should have deleted those files easily. Try this:

* Click here to download win32delfkil.exe.
  • Save it to your desktop.
  • Double click on win32delfkil.exe and install it.
  • This creates a new folder on your desktop called win32delfkil.
  • Close all windows, open the win32delfkil folder and double click on the fix.bat file.
  • The computer will reboot automatically. If not please restart your computer manually
  • Post the contents of the logfile c\windelf.txt, along with a new Hijack This log.
 

Draco2228

Thread Starter
Joined
Jan 2, 2006
Messages
49
ran that win32delfkil for a second time, it was the first thing we did, but there is no file in my C: by that name

Logfile of HijackThis v1.99.1
Scan saved at 11:30:30 AM, on 1/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\alt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\uWDF.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINDOWS\System32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA37118-7D5C-44FE-82C2-BDC9F19B0F35}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\New Folder\CWShredder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top