Solve : cxtpls.dll?

1.	Solve : cxtpls.dll?
Answer» I rum hijack this on my dad's pc and came across this: O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing) Would i be right in thinking he has spyware??shell26....... It looks like it should be marked for removal.......... there are probably more ....check the logfile carefully dl65 BHO stansd for Browser Helper Object. These may or may not be spyware. Use Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. To find out. It can show you an exact list of the BHO's installed. My dad is the same as me- not a ligit windows xp. Can't get microsoft downloads. How can i tell what is spyware from his log? I recognised this one cos he had problems with contextplus before and i put 2=2 together but i wouldn't have a clue with the rest.he has run bullguard, avg and spy sweeper but all results came back ok. shall i tell him to get spybot onto it? Quote My dad is the same as me- not a ligit windows xp. Can't get microsoft downloads. That is security breach number one and will never be removed unless you obtain a legal copy. You might want to use http://merijn.org/files/bholist.zip]this program. I doubt it can tell you wheter it is a legal BHO or not, though. Read this as well. shell26.......Run another hijackthis scan and post it here so we can tell you what to remove . the 02 entry you listed above is bad it has to be removed . dl65 Quote O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing) Just delete to 02 entry, it's calling for a file that isn't there anyway. If in doubt, have a look C:\Program Files\CxtPls\cxtpls.dll and see if it's there.here is my dad's log file as requested: Logfile of HijackThis v1.99.1 Scan saved at 10:00:52, on 09/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\system32\vbrundll.dll O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nspF.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe" O8 - Extra context menu ITEM: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D41F8257-AECC-4FD9-BB56-A8400536D865}: NameServer = 195.92.195.94 195.92.195.95 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing) O23 - Service: BullGuard File Monitoring (BsFileSpy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing) O23 - Service: BullGuard Firewall (BsFirewall) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing) O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\yuktsvc.exe (file missing) shell26ok ......here are the obvious removals ......... O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O17 - HKLM\System\CCS\Services\Tcpip\..\{D41F8257-AECC-4FD9-BB56-A8400536D865} : NameServer = 195.92.195.94 195.92.195.95 O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing) O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing) O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\yuktsvc.exe (file missing) ok .......mark these for removal and click fix marked. I would suggest D/L and installing : Ad-aware SE http://www.download.com/3000-2144-10045910.html SpyBot Search and Destroy http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp Microsoft Antispyware Beta (excellant) http://www.microsoft.com/athome/security/spyware/software/default.mspx Next , I note there is a number of anti VIRUS programs installed on the pc .......... you should really only use one ..........sometimes they do not interact with each other very well ........so more isn't better . I see Norton , AVG and Bullguard . The same thing applies to Firewalls ..... I see Norton , Bullguard and Zone Alarm. If any of those are outdated .....remove them using the Add/Remove function in the control panel. Note.....there is also a firewall in XP sp2 ..... If you are using another firewall turn the Windows one off . let us know how you make out. dl65 Why are you posting your log file? You can remove any entry there by using the following programs: Virus scanners AVG Free -- Anti virus scanner Trend Micro Housecall -- Online anti virus scanner. Anti spy/malware Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. Spybot Search & Destroy -- Anti spyware scanner Adaware SE Personal -- Anti spyware scanner Firewalls Use both a hardware and software firewall. Be advised as dual software firewalls may cause problems ZoneAlarm Free -- Free firewall - more user friendly Sygate Personal -- Free firewall - more configuration options Removal tools The following files are not substitutes for the ones described above. They are either diagnostic tools or removal tools for malware of a certain kind HijackThis -- Manual malware remover. Post the HijackThis log generated only if requested! McAfee Stinger -- Virus removal tool. No substitute for a fully functional virus scanner! CWshredder -- CoolWebSearch removal tool. Widely known and persistant Hijacker. There is no NEED to do it manually. Unless a certain type of malware is persistent.

Answer»

I rum hijack this on my dad's pc and came across this:

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)

Would i be right in thinking he has spyware??shell26....... It looks like it should be marked for removal.......... there are probably more ....check the logfile carefully

dl65 BHO stansd for Browser Helper Object.

These may or may not be spyware.

Use Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.

To find out. It can show you an exact list of the BHO's installed.

My dad is the same as me- not a ligit windows xp. Can't get microsoft downloads.
How can i tell what is spyware from his log?
I recognised this one cos he had problems with contextplus before and i put 2=2 together but i wouldn't have a clue with the rest.he has run bullguard, avg and spy sweeper but all results came back ok.

shall i tell him to get spybot onto it? Quote

My dad is the same as me- not a ligit windows xp. Can't get microsoft downloads.

That is security breach number one and will never be removed unless you obtain a legal copy.

You might want to use http://merijn.org/files/bholist.zip]this program. I doubt it can tell you wheter it is a legal BHO or not, though.

Read this as well. shell26.......Run another hijackthis scan and post it here so we can tell you what to remove . the 02 entry you listed above is bad it has to be removed .

dl65 Quote

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)

Just delete to 02 entry, it's calling for a file that isn't there anyway.
If in doubt, have a look
C:\Program Files\CxtPls\cxtpls.dll
and see if it's there.here is my dad's log file as requested:
Logfile of HijackThis v1.99.1
Scan saved at 10:00:52, on 09/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\system32\vbrundll.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nspF.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe"
O8 - Extra context menu ITEM: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D41F8257-AECC-4FD9-BB56-A8400536D865}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard File Monitoring (BsFileSpy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Firewall (BsFirewall) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\yuktsvc.exe (file missing)

shell26ok ......here are the obvious removals .........

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk

O17 - HKLM\System\CCS\Services\Tcpip\..\{D41F8257-AECC-4FD9-BB56-A8400536D865} : NameServer = 195.92.195.94 195.92.195.95

O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)

O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)

O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\yuktsvc.exe (file missing)

ok .......mark these for removal and click fix marked.

I would suggest D/L and installing :

Ad-aware SE
http://www.download.com/3000-2144-10045910.html

SpyBot Search and Destroy
http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

Microsoft Antispyware Beta (excellant)
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Next , I note there is a number of anti VIRUS programs installed on the pc .......... you should really only use one ..........sometimes they do not interact with each other very well ........so more isn't better .

I see Norton , AVG and Bullguard .

The same thing applies to Firewalls .....
I see Norton , Bullguard and Zone Alarm.

If any of those are outdated .....remove them using the Add/Remove function in the control panel.

Note.....there is also a firewall in XP sp2 ..... If you are using another firewall turn the Windows one off .

let us know how you make out.

dl65
Why are you posting your log file? You can remove any entry there by using the following programs:

Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Use both a hardware and software firewall.
Be advised as dual software firewalls may cause problems

ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.

There is no NEED to do it manually. Unless a certain type of malware is persistent.

Solve : cxtpls.dll?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment