Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Messages


  • Please log in to reply
4 replies to this topic

#1 Jen42

Jen42

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:05:20 AM

Posted 22 September 2006 - 09:02 PM

I've been getting error messages each time I turn the computer on. They are always : procedure entry point cannot be located, but the entry point and where it's located keeps changing each time I restart. It's always a .dll. It affects the sygate personal firewall and style xp.

I've run spybot and adaware, adaware only found some cookies. I also ran avast, that found a trojan downloader (I can't remember the name). But the problem is still there.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 10:34:52 AM, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbar

Notifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and

Settings\User\Desktop\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.bigpond.com/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://au.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page =
R3 - URLSearchHook: (no name) - <default> - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SmcService]

C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft

Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond

Assist\assist.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program

Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbar

Notifier.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program

Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download

Manager - file://C:\Program Files\Free Download

Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free

Download Manager - file://C:\Program Files\Free Download

Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download

Manager - file://C:\Program Files\Free Download

Manager\dllink.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run IMVU -

{d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide -

{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF:

START_PAGE_URL=http://home.australis.com.au
O15 - Trusted Zone: http://bigbrother.ten.com.au
O15 - Trusted Zone: www.burkesbackyard.com.au
O15 - Trusted Zone: http://*.office.microsoft
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/200212...stall.info.appl

e.com/borris/us/win/QuickTimeInstaller.exe
O17 -

HKLM\System\CCS\Services\Tcpip\..\{403744D7-F39F-4FFC-B2

3D-8D26C53BB45D}: Domain = vic.bigpond.net.au
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

Unknown owner - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

(file missing)
O23 - Service: avast! Web Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

(file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate

Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe

BC AdBot (Login to Remove)

 


#2 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:05:20 AM

Posted 23 September 2006 - 06:37 PM

Here's another message I get. Maybe this might make sense.

application failed to initialise proprely oxc0000005. Both on SMC and Style XP.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 28 September 2006 - 04:40 PM

Hello Jen42 and welcome to the BC HijackThis forum. Let's try and get a HijackThis log that we can read.

We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, click on the Format menu item. Click on the WordWrap item to remove the checkmark there. Now press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:05:20 AM

Posted 28 September 2006 - 05:08 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:00:20 AM, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - <default> - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.australis.com.au
O15 - Trusted Zone: http://bigbrother.ten.com.au
O15 - Trusted Zone: www.burkesbackyard.com.au
O15 - Trusted Zone: http://*.office.microsoft
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{403744D7-F39F-4FFC-B23D-8D26C53BB45D}: Domain = vic.bigpond.net.au
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

I thought it was alright again, but then it started up again, and at the same time I'm doing an adaware scan and some adware has apparently come back.

Please help.

Thanks

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 29 September 2006 - 04:14 PM

Hi Jen42. I do not see any signs of viruses or malware in the log. It is clean.

Since you are also getting help at another forum I would continue with those directions. They are the same as what I would tell you to do.

Also, if the problem is limited to StyleXP and SMC then you might try uninstalling/reinstalling them.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users