Potential Virus?

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Quinndrew,

Please do not post steps to help users if you cannot follow up on them. I understand you are trying to help and get the user started but you need to stick with it. And if you run into a problem you need to ask for help. (You should turn on PMs). PhilliePhan and myself cannot read every single thread, and threads with no responses typically get more attention then ones with responses.

 

Is that log from normal boot mode or safe boot mode? We need logs from normal boot mode as specified in the HJT tutorial thread.

 

Do you know what this is:

C:\Program Files\Matinsoft\GoldTach\GoldTach.exe

 

Well I really needed the normal boot mode log to finalize this but try the below anyway.

Make sure you have system restore disabled and viewing of hidden files enabled.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM\..\Run: [ss8X35O] maglgs.exe
O4 - HKCU\..\Run: [dBr7RRi5V] ir4ilib.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c135.cab
After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\CxtPls <--- the whole folder
C:\Program Files\SEARCH~1 <--- the whole folder
C:\Program Files\AdStatus Service <--- the whole folder
C:\winnt\system32\maglgs.exe
C:\winnt\system32\ir4ilib.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Question:

Why is this Lime Wire entry in the Matinsoft GoldTach folder? Do you use Lime Wire?
O4 - HKCU\..\Run: [] C:\Program Files\Matinsoft\GoldTach\Lime Wire

 

All P2P stuff is bad! Why would you install it to your firewall directory anyway?

 

Yes it does make your more vulnerable and it also contains its own malware! See this link:

http://www.spywareinfo.com/articles/p2p/

 

Your log is clean other than Limewire which I would uninstall!

You should do all the steps here to help avoid future problems:
How to Protect yourself from malware!