Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then create a new restore point.
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.
Go to Start->Run and type
Services.msc then hit Ok
Scroll down and find the service called:
ISEXEng - Unknown owner
When you find it, double-click on it. In the next window that opens, click the
Stop button, then click on properties and under the General Tab, change the Startup Type to
Disabled. Now hit Apply and then Ok and close any open windows.
Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\rlsutils.dll
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
C:\WINDOWS\system32\
rlsutils.dll <--delete that file
C:\WINDOWS\System32\
angelex.exe <--delete that file
Reboot back to normal windows.
Do an online scan at
http://www.pandasoftware.com/actives..._principal.htm
Save the activescan log and post it here along with another hijackthis log.