Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Animel0ver

2 Posts

5320

November 9th, 2004 20:00

HELP!!!

Hey, I'm in serious need of assistance. My computer has tons of spyware and Adware on it and none of the programs to get rid of it are working. I think it has also been highjacked. I need to know how to erase all traces of everything off of my computer. That includes all programs, files, everything. Is there a simple way to do it?
 
Please respond,
 
Rachel

Midnight Star

4.8K Posts

November 9th, 2004 21:00

Rachel,

Download HijackThis version 1.98.2. Run it, click "Scan", then "Save log". When Notepad comes up, "Edit/Select all", right-click on the highlighted(selected) entries, then select "Copy". Next, "Reply" back to this thread, right-click in the message body and select "Paste", then post the log. Don't 'fix' anything just yet, as most of what it reports is 'good'.

Download HiJackThis from here: http://www.majorgeeks.com/download.php?det=3155

Mike.

Animel0ver

2 Posts

November 10th, 2004 19:00

Logfile of HijackThis v1.98.2
Scan saved at 4:42:25 PM, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\documents and settings\mistyrain03\local settings\temp\t1R9Cghw.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mistyrain03\Application Data\ttuh.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\WINDOWS\System32\Rqmx.exe
C:\WINDOWS\System32\KybX9.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\mistyrain03\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\DOCUME~1\MISTYR~1\LOCALS~1\Temp\jpdo.dat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-online.net/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O2 - BHO: (no name) - {3BAA382A-E713-5CC5-D406-11550D877833} - C:\WINDOWS\system32\ktugey.dll
O2 - BHO: (no name) - {48A7650A-E216-09E3-8052-155579F62818} - C:\WINDOWS\system32\kpoudjr.dll
O2 - BHO: (no name) - {4CFB330B-B617-0AE4-D752-155579AC294D} - C:\WINDOWS\System32\lekykob.dll (file missing)
O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - C:\Program Files\Popup Destroy\TrackPopup.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [t1R9Cghw] C:\documents and settings\mistyrain03\local settings\temp\t1R9Cghw.exe
O4 - HKLM\..\Run: [gd5Pr] C:\documents and settings\mistyrain03\local settings\temp\gd5Pr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Jvgta7y.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\mistyrain03\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Xok] C:\WINDOWS\system32\w?wexec.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm051
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Microsoft® VBScript® Console - {A7B1CC6B-F7F4-4F94-906E-1A5F5CD244B6} - (no file)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {A7B1CC6B-F7F4-4F94-906E-1A5F5CD244B6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Help - {57D324FC-AA2D-4F51-99AE-85DBB53E5834} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {62F0462E-026B-4D13-8694-23ABEBD6D4EB} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: ComcastHSI - {8F0BB931-199E-45BD-8DBD-29205EADADB4} - http://www.comcast.net (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O13 - DefaultPrefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.com/bannerfarm/47041/VBouncerOuter1137040505.EXE
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdepot.com/CFIDE/classes/CFJava.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqpc.com/plugin/axversion/1000/printQuick.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16ea0093f0faf65fd002/netzip/RdxIE2.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=200332819
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {AAD68411-5B98-11D3-9B52-00001C0007B3} (EonX 3.0.0) - http://download.eonreality.com/eonx/3_0_2/eonx.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {BE19A2A5-ABDD-4E3E-9230-0A414EB1E9FD} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
 

Midnight Star

4.8K Posts

November 11th, 2004 01:00

Rachel,
 
Whoa! Hijacked is just a bit of an understatement ... :)
 
Let's get started cleaning some of this garbage off your computer system. Remember, each step is important, so don't skip any.
 
 
First, we need to move HiJackThis to it's own folder; like "C:\HJT". HiJackThis will create backups for each entry we 'fix'. We're going to 'flush' the temporary folders when we're done. If you don't move it first, you'll have to download it again, and won't be able to restore any 'fixed' entries, if we need to later, or if something goes wrong.
 
 
 
 
Next, we need to download LSPfix. When it's down, run it, and:
 
  • Check(tick) "I know what i'm doing"
  • Click on(highlight) each occurance of inetadpt.dll, then click ">>", moving it over to the "Remove" pane.
  • (double check, there should be 4 instances of inetadpt.dll in the "Remove" pane, and nothing else.)
  • Click "Finish >>"
 
Reboot your computer
 
 
Download ' peper' fix, make sure your connected to the internet (it won't work otherwise!), then:
 
  • Run it once.
  • Reboot your computer.
  • Run it again.
 
Go to " Add/Remove programs" and remove(un-install) the following, if present:
 
anything with...
 
  • 'WinTools'
  • 'toolbar' (like MyToolBar, NewToolBar, etc.,.)
  • 'search' (like MyWebSearch, NewSearch, BetterSearch, SearchBar etc.,.)
  • 'myexexex'
  • 'find' (like FindOnline, FindIt, NewFind, etc.,.)
 
... in the name.

Be sure not to remove(uninstall) any system software or hot-fixes. If your not sure about an entry, post it back before attempting to uninstall it.
 
 
Go to www.trendmicro.com, then click " Free Online Scan". It'll take a few minutes to download and install. When it's down, select all available drives, then click " Scan".
 
---
 
Download, install and run AdAware SE Personal. Check for any new malware-signatures then " perform a full system scan".
 
---
 
Next, download and install the VX2 removal tool for AdAware and follow the instructions. Please don't skip this step.
 
---
 
Download, install and run Spybot S&D. Check for any new malware-signatures, then " Check for Problems".
 
 
Run HiJackThis, click " Scan", then check(tick) the following entry(s), if present:
 
 
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\documents and settings\mistyrain03\local settings\temp\t1R9Cghw.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Documents and Settings\mistyrain03\Application Data\ttuh.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\WINDOWS\System32\Rqmx.exe
C:\WINDOWS\System32\KybX9.exe
C:\DOCUME~1\MISTYR~1\LOCALS~1\Temp\jpdo.dat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-online.net/index.htm
(These indicate a CoolWebSearch infection.)
 
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
 
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
 
O2 - BHO: (no name) - {3BAA382A-E713-5CC5-D406-11550D877833} - C:\WINDOWS\system32\ktugey.dll
O2 - BHO: (no name) - {48A7650A-E216-09E3-8052-155579F62818} - C:\WINDOWS\system32\kpoudjr.dll
O2 - BHO: (no name) - {4CFB330B-B617-0AE4-D752-155579AC294D} - C:\WINDOWS\System32\lekykob.dll (file missing)
O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - C:\Program Files\Popup Destroy\TrackPopup.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
 
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
 
O4 - HKLM\..\Run: [t1R9Cghw] C:\documents and settings\mistyrain03\local settings\temp\t1R9Cghw.exe
O4 - HKLM\..\Run: [gd5Pr] C:\documents and settings\mistyrain03\local settings\temp\gd5Pr.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Jvgta7y.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\mistyrain03\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Xok] C:\WINDOWS\system32\w?wexec.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
 
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm051
 
 
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
(I know there's probably more ActiveX controls to remove, but let's just start with these.)

 
Now, with all windows closed except HiJackThis, click " Fix checked".
 
Reboot your computer.
 
 
Locate and delete the following file. Make sure your able to view hidden and system files/ folders:

[file] c:\windows\system32\inetadpt.dll
[file] C:\WINDOWS\system32\ktugey.dll
[file] C:\WINDOWS\system32\kpoudjr.dll
[file] C:\WINDOWS\System32\ Jvgta7y.exe
[file] C:\Documents and Settings\mistyrain03\Application Data\ttuh.exe
 
 
[folder] C:\PROGRA~1\Toolbar
(there should only be a few files in there, like TBPSSvc.exe, PIB.exe, TBPS.exe, toolbar.dll)
 
[folder] C:\Program Files\Common Files\WinTools
[folder] C:\PROGRA~1\COMMON~1\WinTools
[folder] C:\Program Files\MyWebSearch
 
 
Run " Disk Cleanup" and allow it to remove all that it finds.
 
 
Flush your system restore points, by first disabling system restore, then re-enabling it. Then set a restore point manually - name it whatever you like.
 
 
Check for and install any critical system updates using Windows Update.
 
 
Post back a new log.
 
Mike.
 

Message Edited by Midnight Star on 11-10-2004 09:17 PM

Midnight Star

4.8K Posts

November 13th, 2004 14:00

    CLL57,

    By the looks of it, that's not a good file. I need you to post a HiJackThis log up for us to review, since there's probably more problems lurking about.

    Also, consider starting a new message thread, so things won't get so confusing in the long run.

    Mike.

 

CLL57

3 Posts

November 13th, 2004 14:00

Hi!

If you have the time I really need some help also! I'm new at the computer(about 1 1/2 yrs),but the last week I've been experiencing alot of problems with my internet explorer. I've always had: McAfee Firewall Plus, anti virus,and  recently have downloaded "Spybot and Ad-ware". But I don't know if I may have taken too much off or what. When I reboot,it says that it could not find " C:/Windows/bs3.dll". I'm afraid that maybe I've been taking too much off or something to try and straighten out my computer... The original problem was (when I went on the internet explorer, I can go almost anywhere,but after about a minute,I get 'Internet Explorer has to shut down'. Sometimes when I go to Dell or microsoft or McAffee to ask what the problem is it'll shut down immediately..I'm even having problems trying to get around this site. If you're able to help me and I can't get back to this site-my e-mail is :  CLL_57@hotmail.com . I would really appreciate any help you could give me-if you can tolerate a "newbie".... Thanks

Was this post helpful?

View All

No Events found!

Top