help needed that mspxs32.dll thing

Please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

If still having a problem after doing ALL the above steps, you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HJT version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment.

 

If you are saying you cannot click on any links to download anything, then get me a HJT log attachment. Hopefully you have the proper version 1.98.2.

 

You do not have just a problem with mspxs32.dll, you have just about every other type known problem and trojan there is. This is a mess a is going to require so time. And it must be done in a few stages. One of your problems is this:
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

But we are going to try to handle that later. If not handled properly, you will loose the ability to login to your PC.

I going to start working on the log now. And post a series of cleanup steps to run. Run them in the order I post them.

NOTE: When we finish fixing this you MUST get your Microsoft updates. You are severely out of date and that is a big part of why this happened. DO NOT attempt to do that now with all these problems in place.

 

First, let's look to see if we can cleanup some items using Add/Remove programs to uninstall them. Look for any of the following and uninstall. Let me know what you find and are able to uninstall.

Kazaa <--- this is probably the root of most of the problems you have. Do not uses Kazaa
Messenger Plus! 2
NaviSearch\bin
Bullseye Network
P2P Networking
SearchUpgrader
CMEII
KeenValue
Internet Optimizer
180solutions
Windows AdTools
DR_S
ezula
GMT (or Gain or Gain Bundle or Gator or Gator Bundle)

Question: Is Telestra your ISP?

 

Make sure you have system restore disabled and viewing of hidden files enabled (per the READ ME FIRST tutorial).

Click Start, Run, and enter cmd and click OK. This will open a command prompt window. Type or copy and paste into that window the below commands each folled by the enter key. Note: to paste into the command prompt window you must right click the very top Title bar of the window and select Edit and then Paste.

regsvr32 /u C:\WINDOWS\nem220.dll
regsvr32 /u C:\WINDOWS\System32\ipinsigt.dll
regsvr32 /u C:\WINDOWS\MSView.DLL
regsvr32 /u C:\WINDOWS\System32\trk.dll
regsvr32 /u C:\WINDOWS\twaintec.dll
regsvr32 /u C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
regsvr32 /u C:\WINDOWS\System32\mspxs32.dll
regsvr32 /u C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
regsvr32 /u C:\E2G\IeBHOs.dll
regsvr32 /u C:\WINDOWS\System32\ziyuoft.dll
regsvr32 /u C:\WINDOWS\System32\cab.dll
regsvr32 /u C:\WINDOWS\System\BHO001.DLL
regsvr32 /u C:\WINDOWS\System32\replaceSearch.dll
regsvr32 /u C:\WINDOWS\2_0_1browserhelper2.dll
regsvr32 /u C:\WINDOWS\Downloaded Program Files\bridge.dll
regsvr32 /u C:\Program Files\SideFind\sfbho.dll
regsvr32 /u C:\WINDOWS\System32\nvms.dll
regsvr32 /u C:\WINDOWS\System32\mscb.dll
regsvr32 /u C:\WINDOWS\System32\apuc.dll
regsvr32 /u C:\WINDOWS\System32\msbe.dll
regsvr32 /u C:\WINDOWS\System32\SYSsfitb.dll


Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
MsgPlus.exe
nls.exe
bargains.exe
nuibzhcd.exe
P2P Networking.exe
SearchUpgrader.exe
CMESys.exe
KeenValue.exe
dpi.exe
optimize.exe
sais.exe
WinAdTools.exe
DR_S.exe
mmod.exe
WinRatchet.exe
atri.exe
actalert.exe
SYSsfit.exe
GMT.exe
KWM.exe
explorer32.exe


Carefully run HijackThis and select only what I list in the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jeremy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Jeremy\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jeremy\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Jeremy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jeremy\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jeremy\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\System32\ipinsigt.dll
O2 - BHO: MSViewObj Class - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSView.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\trk.dll
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\System32\mspxs32.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - (no file)
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
O2 - BHO: (no name) - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0} - (no file)
O2 - BHO: (no name) - {39F9470F-CF61-52C4-8756-64550DF22D1E} - C:\WINDOWS\System32\ziyuoft.dll
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - (no file)
O2 - BHO: (no name) - {5A8B310B-49B2-4A7B-B308-AB0A54A5F7ED} - C:\WINDOWS\System32\cab.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - (no file)
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A} - (no file)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {738F8B3D-3D7B-4D3E-8D84-AFAB824122C2} - (no file)
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [MessengerPlus2] "G:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Sentry] C:\WINDOWS\Sentry.exe
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [hbvnxv] C:\WINDOWS\System32\nuibzhcd.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] G:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [KeenValue] C:\Program Files\Common files\KeenValue\KeenValue.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [fupobgl] C:\WINDOWS\fupobgl.exe
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
O4 - HKCU\..\Run: [MessengerPlus2] "G:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Auto] C:\Documents and Settings\Jeremy\Application Data\atri.exe
O4 - HKCU\..\Run: [Pmb] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
O9 - Extra button: (no name) - {C21AE3DD-2E97-406B-8C87-A9AD5BBD49D1} - http://www.downloadalot.com (file missing)
O9 - Extra 'Tools' menuitem: Free Software Downloads - {C21AE3DD-2E97-406B-8C87-A9AD5BBD49D1} - http://www.downloadalot.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.tl81.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://usa-download.nocreditcard.net/download/newdial-erp/1661/dialer.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=b262b0ad414acb9189b79ca9611238b08547955a9e1be092ffa689db1636bf5c92ee1f16d8872858710aba174607a0e7f2b4b2a1
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.00.0036/OCI/setup.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://216.133.83.162/downloads/UGO20.exe
O18 - Filter: text/html - {32013740-2928-4FFA-ADC7-C368467A785E} - C:\WINDOWS\System32\cab.dll
O18 - Filter: text/plain - {32013740-2928-4FFA-ADC7-C368467A785E} - C:\WINDOWS\System32\cab.dll



Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\nem220.dll
C:\WINDOWS\System32\ipinsigt.dll
C:\WINDOWS\MSView.DLL
C:\WINDOWS\System32\trk.dll
C:\WINDOWS\twaintec.dll
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
C:\WINDOWS\System32\mspxs32.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
C:\E2G\IeBHOs.dll
C:\WINDOWS\System32\ziyuoft.dll
C:\WINDOWS\System32\cab.dll
C:\WINDOWS\System\BHO001.DLL
C:\WINDOWS\System32\replaceSearch.dll
C:\WINDOWS\2_0_1browserhelper2.dll
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Program Files\SideFind\sfbho.dll
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\SYSsfitb.dll
C:\Program Files\ISTbar <--- the whole directory
C:\WINDOWS\System\WinStart001.EXE
C:\WINDOWS\Sentry.exe
C:\WINDOWS\susp.exe
C:\WINDOWS\alchem.exe
C:\WINDOWS\Downloaded Program Files\bridge.dll <<--- cannot be found using Windows Explorer or search. Must delete from the command prompt. So open a command prompt window as you did earlier and enter the following command follow by the enter key. Then close the command prompt window and continue (make sure you add the quotes):

del "C:\WINDOWS\Downloaded Program Files\bridge.dll"






​

C:\Program Files\NaviSearch <--- the whole directory



C:\Program Files\BullsEye Network <--- the whole directory
C:\WINDOWS\System32\nuibzhcd.exe
C:\WINDOWS\System32\P2P Networking <--- the whole directory
G:\Program Files\Kazaa <--- the whole directory
C:\Program Files\Common files\SearchUpgrader <--- the whole directory
C:\Program Files\Common Files\CMEII <--- the whole directory
C:\WINDOWS\system32\pcs <--- the whole directory
C:\Program Files\Common Files\Dpi <--- the whole directory
C:\Program Files\ISTsvc <--- the whole directory
C:\Program Files\Internet Optimizer <--- the whole directory
c:\program files\180solutions\sais.exe
C:\Program Files\Windows AdTools <--- the whole directory
C:\WINDOWS\fupobgl.exe
G:\Program Files\Messenger Plus! 2 <--- the whole directory
C:\Program Files\DR_S <--- the whole directory
C:\PROGRA~1\ezula <--- the whole directory
C:\Documents and Settings\Jeremy\Application Data\atri.exe
C:\WINDOWS\SYSsfit.exe
C:\WINDOWS\System32\explorer32.exe
C:\Program Files\Common Files\GMT <--- the whole directory
C:\Program Files\Common Files\KeenValue <--- the whole directory
C:\Program Files\EbatesMoeMoneyMaker <--- the whole directory
C:\Program Files\SideFind <--- the whole directory

Now reboot in normal mode and post a new HJT log. And tell us how things are working. Note, I do still expect some issues. We still need to fix the wsaupdater.exe problem too.
Please see if you can download programs now. If so, start running the step of the READ ME FIRST thread you could not run before.

 

What do you mean Kazaa is your only way to get on the net? They are not an ISP. How do you download files?

Are you working on the steps I gave (even if you are skipping Kazaa)?

 

Maybe your problem getting to the net is all the crap in your system that I gave you steps to repair. As you start fixing these items you will see an incredible improvement in your PC.

 

Do the stuff I gave you! If the line is not there anymore, obviously you just ignore that line and continue. If you see any additional lines change at the end of the line to (no file) or (file missing) fix them too.

 

Note there was a line in the beginning I just fix that said:
regsvr32 /u

with no filename. It was a typo and I deleted it.

 

Okay! We have made a lot of progress. Look how much better your log is already. Even though we still have problems too fix, you must be noticing an improvement.

You must remember to save you HJT log to a .txt file and attach it to your messages via Manage Attachments. Notice how I changed it for you again.

Can you access Add/Remove programs now? If so uninstall, Windows AdTools (they may call it WinAd or AdTools etc).

Also reconsider whether you still need Kazaa! You will run into more problems like you had if you keep using it.

Can you now go and run the steps of the Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > that you said you could not run before?


You really should not have put HJT on you Desktop but leave it there now that you started. You should notice a folder names Backups on your Desktop now. It stores backups in case you screw up and delete something you should not have.

You need to unregister mxTarget.dll (like we did before)

regsvr32 /u C:\WINDOWS\mxTarget.dll

and then have HJT fix the below lines (make sure no browsers are open when fixing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

Then reboot in safe mode and delete: C:\WINDOWS\mxTarget.dll

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to http://www.bigpond.com/ Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Okay now reboot in normal mode.

After the above we still have another issue to work which requires some care. So after completing the above and answering my questions post a new HJT log as an attachment.

 

First, it would be alot more helpful to me if you would provide some feedback each time I give you instructions to perform. I have no idea what happens unless you tell me.

Personally I don't use any file sharing programs! MG's does have a at least one called emule. There are two versions of it. See the file directory: http://www.majorgeeks.com/downloads17.html

 

Why does Windows Media Player load at startup?
C:\Program Files\Windows Media Player\wmplayer.exe

Did you add this start page: http://www.nrl.com.au/


Can you access Add/Remove programs now? If so uninstall, Windows AdTools (they may call it WinAd or AdTools etc).

Also look for ISTsvc.

Can you now go and run the steps of the Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > that you said you could not run before?


I need answers and feedback or I cannot help you any further.

 

There were about questions in my last message. You answered two of them.

 

Did you run the steps of the Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > that you said you could not run before?

I don't watch much hockey.

Formatting your computer is always an option but there is always alot of work related to doing that to. Like backups, reinstalling all applications, getting all the required updates again, tweaking so things are configured how you like, setting up all of your Favorites again....etc. And you will only wind up having similar problems again unless you learn how to avoid problems like this and take the correct steps.

Run the READ ME THREAD I gave you above completely. Then come back and tell me the results of running it.

 

See this: http://forums.majorgeeks.com/showthread.php?t=31333