need help!!

Hmmm! Seems we are not reading! Right at the end of step 1 in Scanning And Cleaning Steps it clearly states:

 

Make sure you have HJT Version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Please also tell me what your expected Home Page should be.

 

I need more info. I need the processes that are running, your OS and rev level, and you IE version and rev level.

Go here: http://www.spywareinfo.com/~merijn/winfiles.html

And download and reinstall the notepad.exe file for your windows version. It also tells you which dirctory to put it into. I am guessing that the hijacker removed your notepad.exe or corrupted it.

Then see if you can get a real HJT log to post.

You should uninstall LimeShop!

 

I would like you to goto SysInternals and download ProcessExplorer: http://www.sysinternals.com/files/procexpnt.zip

Extract it from the ZIP file and run it. Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
Now click on File and then Save As. And save the process list. Post it back here as an attachment. Also, from now on if I say to kill a process, use ProcessExplorer instead of Task Manager (even if I say by mistake to use Task Manager). Sometimes ProcessExplorer can kill things that Task Manager cannot.

 

You need to uninstall this: Messenger Plus! 3 It is bad! Contains LOP and other problems.

 

Try two things:
1) in normal boot mode shut down the below processes using Process Explorer

StyleXPService.exe
NVSVC32.EXE
MsgPlus.exe
RuLaunch.exe
firefox.exe
msnmsgr.exe
iexplore.exe Do not have any browsers runnning!!!!!
flashget.exe
winzip32.exe

Exit Process Explorer.
And close down everything you can that you see in the system tray.
Now run HJT and try to save a log. Does it work!
​

2) If you boot in safe mode, are you able to use HJT and save a log.

 

If you already uninstalled Messenger Plus 3, why does it show as running in your process list?

MsgPlus.exe 2028 Messenger Plus! Patchou C:\Program Files\Messenger Plus! 3\MsgPlus.exe

and it was in your HJT log.

Did you uninstall Lime Shop?

You need to have HJT fix the O4 - line related to Cryptograhic Service

Then boot into safe mode and delete:
c:\windows\system32\tdsts.exe

Then reboot in normal mode and let me know what's up!

Make sure you get the latest HijackThis 1.99

 

It was in your log. What about the rest of the things I suggested?


Please download the following tool: Pocket KillBox

Run Pocket Killbox and choose the Delete on Reboot option. Enter the following into the box for Full Path of File to Delete c:\windows\system32\tdsts.exe
Select the Delete on Reboot button.
and press the Delete button (red X) and then Yes or OK until your machine reboots.


Now post a new HJT log and let us know if you had any problems doing these steps.

 

Since you still posted your HJT log as images, I assume you still have all the same problems. Like you cannot even save a log and programs randomly shutdown?

 

Are all you file associations messed up?

For one example, if you double click on a .txt or a .log file, does notepad open with the file contents?

What about other associations? Check you file associations list in Win Eplorer, Tools, Folder Options, File Tpyes.

You said "and programs still dont work properly" . Excactly what does that mean?

Have you checked around in the Software Forum to see if anyone knows anything about "flyakite"?

 

You're welcome. I'm glad to see you got it worked out and we fixed a few other problems along the way too.