please help me Cxtpls.exe wont go away!!

i followed the directions on someone else thread and here is what my hijack this said:

 

Hi Jacquelyn,

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, RightClick your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder (C:\Program Files\HijackThis)and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

Do the above and I'll post some removal instructions for you shortly!

PP

 

Thank you so much for your quick reply hope i did it right this time... : )

 

Hi Jacquelyn,

I tend to wonder what rides along with Empire Poker - Maybe nothing and perhaps not as bad as the stuff you can get with the P2P crap. You need to be careful with what you invite onto your computer these days!


Anyhoo, let’s get you fixed up!

Please look in Add or Remove Programs for the following and Uninstall them if found:

Windows ControlAd
Apropos Media
People on page
POP
AutoUpdate
P2P Networking
Internet Optimizer
Admanager Controller
WildTangent

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

AutoUpdate.exe
dx7shlex.exe
CxtPls.exe
dxmwzrd.exe

Now scan with HijackThis and Check the Boxes for the following:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll

O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [s7Eg3FT] dxmwzrd.exe
O4 - HKCU\..\Run: [dwxmRPf4V] dx7shlex.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\CxtPls ---> The Folder
dx7shlex.exe ---> You’ll need to run a search of your machine for this one.
C:\Program Files\AutoUpdate ---> The Folder
dxmwzrd.exe ---> You’ll need to run a search of your machine for this one.
C:\Program Files\WildTangent ---> The Folder
C:\Program Files\Windows ControlAd ---> The Folder
C:\WINDOWS\System32\P2P Networking ---> The Folder
C:\Program Files\Admanager Controller ---> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

I did everything you said and Cxtpls.exe is deff gone!! Thank you so much! but there is one more problem...when you told me to remove POP i couldn't find it and still can't and now that one is haunting me......im sorry to bother you. get back to me whenever you can.... : )

 

Okay here it is... Thank you

 

Your HJT Log looks OK to me! I trust things are back to normal?

The bit with POP is another reference to People on Page - No worries if you didn't see it!

While you are here, have a peek at Chaslang's Suggestions!!!

PP

 

I have Ad-Aware and it keeps detacting People On page....Im sorry if im bothering you...Im just so frustrated

 

Please post the Ad-Aware log so we can see what exactly its finding.