problem with my pc

As Adryn requested earlier, please run ALL steps and in the order listed in the following sticky:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Report what is found and fixed or not fixed.

If you still have a problem after doing all of those steps, follow the steps below.


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Did you see my message below? Please follow those steps!

 

What do you mean by

what are you opening. And I asked did you run ALL the steps from the READ ME FIRST.

 

Do you want our help? Then please follow our directions and stop doing stuff on your own. You are not helping us to help you this way.

PCBugdoctor is not useful! It points out loads of trivial stuff that does not need fixing and it will not fix unless you buy it.

 

PCBug Doctor is not on our list and you have given no feedback on doing any of the steps.

Have you disabled system restore?
Have you download the applications requested?
Have you installed and updated them (or do you have a problem doing this)?
Have you tried the online scanners?

Have you booted in safe mode and run all the requested application?

Do you have HJT version 1.99.1 and is it installed where requested?
Try running HJT in safe mode and getting a log. If that runs, post it here.

 

What does "I ran it all through my internet" mean?

You have HJT installed in the wrong location and you did not exit your browsers before running it. So why did you say it would not run before?

 

Had you run thru ALL the steps in the READ ME FIRST, you would not be having this problem. Step 2 of Getting Prepared asks you to stop and disable the below service that you have running due to an HSA hijacker.

O23 - Service: Remote Procedure Call (RPC) Helper (? 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\iptl32.exe

Why didn't you perform that step?

 

The below two items are not useful and should be uninstalled:
Spyware Begone - rogue/supspect spyware removal tool
Spyware Doctor - this is the free version and will not fix anything. Thus not useful!

You should also uninstall anything from Eacceleration as it is spyware. The below came from them:
O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup


If you have stopped and disabled the Remote Procedure Call (RPC) Helper service per the READ ME, continue with below. Make sure you only stop and disable this exact named service and nothing else.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\iptl32.exe
C:\WINDOWS\d3dh.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {50964B31-818E-39AB-1536-69D7A172E713} - C:\WINDOWS\system32\atlcj.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [ws5T35Q] uxtrslvr.exe
O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
O4 - HKLM\..\Run: [d3dh.exe] C:\WINDOWS\d3dh.exe
O4 - HKLM\..\Run: [10D.tmp] C:\DOCUME~1\STIFFL~1\LOCALS~1\Temp\10D.tmp.exe 0 10001
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://members.freewebs.com
O15 - Trusted Zone: http://members10.freewebs.com
O15 - Trusted Zone: http://members11.freewebs.com
O15 - Trusted Zone: http://members12.freewebs.com
O15 - Trusted Zone: http://members13.freewebs.com
O15 - Trusted Zone: http://members14.freewebs.com
O15 - Trusted Zone: http://members15.freewebs.com
O15 - Trusted Zone: http://members16.freewebs.com
O15 - Trusted Zone: http://members18.freewebs.com
O15 - Trusted Zone: http://members3.freewebs.com
O15 - Trusted Zone: http://members5.freewebs.com
O15 - Trusted Zone: http://members9.freewebs.com
O15 - Trusted Zone: http://www.freewebs.com
O15 - Trusted Zone: http://gamingchat.iscool.net
O15 - Trusted Zone: http://*.liquidgeneration.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://www.stiflersmohaa.tk
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O23 - Service: Remote Procedure Call (RPC) Helper (? 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\iptl32.exe


After clicking Fix, exit HJT.
Some of the O15 lines above will more than likely come back. We will address them in the next round.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\atlcj.dll
C:\WINDOWS\system32\iptl32.exe
C:\WINDOWS\d3dh.exe
C:\WINDOWS\system32\uxtrslvr.exe
C:\freescan <--- the whole folder
C:\Program Files\ACCELE~1 <--- delete this whole folder. You will have to figure out the full name as this is the shortened name.
C:\Documents and Settings\STIFFL~1\Local Settings\Temp\10D.tmp.exe <--- delete all files and sub-folders in this Temp folder (some will be denied - just skip them and continue)
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

Now run Ccleaner from the READ ME FIRST

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.