repeated cxtpls.exe - initial forum followed

Hey Guys,

Thanks in advance for any help given. I have read and followed the initial forum. After following the instuctions I received a "all clear" fromboth ad-aware and spybot. I used it a day later and now am getting the same pop ups and ad-aware is listing even more critical objects on my computer. I thought everything was clean but it seems to have reinstalled itself. My internet speed is greatly slowed as well. I have not run high jack this yet. Cxtpls.exe keeps showing up on the critical list a well as the process section of task manager. There are quiet a few object refering to people on page also. Any help would be greatly appreciated.

 

Hi Enewc2,

Did you do the Online Scans?
System Restore OFF?
Safe Mode?

Please look in Add or Remove Programs for any suspicious entries. Note any you find.

THEN:
Please read the beginning of this thread for instructions on how to scan with Hijack This:
http://forums.majorgeeks.com/showthread.php?t=38752

NOTE: Please close ALL running programs including your web browser, email, items in the tray before running Hijack This!

Save log a .txt file and Attach it via the "Manage Attachments" tool when you post.

Best,
PP

 

PhilliePhan,

Thanks for the reply. I have run the online scans and they say they are clean. System restore is OFF. The problem with safe mode is that my LCD is cracked and I have my display run through a moniter which does not display picture until the windows logon screen.

Nothing suspicious in the Add/Remove programs list.

Here is the High Jack This log. Please advise at your convenience if you have any adivce.

 

Hi enewc2,

I see a few problems in your log. However, your HijackThis is OLD and you are running it improperly.
Please download an up-to-date version (v1.98.2) and extract it to its own folder - C:\Program Files\HijackThis.

In Add/Remove, see if you find POP (People on Page) or Apropos Media entries and remove them.

Please DELETE the following folders. Note that you will first have to End the Running Processes via Task Manager:

C:\Program Files\AutoUpdate
C:\Program Files\CxtPls

There are a few more issues that we need to address - Attach a fresh HJT log and we'll go from there. Follow the instructions in the link in my last post this time, OK?

I'll check back when I can - I'm usually here in the wee hours.

Best,
PP

 

Hi PP,

Sorry about that. I went ahead and got the new version of High Jack This, and I think i've run it correctly this time.

Neither of the programs you mentioned were in the Add/Remove section.

I ended cxtpls.exe and autoupdate.exe in task manager, and deleted autoupdate's folder but could not delete cxtpls, it said ace.dll still in use.

Here is the new HJT log. Please advise at your convenience. Thanks again for all the help.

 

Hi Enewc2,

Let’s see if we can get you fixed up Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.

Make sure System Restore is OFF and that you have Enabled the Viewing of Hidden Files as per the Tutorial.

FIRST:
Click Start> Run
Copy and paste the following in the dialog box:
regsvr32 /u ace.dll
and click OK. (If another box pops up, click OK as well.)

Click Start> Run
Copy and paste the following in the dialog box:
regsvr32 /u C:\Program Files\CxtPls\ace.dll
and click OK. (If another box pops up, click OK as well.)

THEN:
Please END these processes (if found) via Task Manager:
oddres.exe
odtdntld.exe

NEXT:
Run HijackThis and Check the Boxes for the following:
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll

O2 - BHO: SDWin32 Class - {D593BF94-EB21-4CD9-BE40-ED415633C3A3} - C:\WINDOWS\system32\oueiv.dll

O4 - HKLM\..\Run: [oueivc] C:\WINDOWS\System32\oueivc.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [usmT35O] oddres.exe

O4 - HKCU\..\Run: [fB53RRi4h] odtdntld.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Boot into Safe Mode and Navigate to and DELETE the following:
C:\WINDOWS\system32\oddres.exe
C:\WINDOWS\system32\odtdntld.exe
C:\Program Files\CxtPls <- - - - The folder

Reboot to Normal Windows and attach a fresh HJT log and we’ll see if we got the job done I'll try to check back when I get a chance. (Most likely Saturday evening.)

Best luck,
PP

 

Hi PP,

Thanks again for all the help so far. I went ahead and followed everything in your last post and here is the new HJT log. Please let me know what you find at your convenience. Thanks.

 

Hi PP,

I went ahead and ran ad-aware after I posted the latest reply. It came up with 18 critical warnings for People on Page and 1 for adintelligence.arpropos toolbar. These seem to keep coming back too even though I have been following all insturction. Please advise. Thanks again.

 

Hi Enewc2,

Your HijackThis log is clean.

I have noticed that remnants tend to remain after Apropos crapware has been cleaned and anti-spyware programs often find them.

Does People on Page or Apropos cause you problems? Do you have the toolbar? Or is it just a case of Ad-Aware detecting it? I assume you are using this definition update SE1R13 16.10.2004?

You could try: a-squared (a²) Free edition and let me know the results.

Please Internet Update your SpyBot SD and then run it in SAFE MODE. Let me know what it finds. REBOOT into SAFE MODE and then run Ad-aware again and and save and attach a copy of its log. That will tell us where it is finding these objects.

You might also use Windows Explorer to run a search of your machine for:
POP
People on Page
CxtPls
SBSoft
Apropos
SysAI
Adintelligence

Let me know what you find.

Here is some additional info:
http://www.pestpatrol.com/PestInfo/p/peopleonpage.asp

I really think, judging by you HJT log, that we are dealing with remnants. Go ahead and attach your Ad-Aware log after completing the above & we'll go from there

For further reference, you might also apply some of Chaslang's wisdom HERE: How to protect yourself from malware!

I'll check back when I can.

Best,
PP

 

Hi PP,

I went ahead and re-ran all the scans and nothing came up... Thanks so much for all the help and advice. I really do appreciate it.

 

You're Welcome! Happy to help

Definitely take a look at Chaslang's recommendations for safeguarding your computer against Malware.

Personally, I like these two tools:

SpywareBlaster 3.2
&
BHODemon 2.0.0.19

Happy Computing
PP