Ads234 killing me! please read my hijack this log

By aturboford1
Dec 14, 2004
Topic Status:
Not open for further replies.
  1. Ive been having problems with my ie being hijacked by ads234. plus when ever i go to a new site my favorites menu and status bar dissappear. Please help me!


    hijack this log this is insanely long never seen anyone with such a large log file
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Before you go any further, go to http://www.techspot.com/vb/topic17297.html first and do exactly what it says.

    Then reboot in Safe Mode.

    Uninstall (if possible) anything to do with:
    C:\Program Files\Windows ControlAd\
    and
    C:\WINDOWS\System32\P2P Networking\

    Now run HJT Standalone and let it "fix":

    C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
    C:\WINDOWS\System32\CFGMGR32.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
    C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
    C:\WINDOWS\System32\??rss.exe
    C:\WINDOWS\System32\Szqu0w1A.exe
    C:\WINDOWS\System32\Twu3.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mustangsandmore.com/cgi-...rd Racing&number=12&DaysPrune=1000&LastLogin=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mustangsandmore.com/cgi-...rd Racing&number=12&DaysPrune=1000&LastLogin=
    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {3CA03C79-9265-26CC-D104-15550AF52934} - C:\WINDOWS\System32\jfujibxr.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\9FAaQWyv.dll

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [stlyh] C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
    O4 - HKLM\..\Run: [ak0HRs1w] C:\PROGRA~1\wroowwvt\vrssotp.exe
    O4 - HKLM\..\Run: [boag7m5u] C:\documents and settings\scott macleod\local settings\temp\boag7m5u.exe
    O4 - HKLM\..\Run: [af40d78e1561] C:\WINDOWS\System32\CFGMGR32.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Han442nJ.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\msCE.tmp"
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Zsha] C:\WINDOWS\System32\??rss.exe

    O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...532161d5cd35:316ec1697e4766858480d3e80deecaa8
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_1.cab


    After HJT is finished, while still in Safe Mode, delete these directories:
    C:\Program Files\Windows ControlAd\
    C:\WINDOWS\System32\P2P Networking\
    C:\Program Files\wroowwvt\

    Then delete all files in:
    C:\Documents and Settings\Scott MacLeod\Local Settings\Temp
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.