Please help! All kinds of pop ups! HJT log attached

By rupert
Jun 23, 2007
  1. Hello. Thank you to those of you that help us out in these forums. I am having a lot of problems with IE windows opening up every time I try to go to a new page on the window I'm using at the time and it has just hosing out my connection and making it drag. Attached is my HJT log. I have also followed the instructions and downloaded and ran cleaner, avg root and spy, renamed hjt to analyze, etc. still having major issues.


  2. momok

    momok TS Rookie Posts: 2,265

    Hi rupert and welcome to techspot. =)

    I found no instances of a firewall running on your system. I also noticed that your windows is completely unpatched. I recommend you get a firewall immediately and run it, before updating to the latest patch before you continue.

    Here are some recommendations for firewalls; please use one and only one. Using more than one is not recommended as it will hog your system resources.

    Also, you mentioned that you had followed the instructions from our preliminary removal thread; yet you have not posted your AVG Antispyware, Combofix logs as well as the results of the AVG antirootkit scan. I need to see those logs before I can do a thorough cleaning of your system.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll (file missing)
    O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
    O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
    O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckjtkqwb.exe
    Fix all O17 entries.

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\Program Files\Internet Explorer\ckjtkqwb.exe

    I also require you to search on your system for all instances of IExplorer.dll and delete them.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.

    Your friendly momok =)

    This thread is for the use of rupert only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. almcneil

    almcneil TS Guru Posts: 1,277

    Go into Safe Mode (no Networking) and run the following anti-spyare utils:

    1) Ad-Aware 2007
    2) Spybot Search & Destroy
    3) AVG Anti-Spyware

    Reboot into Normal Mode and repeat.

    Open MS Configuration Utility, startup page, remove unnecessary programs.

    Post back with your results.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...