1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Ads234 killing me! please read my hijack this log

By aturboford1
Dec 14, 2004
  1. Ive been having problems with my ie being hijacked by ads234. plus when ever i go to a new site my favorites menu and status bar dissappear. Please help me!

    hijack this log this is insanely long never seen anyone with such a large log file
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Before you go any further, go to https://www.techspot.com/vb/topic17297.html first and do exactly what it says.

    Then reboot in Safe Mode.

    Uninstall (if possible) anything to do with:
    C:\Program Files\Windows ControlAd\
    C:\WINDOWS\System32\P2P Networking\

    Now run HJT Standalone and let it "fix":

    C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
    C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mustangsandmore.com/cgi-...rd+Racing&number=12&DaysPrune=1000&LastLogin=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mustangsandmore.com/cgi-...rd+Racing&number=12&DaysPrune=1000&LastLogin=
    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {3CA03C79-9265-26CC-D104-15550AF52934} - C:\WINDOWS\System32\jfujibxr.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\9FAaQWyv.dll

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [stlyh] C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
    O4 - HKLM\..\Run: [ak0HRs1w] C:\PROGRA~1\wroowwvt\vrssotp.exe
    O4 - HKLM\..\Run: [boag7m5u] C:\documents and settings\scott macleod\local settings\temp\boag7m5u.exe
    O4 - HKLM\..\Run: [af40d78e1561] C:\WINDOWS\System32\CFGMGR32.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Han442nJ.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\msCE.tmp"
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Zsha] C:\WINDOWS\System32\??rss.exe

    O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...532161d5cd35:316ec1697e4766858480d3e80deecaa8
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_1.cab

    After HJT is finished, while still in Safe Mode, delete these directories:
    C:\Program Files\Windows ControlAd\
    C:\WINDOWS\System32\P2P Networking\
    C:\Program Files\wroowwvt\

    Then delete all files in:
    C:\Documents and Settings\Scott MacLeod\Local Settings\Temp
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...