Help with cxtpls please (hijackthis log posted)

By miniboot
Feb 10, 2005
  1. I've cleaned this old Win ME system countless times over the past few weeks, but a few days after I clean it, the spyware comes back. The two culprits are 'autoupdate' and 'cxtpls'. I think (hope) the reason they were coming back is that I didn't turn off system restore, so hopefully now I'm clean as I turned it off before running adaware this time. I've also just installed all the Windows Updates.

    Here's my logfile, please let me know if there's anything I've missed.

    Thanks for your help

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You are not clean by a long way!
    And I am not sure if I should help you at all! You don't even have any Antivirus or Antispyware on that PC!
    Makes me wonder how you got away with that.

    Download and install Adaware and Spybot from the links in this post:
    Install an Antivirus program. A good free one is e.g. AVG from
    Once installed, update all those programs regularly, so you always have the latest definitions.

    Boot in Safe Mode
    Switch Off System Restore

    My advise: UNinstall all those toolbars! You got Google, MSN, Yahoo, why? All they do is clutter your PC.

    Press ctrl/alt/del and in Taskmanager try to STOP:

    Next, try to UNinstall anything to do with:

    Next, run Hijackthis on its own and let it 'fix' (if still there):
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [rs8V36X] IR5OLE32.EXE
    O4 - HKCU\..\Run: [aBr9RWbmX] IOSIL400.EXE
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Clean your Temp directory, you temp. internet files, all your cookies etc.
    Boot back in normal.
    If all is OK, switch on System Restore if you like.
  3. miniboot

    miniboot TS Rookie Topic Starter

    Thanks very much RealBlackStuff. I installed McAfee, ran AdAware, Spybot, and didn't find any of the files you emboldened above. I did read through your other topic, however (topic17297.html)
    and saw that you recommend to fix a lot more than you told me to fix in this post (I.e. all the O4 - HKLM...\Run processes). Should I also fix all them, or is that just for users who are having the coolwebsearch problem?


    - Andrew
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    If you read that post again, you saw:
    Fix ANY of these O2, O3 and O4, they are guaranteed BAD, whack them: :knock:

    I will change that to have the specifics directly before the numbers O2, O3 and O4.
    The programs in there are ALL known evil-doers. My text should perhaps read: If you have any of these, fix them.
    I will change that asap, but the problem is the size-limitation of the post (max 10'000 char.) that's why I had to 'skimp' on full lines.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...