Tech Support Forum - View Single Post

palguy · 03-19-2005, 04:24 PM

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time).

C:\WINDOWS\system32\d?dplay.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ntkml2.exe
C:\Program Files\CxtPls\CxtPls.exe

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

AutoUpdate
CxtPls

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {ED1A872F-6794-463F-C3D6-37819FC55FE2} - C:\WINDOWS\system32\xqjn.dll
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [439S3tg] ntkml2.exe
O4 - HKCU\..\Run: [L0q2RjM7e] mtxpinst.exe
O4 - HKCU\..\Run: [Blgs] C:\WINDOWS\system32\d?dplay.exe

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\AutoUpdate
C:\Program Files\CxtPls
C:\WINDOWS\system32\d?dplay.exe
C:\WINDOWS\system32\ntkml2.exe
C:\WINDOWS\system32\xqjn.dll
ntkml2.exe--->You will need to do a search for and delete this file wherever you find it.
mtxpinst.exe--->You will need to do a search for and delete this file wherever you find it.

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

03-19-2005, 04:24 PM	#7 (permalink)
palguy Registered User Join Date: Nov 2004 Posts: 369 OS: xp	Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time). C:\WINDOWS\system32\d?dplay.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\WINDOWS\system32\ntkml2.exe C:\Program Files\CxtPls\CxtPls.exe Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: AutoUpdate CxtPls Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll O2 - BHO: (no name) - {ED1A872F-6794-463F-C3D6-37819FC55FE2} - C:\WINDOWS\system32\xqjn.dll O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [439S3tg] ntkml2.exe O4 - HKCU\..\Run: [L0q2RjM7e] mtxpinst.exe O4 - HKCU\..\Run: [Blgs] C:\WINDOWS\system32\d?dplay.exe *Please remember to close all other windows, including browsers then click Fix checked.* Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\AutoUpdate C:\Program Files\CxtPls C:\WINDOWS\system32\d?dplay.exe C:\WINDOWS\system32\ntkml2.exe C:\WINDOWS\system32\xqjn.dll ntkml2.exe--->You will need to do a search for and delete this file wherever you find it. mtxpinst.exe--->You will need to do a search for and delete this file wherever you find it. Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.