Hijack This Log. help please

Status
Not open for further replies.

-dark-magician

Posts: 7   +0
I do run adaware & spybot.. this machine is a duel boot laptop with Xp pro, and Server 2000.. so when I run Spybot, and the machine reboots to finish removing items, it never gets them all because some items are being loaded into memory before spybot runs again

ok here is an updated list, I went and removed the obvious, and some more.. there are still a few question marks for me in this log
 
hmmm, noone has any comments on this, there is still junk poping up, and precesses running I should not be (there are like 4 things tat start with ad...., and 2 of them will not end when i end them), I went to add/remove programs, I didnt see anyhthing to strange in there.. I removed everythign adaware & spybot will remove.
 
Based on the second log:

Boot in Safe Mode
Move Hijackthis to a permanent directory, it needs it for backups.
Switch off System Restore.
Try to UNinstall anything to do with this crap:

C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\PROGRA~1\DAP\DAP.EXE

Press ctrl/alt/del and in Taskmanager try to STOP these processes:
MsgPlus.exe
cgrqvl.exe
nvsc32.exe
tuqxvr.exe
ap9h4qmo.exe
Xjjswp.exe
srscast32.exe
istsvc.exe
AdManKeep.exe
AdTools.exe
AdToolsKeep.exe
AdManCtl.exe
DAP.EXE
vwb.exe
msmsgs.exe

Next, run HJT on its own and let it 'fix' if still there:
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\windows\system32\cgrqvl.exe
C:\WINDOWS\system32\nvsc32.exe
C:\WINDOWS\tuqxvr.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\WINDOWS\system32\Xjjswp.exe
C:\WINDOWS\system32\srscast32.exe
C:\WINDOWS\system32\nvsc32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\PROGRA~1\DAP\DAP.EXE
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [cgrqvl] c:\windows\system32\cgrqvl.exe
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [vwb] C:\WINDOWS\vwb.exe
O4 - HKLM\..\Run: [8obCAlZ] C:\WINDOWS\tuqxvr.exe
O4 - HKLM\..\Run: [Bcvsrv32] srscast32.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] srscast32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <<<==FALSE!!
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: KATRACK.DLL

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

Boot to normal. If all OK, switch Systerestore back on.
Install Firefox from www.getfirefox.com
Use IE only for windoze-updates!

Get a reliable, fast and free downloader from www.stardownloader.com
 
Status
Not open for further replies.
Back