TechSpot

Hijack This Log. help please

By -dark-magician
Feb 15, 2005
Topic Status:
Not open for further replies.
  1. I do run adaware & spybot.. this machine is a duel boot laptop with Xp pro, and Server 2000.. so when I run Spybot, and the machine reboots to finish removing items, it never gets them all because some items are being loaded into memory before spybot runs again

    ok here is an updated list, I went and removed the obvious, and some more.. there are still a few question marks for me in this log
  2. -dark-magician

    -dark-magician TS Rookie Topic Starter

    hmmm, noone has any comments on this, there is still junk poping up, and precesses running I should not be (there are like 4 things tat start with ad...., and 2 of them will not end when i end them), I went to add/remove programs, I didnt see anyhthing to strange in there.. I removed everythign adaware & spybot will remove.
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Based on the second log:

    Boot in Safe Mode
    Move Hijackthis to a permanent directory, it needs it for backups.
    Switch off System Restore.
    Try to UNinstall anything to do with this crap:

    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Admanager Controller\AdManKeep.exe
    C:\Program Files\AdTools Service\AdTools.exe
    C:\PROGRA~1\DAP\DAP.EXE

    Press ctrl/alt/del and in Taskmanager try to STOP these processes:
    MsgPlus.exe
    cgrqvl.exe
    nvsc32.exe
    tuqxvr.exe
    ap9h4qmo.exe
    Xjjswp.exe
    srscast32.exe
    istsvc.exe
    AdManKeep.exe
    AdTools.exe
    AdToolsKeep.exe
    AdManCtl.exe
    DAP.EXE
    vwb.exe
    msmsgs.exe

    Next, run HJT on its own and let it 'fix' if still there:
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\windows\system32\cgrqvl.exe
    C:\WINDOWS\system32\nvsc32.exe
    C:\WINDOWS\tuqxvr.exe
    C:\WINDOWS\system32\ap9h4qmo.exe
    C:\WINDOWS\system32\Xjjswp.exe
    C:\WINDOWS\system32\srscast32.exe
    C:\WINDOWS\system32\nvsc32.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Admanager Controller\AdManKeep.exe
    C:\Program Files\AdTools Service\AdTools.exe
    C:\Program Files\AdTools Service\AdToolsKeep.exe
    C:\Program Files\Admanager Controller\AdManCtl.exe
    C:\PROGRA~1\DAP\DAP.EXE
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [cgrqvl] c:\windows\system32\cgrqvl.exe
    O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
    O4 - HKLM\..\Run: [vwb] C:\WINDOWS\vwb.exe
    O4 - HKLM\..\Run: [8obCAlZ] C:\WINDOWS\tuqxvr.exe
    O4 - HKLM\..\Run: [Bcvsrv32] srscast32.exe
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
    O4 - HKLM\..\RunServices: [Bcvsrv32] srscast32.exe
    O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
    O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <<<==FALSE!!
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: KATRACK.DLL

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Boot to normal. If all OK, switch Systerestore back on.
    Install Firefox from www.getfirefox.com
    Use IE only for windoze-updates!

    Get a reliable, fast and free downloader from www.stardownloader.com
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.