|
| ||
| Ikeep gettin adds! Hey guys i ran adaware and removed everything but all these adds still come up! I also have wsup.exe and wtools.exe in processes but i cant kill them! They keep commin back! HELP!!!!! Heres my log! Logfile of HijackThis v1.98.2 Scan saved at 2:03:50 PM, on 12/27/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Athan\Athan.exe C:\WINDOWS\System32\nkjchid.exe C:\WINDOWS\system32\qarbpvmc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\WINDOWS\system32\wdpjdydm\gcrrwl.exe C:\WINDOWS\system32\cymo\hgcwic.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\WINDOWS\system32\jspdx.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\vqvw\ftsdx.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\COMMON~1\tsa\tsm2.exe C:\WINDOWS\system32\d?dplay.exe C:\PROGRA~1\COMMON~1\tsa\ts2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\CxtPls\CxtPls.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file) O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\nkjchid.exe O4 - HKLM\..\Run: [pebmfr] C:\WINDOWS\dpdfswlcp.exe O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe O4 - HKLM\..\Run: [lpqmqgvt] C:\WINDOWS\system32\qarbpvmc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [cddjoay] C:\WINDOWS\system32\bawmfx\cddjoay.exe O4 - HKLM\..\Run: [dgsdtrp] C:\WINDOWS\system32\axtc\dgsdtrp.exe O4 - HKLM\..\Run: [fubpqp] C:\WINDOWS\system32\oprryht\fubpqp.exe O4 - HKLM\..\Run: [kvuogoji] C:\WINDOWS\system32\jasyvs\kvuogoji.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [gcrrwl] C:\WINDOWS\system32\wdpjdydm\gcrrwl.exe O4 - HKLM\..\Run: [ftsdx] C:\WINDOWS\system32\vqvw\ftsdx.exe O4 - HKLM\..\Run: [hgcwic] C:\WINDOWS\system32\cymo\hgcwic.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [s7nV32g] jspdx.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [Flxv] C:\WINDOWS\system32\d?dplay.exe O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\system32\lmf32.dll |
| ||
| Re: Ikeep gettin adds! bumpidy bump dump bump |
| ||
| Re: Ikeep gettin adds! Quote:
Please try to be a bit more patient in the future... First- you're running an older version of HijackThis. Please download the latest version (1.99.0) using the "HijackThis" link in my sig below, run that version, and post the new log it generates. Also- since your current log shows no indication of any running anti-virus software, go to the following two sites and run their free online virus scans. They'll probably be able to clean up some of the nasties: http://housecall.trendmicro.com/ http://www.pandasoftware.com/actives..._principal.htm You can also download the free anti-virus program from this site if you don't currently own an AV program: http://free.grisoft.com/freeweb.php/doc/2/ |
| ||
| Re: Ikeep gettin adds! every time i run the new version, it crashes....cant you just use the old one please?I dont wanna go through the trouble of fixing it.. |
| ||
| Re: Ikeep gettin adds! Are there any error messages generated from the crash? If so, tell us exactly what they are. We could probably at least start to work from the old version of HJT, but the newest version has an enhanced range of detection, and as such can find/fix a wider range of problems. 1. Did you do the online anti-virus scans I suggested? If not, please do those and let us know that you have done so before we proceed. 2. A few other things you should do to help clean things up before posting a new HJT log: A) Run a full anti-virus scan, as I mentioned earlier. B) Download and run Ad Aware and SpyBot Search & Destroy. The download links are in my sig below. Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"): 1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan 2.Close ALL windows except Ad-Aware SE 3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware. 4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window 1) In the ‘General’ window make sure the following are selected in green: *Automatically save log-file *Automatically quarantine objects prior to removal *Safe Mode (always request confirmation) Under Definitions: *Prompt to udate outdated definitions - set the number of days 2) Click on the ‘Scanning’ button on the left and select in green : Under Driver, Folders & Files: *Scan Within Archives Under Select drives & folders to scan - *choose all hard drives Under Memory & Registry: all green *Scan Active Processes *Scan Registry *Deep Scan Registry *Scan my IE favorites for banned URL’s *Scan my Hosts file 3) Click on the ‘Advanced’ button on the left and select in green: Under Shell Integration: *Move deleted files to recycle bin Under Logfile Detail Level: (all green) *include addtional object information *DESELECT - include negligible objects information *include environment information Under Alternate Data Streams: *Don't log streams smaller than 0 bytes *Don't log ADS with the following names: CA_INOCULATEIT 4) Click the ‘Tweak’ button and select in green: Under the ‘Scanning Engine’: *Unload recognized processes during scanning *Scan registry for all users instead of current user only Under the ‘Cleaning Engine’: *Let Windows remove files in use at next reboot Under the Log Files: *Include basic Ad-aware SE settings in logfile *Include additional Ad-aware SE settings in logfile *Please do not check or make green: Include Module list in logfile 5. Click on ‘Proceed’ to save the settings. 6. Click ‘Start’ *Choose:'Perform Full System Scan' *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. 7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically. 8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window. Rightt-click on any of the entries and choose the "Select all items" option. 9. Save the log file when it asks and then click ‘finish’ 10. REBOOT to complete the removal of what Ad-Aware SE found * Run SpyBot. When you first run SpyBot, it will walk you through a Wizard which will perform a few critical functions (making a registry backup, getting the latest updates, etc.). 1. Perform all of the Wizard's tasks. 2. Run the program. Once it completes, have it fix everything it finds. 3. Reboot. C) Boot into Safe Mode (do this by hitting the F8 key as the computer is booting) and: - Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files". - For every user account listed under C:\Documents and Settings, delete everything inside the following folders (don't delete the folders themselves though): 1. Local Settings\Temp 2. Cookies 3. History 4. Local Settings\Temporary Internet Files\Content.IE5 - Delete the entire content of your C:\Windows\Temp folder. (If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.) - Empty your Recycle Bin. - Reboot normally. D) Run HijackThis again and post a fresh log. All of the above might sound complex and/or time-consuming, but doing it will help. |
| ||
| Re: Ikeep gettin adds! ok i did that. But i couldnt get into my user in documents and sttings, it said access denied. Also , i did not get an error message when tryin to run HJT, i just got the windows error reporting and it crashed. Since i dont have my old version anymore, i cant post a new log! Can you tell me where to find the old one? |
| ||
| Re: Ikeep gettin adds! Quote:
Quote:
http://www.stevewolfonline.com/Downl...e%20Utilities/ |
| ||
| Re: Ikeep gettin adds! my account was AKRAM....and heres my log: Logfile of HijackThis v1.98.2 Scan saved at 2:32:39 PM, on 12/28/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Athan\Athan.exe C:\WINDOWS\System32\nkjchid.exe C:\WINDOWS\system32\wdpjdydm\gcrrwl.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\WINDOWS\system32\jspdx.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\d?dplay.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ragheb\Desktop\My Crap\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file) O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing) O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\nkjchid.exe O4 - HKLM\..\Run: [pebmfr] C:\WINDOWS\dpdfswlcp.exe O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe O4 - HKLM\..\Run: [lpqmqgvt] C:\WINDOWS\system32\qarbpvmc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [cddjoay] C:\WINDOWS\system32\bawmfx\cddjoay.exe O4 - HKLM\..\Run: [fubpqp] C:\WINDOWS\system32\oprryht\fubpqp.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [gcrrwl] C:\WINDOWS\system32\wdpjdydm\gcrrwl.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [s7nV32g] jspdx.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Flxv] C:\WINDOWS\system32\d?dplay.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\system32\lmf32.dll |
| ||
| Re: Ikeep gettin adds! bumpidy bump bumpidy bump bump bump bump |
| ||
| Re: Ikeep gettin adds! bump yet again. |
| All times are GMT -4. The time now is 11:51 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC