Trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
I believe that I have a Trojan in my PC but I am not really sure I am getting a lot of pop-ups and there seemes to be a lot of activity in my PC that is not coming from what I am doing and my PC freezes up and goes dead from time to time I also get a lot of error messages and there seemes to be a program that I don't recognize ( ISearchTech.ISTsvc ) can you help me :confused:
 
Joined
Apr 11, 2003
Messages
1,649
Hi download Hijack This from the link below. There's nothing to install, just extract it from the zip folder and click on it. When it opens allow it to scan the system and save a log. Copy and paste the results of the log onto the board and someone will read it for you:

Hijack This:
http://www.majorgeeks.com/download.php?det=3155
 

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
OK here it is.

Logfile of HijackThis v1.99.0
Scan saved at 7:49:47 PM, on 2/2/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\YYCCFHNX.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10000hits.net/SilverSurfer.aspx?userid=280667
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\PBHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Power IE - {437434D2-065E-499D-A337-59657DF3342F} - C:\PROGRA~1\POWERI~1\CTBAND.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [AGjHsd] C:\YYCCFHNX.EXE
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\YYCCFHNX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SlipStream Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O8 - Extra context menu item: Add to Power IE &Block List... - C:\PROGRAM FILES\POWER IE\adblocking.htm
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/227
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/250
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O18 - Filter: text/html - {D7806F98-C55E-4555-8ACF-A62EB03AB008} - (no file)
 
Joined
Apr 11, 2003
Messages
1,649
Hi,

Download and update Adaware but don’t run it yet.

Adaware:

http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

You’ll also need to configure Ad-aware the following way:

Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Scanning Engine:
check: "Unload recognized processes during scanning."

Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Cleaning Engine:
Check: "Let Windows remove files in use at next reboot."

Press 'Proceed'

Press 'Start'

Select option 'Use Custom scanning options'
Click 'Activate in-depth scan'
Press 'Select drives\folders to scan' Select the active partition which is usually C:
Click Customize
Make the following are all are Checked
Scan Within Archives'
Scan Active Processes'
Scan Registry'
Deep Scan Registry'
Scan My IE Favorites For Banned URL'S
Scan My Hosts File'

Click Proceed

Boot into Safe mode.

How to boot into Safe Mode:

http://service1.symantec.com/SUPPOR...001052409420406

While in Safe Mode go ahead and run Ad-aware.

Now open up Hijack This and check to remove the entries below. Make sure Hijack This is in its own folder and in a permanent location, for example C:\Program Files because it creates a backup of what you take out:


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

O4 - HKLM\..\Run: [AGjHsd] C:\YYCCFHNX.EXE

O4 - HKLM\..\Run: [¢‰¸ï0 4Ã_4}¤Á-_œ-5_]C:\Program Files\ISTsvc\istsvc.exe] C:\YYCCFHNX.EXE


Next unhide all files and folders.

How to show hidden files:

Open My Computer from the desktop.

Select the View Tab then click Folder Options.

Click the View Tab

Under Files and Folders/Hidden files select:

Show all Files

Click ok.

Now go to the Start button > Search Files and Folders and type in and delete:

YYCCFHNX.EXE

Finally navigate to C:\Program Files and delete the ISTsvc folder.

When you're finished boot back up into normal mode and post a new log.
 

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
OK here is the new scan sorry to have taken so long in getting back to you but I just got in from work.
I could not delete yyccfhnx.exe because it was being used by windows the system told me.




Logfile of HijackThis v1.99.0
Scan saved at 6:29:16 PM, on 2/3/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\YYCCFHNX.EXE
C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10000hits.net/SilverSurfer.aspx?userid=280667
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\PBHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Power IE - {437434D2-065E-499D-A337-59657DF3342F} - C:\PROGRA~1\POWERI~1\CTBAND.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\YYCCFHNX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SlipStream Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O8 - Extra context menu item: Add to Power IE &Block List... - C:\PROGRAM FILES\POWER IE\adblocking.htm
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/227
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/250
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O18 - Filter: text/html - {D7806F98-C55E-4555-8ACF-A62EB03AB008} - (no file)
 
Joined
Apr 11, 2003
Messages
1,649
Hi cheesecake let’s try it this way:

Download Symantec’s FxIstbar from here:

FxIstbar
http://securityresponse.symantec.com/avcenter/FxIstbar.exe

This is from Symantec’s site to be aware of:

1.) The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.

2.) The removal tool may terminate Internet Explorer and Windows Explorer. It is recommended that users save their work and log out of these programs before running the removal tool.

3.) The removal tool will reset the Internet start page to a blank page. The start page can be modified by clicking on Tools > Internet Options in Internet Explorer.

4.) The removal tool will not delete some harmless Temporary Internet files, which Adware.Istbar created, in C:\Documents and Setings\Administrator\Local Settings\Temporary Internet Files.

These can be manually deleted using the following steps:

a. Start Internet Explorer.
b. Click Tools > Internet Options.
c. In the Temporary Internet Files section, then click the Delete Files button.
d. Check Delete all offline content, and then click OK.

There’s more info if you’re interested here:
http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

After running the tool boot into Safe Mode and unhide System files. Just follow the instructions from my earlier post #4 to do both.

Open up Hijack This and delete the following entries:


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

O4 - HKLM\..\Run: [¢‰¸ï0 4Ã_4}¤Á-_œ-5_]C:\Program Files\ISTsvc\istsvc.exe] C:\YYCCFHNX.EXE

O18 - Filter: text/html - {D7806F98-C55E-4555-8ACF-A62EB03AB008} - (no file)


Once again go to the Start button > Search Files and Folders and type in and delete the file below if it’s there. Symantec may have removed it already but check again just in case:

YYCCFHNX.EXE

When you’re finished reboot and post a new log.
 

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
When I tried to download
httP://securityresponse.symantec.com/avcenter/FxIstbar.exe
I got the message below.



Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster
Error 404
response.symantic.com
Fri 04 Feb 2005 02:26:06 PM PST
Apache/2.0.40 (Red Hat Linux)
 

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
OK it opened for me now I going to download it now and by the way I found out the name of the virus I got.
It's called Win.32.SillyDI.DR
 

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
OK i finally managed it,just one left that I can see.





Logfile of HijackThis v1.99.0
Scan saved at 5:25:46 PM, on 2/5/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\PROGRAM FILES\BESTPOPUPKILLER\BESTPOPUPKILLER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10000hits.net/SilverSurfer.aspx?userid=280667
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\PBHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Power IE - {437434D2-065E-499D-A337-59657DF3342F} - C:\PROGRA~1\POWERI~1\CTBAND.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SlipStream Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O8 - Extra context menu item: Add to Power IE &Block List... - C:\PROGRAM FILES\POWER IE\adblocking.htm
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/227
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/250
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
 
Joined
Apr 11, 2003
Messages
1,649
You just need to open Hijack This again and put a check to remove this entry:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

Other than that your log looks good now, is it running a little better?
 
Joined
Apr 11, 2003
Messages
1,649
Ok I wouldn't worry about that entry so much. Your log looks clean now, is it running better?
 

cheesecake

Thread Starter
Joined
Feb 2, 2005
Messages
8
Yes my PC is running real good now,but let me ask you another question
how can I keep those tracking bugs from entering my PC while I'm surfing the net,they are such a pain,easy to get rid of but never the less a pain, and thank you for all the help you have given me.
 
Joined
Apr 11, 2003
Messages
1,649
Spybot Search and Destroy has an immunization feature that helps to keep out over a thousand spyware programs.

Another site has created a small file you add to the registry that sets the kill bit to prevent installation of many of the pests out there, including ISTsvc which infected your system. Just get the minimal download and click on it. That will protect you from nearly 400 spyware programs:

SpywareGuide:
http://www.spywareguide.com/blockfile.php
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top