« previous next »
Pages: [1]

Author Topic: Removing ist bar.  (Read 2021 times)

enxo

  • Guest
Removing ist bar.
« on: March 01, 2005, 11:57:55 AM »
I need help on getting it removed completely.

Logfile of HijackThis v1.99.1
Scan saved at 11:53:41 AM, on 3/1/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Hlydit.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\WINDOWS\yfqtjj.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\wqfd.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {30BCA8E3-FF20-4DDF-A2B7-6D3F52968687} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {5D622B03-DDE4-4A9B-9317-88F566295870} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {69B5361E-9587-48C8-8728-8BEA535D9125} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {6E38529C-92CC-4DAD-B1F2-7C5BD2B17D31} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {88672CB8-70F5-47E2-A0FE-199AE9FA40BB} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {96C14148-16C6-4F84-8E2D-58EC607A8F56} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {B6631E1D-972F-4C5A-B0F4-68C8AB81326A} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {C5CFA7F2-F8F8-4083-9E75-7DB6A4E3D265} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {C8D94F0D-B747-4C49-83B6-B09B511196C4} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {CC05116D-6DD8-4575-9F53-ADEA1684ED42} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {CE05A11D-4D5B-4460-B9E8-EA996327261C} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {CF4F48FA-3581-44BF-B453-B835A96074CC} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {D210A0C2-9AED-422D-8113-8CD0CCC38913} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {EA41E789-C3E8-4B05-9FE6-B653665BFC15} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {F950E67B-696C-4ACE-BCED-6479B056E403} - C:\Program Files\nqabump8\nqabump8.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Zpdlkt.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Hlydit.exe
O4 - HKLM\..\Run: [tjeizc] C:\WINDOWS\System32\tjeizc.exe
O4 - HKLM\..\Run: [qhwftc] C:\WINDOWS\System32\qhwftc.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [nqabump8] C:\Program Files\nqabump8\nqabump8.exe
O4 - HKLM\..\Run: [rwydfc] C:\WINDOWS\System32\rwydfc.exe
O4 - HKLM\..\Run: [Ap9BAae] C:\WINDOWS\yfqtjj.exe
O4 - HKLM\..\Run: [rnd] C:\WINDOWS\System32\rnd.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\wqfd.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ÁåÉù - {7FA48D98-F2F7-4FAD-9762-2F7165D51650} - http://soft.jily.net/redirect/ring.htm (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: µ¼º½ - {B252D7FF-47B3-4B41-9E69-69D6C1ED523A} - http://www.jily.net/site.htm (file missing)
O9 - Extra button: Ìý¸è - {CC56C5BE-005C-4F82-BC68-E2FD0F819CDB} - http://soft.jily.net/redirect/music.htm (file missing)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Removing ist bar.
« Reply #1 on: March 01, 2005, 08:54:25 PM »
===Download and save to Desktop the
FixIstbar.exe from Symantecs
Don't run it yet

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Print the rest of this out or save too a Notepad file on the desktop

Restart your computer into SAFE MODE

Access your Add/Remove programs and see if there is an entry for
Istbar or ISTsvc
If so, try and Remove it

Find and delete these files or folders if they exist
C:\WINDOWS\System32\Zpdlkt.exe <--file
C:\WINDOWS\System32\Hlydit.exe <--file
C:\WINDOWS\System32\tjeizc.exe
C:\WINDOWS\System32\qhwftc.exe
C:\WINDOWS\System32\rwydfc.exe
C:\WINDOWS\System32\rnd.exe
C:\WINDOWS\System32\wqfd.exe
C:\WINDOWS\System32\sysmonnt
C:\WINDOWS\yfqtjj.exe

C:\Program Files\nqabump8 <--folder
C:\WINDOWS\System32\vmss <--folder
C:\Program Files\ISTsvc <--folder
C:\WINDOWS\System32\wsxsvc <--folder
C:\Program Files\hpdll <--folder

Stay in safe mode and do a Disk Cleanup
START>>RUN>>type in cleanmgr
Ensure that temp and temp internet files are selected

Again, in safe mode
Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {30BCA8E3-FF20-4DDF-A2B7-6D3F52968687} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {5D622B03-DDE4-4A9B-9317-88F566295870} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {69B5361E-9587-48C8-8728-8BEA535D9125} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {6E38529C-92CC-4DAD-B1F2-7C5BD2B17D31} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {88672CB8-70F5-47E2-A0FE-199AE9FA40BB} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {96C14148-16C6-4F84-8E2D-58EC607A8F56} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {B6631E1D-972F-4C5A-B0F4-68C8AB81326A} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {C5CFA7F2-F8F8-4083-9E75-7DB6A4E3D265} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {C8D94F0D-B747-4C49-83B6-B09B511196C4} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {CC05116D-6DD8-4575-9F53-ADEA1684ED42} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {CE05A11D-4D5B-4460-B9E8-EA996327261C} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {CF4F48FA-3581-44BF-B453-B835A96074CC} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {D210A0C2-9AED-422D-8113-8CD0CCC38913} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {EA41E789-C3E8-4B05-9FE6-B653665BFC15} - C:\Program Files\nqabump8\nqabump8.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {F950E67B-696C-4ACE-BCED-6479B056E403} - C:\Program Files\nqabump8\nqabump8.dll

O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Zpdlkt.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Hlydit.exe
O4 - HKLM\..\Run: [tjeizc] C:\WINDOWS\System32\tjeizc.exe
O4 - HKLM\..\Run: [qhwftc] C:\WINDOWS\System32\qhwftc.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [nqabump8] C:\Program Files\nqabump8\nqabump8.exe
O4 - HKLM\..\Run: [rwydfc] C:\WINDOWS\System32\rwydfc.exe
O4 - HKLM\..\Run: [Ap9BAae] C:\WINDOWS\yfqtjj.exe
O4 - HKLM\..\Run: [rnd] C:\WINDOWS\System32\rnd.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\wqfd.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h

O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Im unsure about the next ones, if unknown to you or not wanted fix them too
O9 - Extra button: ÁåÉù - {7FA48D98-F2F7-4FAD-9762-2F7165D51650} - http://soft.jily.net/redirect/ring.htm (file missing)

O9 - Extra button: µ¼º½ - {B252D7FF-47B3-4B41-9E69-69D6C1ED523A} - http://www.jily.net/site.htm (file missing)
O9 - Extra button: Ìý¸è - {CC56C5BE-005C-4F82-BC68-E2FD0F819CDB} - http://soft.jily.net/redirect/music.htm (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run the FixIstbar Removal tool from Symantec's and allow it to scan your hard drive and fix what it finds

Restart back to Normal mode

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates

Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer  to finish the cleaning process

Download and Install Spybot S&D 1.3
When Installing, please don't enable TEA TIMER, it's a great addon to Spybot but it can get in our way to do any manual fixes.. This can be enabled at a later time if you want it
After installation--Click the Update button on the left, in the window on the right click the
SEARCH FOR UPDATES button, Check and download all updates
Click the "Search and Destroy" Button
In the right window, click the
Check for Problems Let it complete it's scanning---Ensure to check and FIX everything in RED---they should be checked by default
RESTART your computer to finish the Cleaning process

If you can't run any of those in Normal mode try in Safe mode

When your back in Windows
I would also recommend you do an online Virus scan at
Panda's Online Virus scanner
http://www.pandasoftware.com/activescan/co...n_principal.htm

Post back a fresh Hijackthis log afterwards
« Last Edit: March 01, 2005, 08:55:42 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

enxo

  • Guest
Removing ist bar.
« Reply #2 on: March 02, 2005, 12:45:37 AM »
Used the virus scanner. Great recommendation.

Logfile of HijackThis v1.99.1
Scan saved at 12:43:20 AM, on 3/2/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logged

enxo

  • Guest
Removing ist bar.
« Reply #3 on: March 03, 2005, 08:44:19 PM »
Bump.
Logged
Pages: [1]
« previous next »