Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please I need help!


  • Please log in to reply
3 replies to this topic

#1 Dark_Baron

Dark_Baron

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 February 2005 - 07:44 AM

Hi

I've already used AdAware and it removed a lot of spyware etc., but I'm still experiencing problems: SADLR001 is listed as one of my connections and when I remove it, it comes back the next time. :thumbsup: Please look at my HJT scan and thanks in advance.

I CAN'T DOWNLOAD IE SP 2 because one pop-up disconnects me from the Net

Logfile of HijackThis v1.99.0
Scan saved at 2:46:56 PM, on 2/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SOFT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\ICUNI.EXE
C:\WINDOWS\SYSTEM\DBMSSHRN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\AJAIPN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMMON FILES\EACCELERATION\SYSTIMER.EXE
C:\PROGRAM FILES\SCANBUTTON 2.1\SCANBUTTON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\ICUNI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\Twunk_16.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\SYSTEM\soft.exe
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\PROGRAM FILES\ESYNDICATE\ESYN.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\PROGRAM FILES\MIDDADLE\CLICKS10017.DLL
O2 - BHO: BHO Class - {575A5AE9-B68E-4BEB-BACB-FE430448C654} - C:\WINDOWS\SYSTEM\WINSUCK.DLL
O2 - BHO: BHO Class - {F6053709-5723-454E-AB9D-7FC7E681AFA5} - C:\WINDOWS\SYSTEM\WINTITLE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [3111.TMP] C:\WINDOWS\TEMP\3111.TMP.exe 0 10001
O4 - HKLM\..\Run: [9st7] C:\WINDOWS\TEMP\9ST7.EXE
O4 - HKLM\..\Run: [Icuni.exe] C:\WINDOWS\SYSTEM\ICUNI.EXE
O4 - HKLM\..\Run: [ITSN2PTRW] C:\WINDOWS\SYSTEM\ITSN2PTRW.EXE
O4 - HKLM\..\Run: [2754129c5937] C:\WINDOWS\SYSTEM\DBMSSHRN.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATSERV.EXE
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\UOJWTF.exe
O4 - HKLM\..\Run: [0+]m*aigY] C:\ISPRO.EXE
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\AJAIPN.exe
O4 - HKLM\..\Run: [0 44}5]C:\Program Files\ISTsvc\istsvc.exe] C:\ISPRO.EXE
O4 - HKLM\..\Run: [0+]m*aiC:\Program Files\ISTsvc\istsvc.exe] C:\ISPRO.EXE
O4 - HKLM\..\Run: [3111.TMP.EXE] C:\WINDOWS\TEMP\3111.TMP.EXE 0 10001
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Micro Warehouse\HelpExpress\Dr. G. Voronkov\HXIUL.EXE
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: ScanButton 2.1.lnk = C:\Program Files\ScanButton 2.1\ScanButton.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EDDEFINE.HTM
O8 - Extra context menu item: QuickTranslate - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EDTRANS.HTM
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\SURFBAR.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//222/Eyetide%20Installer.cab
O16 - DPF: {86A889A6-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics VRML Automation Driver v3.0) - http://www.parallelgraphics.com/bin/cortauto.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\AS_AIPP.DLL
O18 - Protocol: sspng - {1E8068DE-05AD-11D4-ACC8-EF447469245E} - D:\PROGRAM FILES\INTERNET RESEARCHER\SSPNG.DLL

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:34 AM

Posted 01 February 2005 - 11:05 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\SYSTEM\soft.exe
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\PROGRAM FILES\ESYNDICATE\ESYN.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\PROGRAM FILES\MIDDADLE\CLICKS10017.DLL
O2 - BHO: BHO Class - {575A5AE9-B68E-4BEB-BACB-FE430448C654} - C:\WINDOWS\SYSTEM\WINSUCK.DLL
O2 - BHO: BHO Class - {F6053709-5723-454E-AB9D-7FC7E681AFA5} - C:\WINDOWS\SYSTEM\WINTITLE.DLL
O4 - HKLM\..\Run: [3111.TMP] C:\WINDOWS\TEMP\3111.TMP.exe 0 10001
O4 - HKLM\..\Run: [9st7] C:\WINDOWS\TEMP\9ST7.EXE
O4 - HKLM\..\Run: [Icuni.exe] C:\WINDOWS\SYSTEM\ICUNI.EXE
O4 - HKLM\..\Run: [ITSN2PTRW] C:\WINDOWS\SYSTEM\ITSN2PTRW.EXE
O4 - HKLM\..\Run: [2754129c5937] C:\WINDOWS\SYSTEM\DBMSSHRN.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATSERV.EXE
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\UOJWTF.exe
O4 - HKLM\..\Run: [0+]m*aigY] C:\ISPRO.EXE
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\AJAIPN.exe
O4 - HKLM\..\Run: [0 44}5]C:\Program Files\ISTsvc\istsvc.exe] C:\ISPRO.EXE
O4 - HKLM\..\Run: [0+]m*aiC:\Program Files\ISTsvc\istsvc.exe] C:\ISPRO.EXE
O4 - HKLM\..\Run: [3111.TMP.EXE] C:\WINDOWS\TEMP\3111.TMP.EXE 0 10001
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Micro Warehouse\HelpExpress\Dr. G. Voronkov\HXIUL.EXE
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//222/Eyetide%20Installer.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\WINDOWS\SYSTEM\soft.exe
C:\PROGRAM FILES\ESYNDICATE\ESYN.DLL
C:\PROGRAM FILES\MIDDADLE\
C:\WINDOWS\SYSTEM\WINSUCK.DLL
C:\WINDOWS\SYSTEM\WINTITLE.DLL
C:\WINDOWS\TEMP\3111.TMP.exe
C:\WINDOWS\TEMP\9ST7.EXE
C:\WINDOWS\SYSTEM\ICUNI.EXE
C:\WINDOWS\SYSTEM\ITSN2PTRW.EXE
C:\WINDOWS\SYSTEM\DBMSSHRN.exe
C:\PROGRAM FILES\ADSTATUS SERVICE\
C:\WINDOWS\SYSTEM\MSXMIDI.EXE
C:\WINDOWS\SYSTEM\UOJWTF.exe
C:\WINDOWS\SYSTEM\AJAIPN.exe
C:\ISPRO.EXE
C:\WINDOWS\TEMP\3111.TMP.EXE 0 10001
C:\Program Files\Micro Warehouse\
C:\WINDOWS\SYSTEM\MSXMIDI.EXE

Reboot your computer to go back to normal mode and post a new log.

#3 Dark_Baron

Dark_Baron
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 02 February 2005 - 07:05 AM

First of all, THANKS A LOT :thumbsup: for your help, as I was really desperate. I did what was required of me and much of the stuff seems to be gone. However, my biggest worry is still there: SADLR001 is still listed as one of my connections, so I suppose the dialer(?) is still there. Is there a way to remove it?

In the log, I can see that ISPRO.exe is still there even though I seemed to fix it. I am also worried about those entries for "trusted IP range". Here's the log:


Logfile of HijackThis v1.99.0
Scan saved at 2:00:20 PM, on 2/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SCANBUTTON 2.1\SCANBUTTON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\Twunk_16.exe
C:\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [0+]m*aigY] C:\ISPRO.EXE
O4 - HKLM\..\Run: [0 44}5]C:\Program Files\ISTsvc\istsvc.exe] C:\ISPRO.EXE
O4 - HKLM\..\Run: [0+]m*aiC:\Program Files\ISTsvc\istsvc.exe] C:\ISPRO.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: ScanButton 2.1.lnk = C:\Program Files\ScanButton 2.1\ScanButton.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EDDEFINE.HTM
O8 - Extra context menu item: QuickTranslate - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EDTRANS.HTM
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\SURFBAR.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {86A889A6-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics VRML Automation Driver v3.0) - http://www.parallelgraphics.com/bin/cortauto.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\AS_AIPP.DLL
O18 - Protocol: sspng - {1E8068DE-05AD-11D4-ACC8-EF447469245E} - D:\PROGRAM FILES\INTERNET RESEARCHER\SSPNG.DLL

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:34 AM

Posted 03 February 2005 - 12:16 AM

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

And press enter. Look for any keys named the following and if found delete them by right clicking on them and then selecting delete.

0+]m*aigY
0 44}5]C:\Program Files\ISTsvc\istsvc.exe
0+]m*aiC:\Program Files\ISTsvc\istsvc.exe


Do either of these two programs seem familiar to you? If not fix them in hijackthis:

O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\AS_AIPP.DLL
O18 - Protocol: sspng - {1E8068DE-05AD-11D4-ACC8-EF447469245E} - D:\PROGRAM FILES\INTERNET RESEARCHER\SSPNG.DLL


As for the dialer entry, you can just delete that phonebook entry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users