HJT log for istsvc
saldoll
Leiden, Netherlands
Hello!
I have been trying lately to remove all adware and spyware from my computer and therefor I ran both Adaware and Spybot on it, just before I got myself a nice account in this very nice forum. I would really like you to help me. I ran both Adaware and Spybot this day on my computer and both fail to remove istsvc from my registry or wherever alse it has hid. So I also alraedy took the liberty to run Hijack This on my computer as you will see below. I'm sure you have heard from the program istsvc before, but it's a very annoying spyware, toolbar installing, pop-ups and search assistant installing program for as for as I know. I would like to thank you very much beforehand and I'll hope you can help me with this problem!!
Best regards,
Heleen Palmen
Logfile of HijackThis v1.97.7
Scan saved at 22:11:10, on 2005/01/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\stsyo.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 908-948\BridgeMon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Heleen\Heleen's Documents\My Documents\plugins\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{262CF15F-287A-4D26-8EAF-3B28BF7F018F}_UserSetup] C:\PROGRA~1\SHARP\PAGEDE~1\UserInit.exe
O4 - HKLM\..\Run: [DialApp] C:\Program Files\SHARP\mt\3.1\bin\DialMng.exe
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\o.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
i:\WINDOWS\stsyoC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\stsyo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$syo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C>糎INDOWS\a釚aaァC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy叛シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy徴シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\stsy坪9XC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\a$sy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\{osy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\a$a$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SHARP ぺたっ!翻訳 - res://C:\Program Files\Sharp\PowerEJ\BIN\QuickTrans.ocx/234
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.spacetown.ne.jp/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=bd4dc1a030558cb15676455d30dda3c8406bf95e8c476681ff00c94299864d60177f5a4353373436dc4b5159b29815782c46dddff5a7f47569f6dd2cbec2d3:6c5440ccd3b0bd9cb5fcddba6ee2da02
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1096908741416
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7C2C0732-EAB8-4C1B-A34E-2D2D47962FB3} (AVInst Control) - http://avforce.com/ocx/avforce_f.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38264.3752314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
I have been trying lately to remove all adware and spyware from my computer and therefor I ran both Adaware and Spybot on it, just before I got myself a nice account in this very nice forum. I would really like you to help me. I ran both Adaware and Spybot this day on my computer and both fail to remove istsvc from my registry or wherever alse it has hid. So I also alraedy took the liberty to run Hijack This on my computer as you will see below. I'm sure you have heard from the program istsvc before, but it's a very annoying spyware, toolbar installing, pop-ups and search assistant installing program for as for as I know. I would like to thank you very much beforehand and I'll hope you can help me with this problem!!
Best regards,
Heleen Palmen
Logfile of HijackThis v1.97.7
Scan saved at 22:11:10, on 2005/01/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\stsyo.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 908-948\BridgeMon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Heleen\Heleen's Documents\My Documents\plugins\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{262CF15F-287A-4D26-8EAF-3B28BF7F018F}_UserSetup] C:\PROGRA~1\SHARP\PAGEDE~1\UserInit.exe
O4 - HKLM\..\Run: [DialApp] C:\Program Files\SHARP\mt\3.1\bin\DialMng.exe
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\o.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
i:\WINDOWS\stsyoC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\stsyo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$syo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C>糎INDOWS\a釚aaァC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy叛シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy徴シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\stsy坪9XC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\a$sy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\{osy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\a$a$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SHARP ぺたっ!翻訳 - res://C:\Program Files\Sharp\PowerEJ\BIN\QuickTrans.ocx/234
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.spacetown.ne.jp/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=bd4dc1a030558cb15676455d30dda3c8406bf95e8c476681ff00c94299864d60177f5a4353373436dc4b5159b29815782c46dddff5a7f47569f6dd2cbec2d3:6c5440ccd3b0bd9cb5fcddba6ee2da02
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1096908741416
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7C2C0732-EAB8-4C1B-A34E-2D2D47962FB3} (AVInst Control) - http://avforce.com/ocx/avforce_f.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38264.3752314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
0
Comments
I see now that there are some misspelled characters in the log, I hope you can figure them out. The reason for this is that my computer is a Japanese computer with a Japanese Windows running on it. I hope this is not too complicated for you, otherwise I'll have to figure out another way to fix my problems. Thank you very much already!
Best regards,
Heleen Palmen
http://securityresponse.symantec.com/avcenter/FxIstbar.exe
You are using a badly outdated version of Hijackthis.
Please download the most current version of Hijackthis and post a new hijackthis log.
http://downloads.subratam.org/hijackthis.zip
The first tool the FxIstbar of Symantec Tools, I ran that tool already on my computer, when I found out that Adaware was unable to remove the program file. But still the istsvc program is on my computer. Shall I make a new Hijack This log for you or should I run the FxIstbar removal tool again before I make the log?
Best regards,
Heleen Palmen
Thank you for your help and hopefully you can help me again please!!
thanks, I wouldn't know what to do without you!!
Best regards,
Heleen Palmen
Here it is!
Logfile of HijackThis v1.99.0
Scan saved at 12:57:16, on 2005/01/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\stsyo.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SAGEM\SAGEM F@st 908-948\BridgeMon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HELEEN~1\LOCALS~1\Temp\Rar$EX00.864\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{262CF15F-287A-4D26-8EAF-3B28BF7F018F}_UserSetup] C:\PROGRA~1\SHARP\PAGEDE~1\UserInit.exe
O4 - HKLM\..\Run: [DialApp] C:\Program Files\SHARP\mt\3.1\bin\DialMng.exe
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\o.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
i:\WINDOWS\stsyoC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\stsyo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$syo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C>糎INDOWS\a釚aaァC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy叛シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy徴シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\stsy坪9XC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\a$sy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\{osy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\a$a$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\oロexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\oロenuC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SHARP ぺたっ!翻訳 - res://C:\Program Files\Sharp\PowerEJ\BIN\QuickTrans.ocx/234
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.spacetown.ne.jp/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=bd4dc1a030558cb15676455d30dda3c8406bf95e8c476681ff00c94299864d60177f5a4353373436dc4b5159b29815782c46dddff5a7f47569f6dd2cbec2d3:6c5440ccd3b0bd9cb5fcddba6ee2da02
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7C2C0732-EAB8-4C1B-A34E-2D2D47962FB3} (AVInst Control) - http://avforce.com/ocx/avforce_f.ocx
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Show hidden files
http://www.short-media.com/forum/showpost.php?p=172588&postcount=3
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\o.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [-
i:\WINDOWS\stsyoC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\stsyo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$syo.exeC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C>糎INDOWS\a釚aaァC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy叛シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [C:\WP魯OWS\stsy徴シXC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\stsy坪9XC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\a$sy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WP魯OWS\{osy坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$坪\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\{oa$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾W>船OWS\a$a$爿\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\oロexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\oロenuC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...cd dba6ee2da02
Reboot your computer into Safe Mode
Then delete these files or directories (Do not be concerned if they do not exist):
C:\PROGRA~1\SEARCH~1
C:\Program Files\Windows ControlAd
C:\Program Files\ISTsvc
C:\WINDOWS\stsyo.exe
Reboot and post a new hijackthis log.
Thanks for all your help with all of it. I did what you asked me to do, I checked it 3 times and this is the new HijackThis-log. I am afraid though that I saw two lines that I didn't like in there: Windows ControlAd and ISTSVC.
Should I do the same again, or....??? Thanks again beforehand!
Best regards,
Heleen Palmen
This is the log I was talking about, sorry I didn't send it...
Best regards,
Heleen Palmen
This is the one I ran just now, the other was just after I did the things you advised me to do. I hope you can fill me in about the results!!
Thanks!
Best regards,
Heleen Palmen
Hmm, very strange the log didn't show the last two times, I'm pretty sure I did send it. But well, I'll try it again now. Hopefully it works this time!
Best regards,
Heleen Palmen
Logfile of HijackThis v1.99.0
Scan saved at 11:09:33, on 2005/01/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 908-948\BridgeMon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{262CF15F-287A-4D26-8EAF-3B28BF7F018F}_UserSetup] C:\PROGRA~1\SHARP\PAGEDE~1\UserInit.exe
O4 - HKLM\..\Run: [DialApp] C:\Program Files\SHARP\mt\3.1\bin\DialMng.exe
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\oロenuC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SHARP ぺたっ!翻訳 - res://C:\Program Files\Sharp\PowerEJ\BIN\QuickTrans.ocx/234
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.spacetown.ne.jp/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7C2C0732-EAB8-4C1B-A34E-2D2D47962FB3} (AVInst Control) - http://avforce.com/ocx/avforce_f.ocx
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [>曾WINDOWS\oロ\oロenuC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\stsyo.exe
Delete these files/folders:
C:\WINDOWS\stsyo.exe
C:\Program Files\ISTsvc
C:\Program Files\Windows ControlAd
Reboot and post a new hijackthis log.
So, well, hopefully this is the last time I will bother you, well... there's still a problem with my parents' computer so maybe we'll talk again later!
In my humble view I guess this log looks good, even though I had one more question: I found two *.pf files in C:\WINDOWS\Prefetch of stsyo.exe~(numbers) and istsvc or controlad, I forgot. Does it matter if they stay there and should I get you more information or is it OK like this and will my computer run as nice as it used to do? But.. thanks a lot!! It's so great at least some people can help me with all these crazy spyware things on my computer!!!
Thanks and best regards,
Heleen Palmen
Logfile of HijackThis v1.99.0
Scan saved at 0:44:40, on 2005/01/20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 908-948\BridgeMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Hijack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{262CF15F-287A-4D26-8EAF-3B28BF7F018F}_UserSetup] C:\PROGRA~1\SHARP\PAGEDE~1\UserInit.exe
O4 - HKLM\..\Run: [DialApp] C:\Program Files\SHARP\mt\3.1\bin\DialMng.exe
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ja\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SHARP ぺたっ!翻訳 - res://C:\Program Files\Sharp\PowerEJ\BIN\QuickTrans.ocx/234
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.spacetown.ne.jp/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7C2C0732-EAB8-4C1B-A34E-2D2D47962FB3} (AVInst Control) - http://avforce.com/ocx/avforce_f.ocx
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Delete temp files
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.
Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the Recycle Bin.
Your log is clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Renable system restore with instructions from tutorial above
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Thanks for helping me clean up my nice mess!! But before I want to delete all my system restore points there's another problem I have to face: I have one harddisk on my computer which has been divided into a C-drive and a D-drive by a friend of mine. That is, because one has a Japanese version of Windows (I bought my laptop in Japan, and I'm a student of Japanese language and culture)(so I do understand most of it) and the other drive (D-drive) has the English version of Windows XP running on it as that is easier than the Japanese one of course. So, well, the problem with my computer started within the English Windows running and it has come this far that when I try to log on (while I had turned logging on, off: one didn't need to log on before entering Windows), so when it asks you to log on and you click on either one of the users, it logs on and logs you off immediately afterwards, before even getting to see something of a desktop. The same thing happens when you try to enter the Safe Mode. I just saw in the Program Files folder of the D-drive, there's not only ISTSVC but also Webrebates, Internet Optimizer, Windows AdControl if no more. But being unable to access in any way the D-drive I cannot do anything. But, if you (or someone else) could be so kind to help me fix that, I would love to delete all system restore points, but to my knowledge that might be the only possibility to get back into this English version of Windows on the D-drive. If not, I will delete those files immediately. But well, anyway, if you could maybe give me any hint on whatsoever I would be very delighted
But anyways, thanks for all the help so far!!!!!
The C-drive works perfectly!! Oh, one more question: what do you think about ZoneAlarm (security center)? I'm not very fond of Norton as it didn't find anything harmful on the other drive and Panda launches the blue screen of death. Well, thanks anyways!!!! You're the best!!!
Best regards,
Heleen Palmen
http://www.short-media.com/forum/forumdisplay.php?f=8
Someone there should be able to help you. Once you can get booted up, come back to this forum and post a hijackthis log in a new thread. If you want my help specifically just send me a private message so I know when you're ready.
I've not heard enough about Zone Alarm suite to recommend it or not. But I strongly agree with your decision to replace Norton.
Good luck!