Browser Hijack?

**Stripe** · July 23rd, 2003, 18:14 PM

You can also use a program BHO Demon. It tells you what Browser Helper Objects (BHO) are installed. BHO's are the typical cause of Browser Hijacks.

You can get the application here.

**Ken Moore** · July 23rd, 2003, 21:36 PM

OK, this seems to have spawned a lot of other issues but my original hijack issue seems to have been resolved. By the careful use of "HijackThis" it looks like the main culprit was something called IstSVC.

One thing I have discovered, however, is that whilst there are a great many such programs around - those that protect you from such nasties, those that detect that you've got them and so forth, it seems that the best protection is *as much as you can get*!!!

There's so much out there trying to get at your machine that the more protection you've got the better!

**Reverend** · July 24th, 2003, 11:49 AM

off topic:
can someone post a reply in this thread,i need to test something out.

Thanks.

**Conan** · July 24th, 2003, 11:58 AM

Reply.

**Reverend** · July 24th, 2003, 12:17 PM

Thanks Barb.

Testing finished.

**hao2lian** · July 27th, 2003, 16:14 PM

Originally posted by efc
Also consider trying Mozilla. It has easy to configure tools to block the material that is giving you problems.

www.mozilla.org

Shameless ad: Or Mozilla Firebird, if you want a standalone browser.

**drrivky** · December 10th, 2005, 21:05 PM

i downloaded the HijackTHIS onto my computer and this was the results, what should i delete?
Logfile of HijackThis v1.99.1
Scan saved at 3:58:48 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\הפוך על הפוך\Hebrew.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Software602\Print2PDF\PrnPack.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\euqtvd.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Zhfh\Mhqac.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rivka Goldfarb.GOLDFARB\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://office.microsoft.com/clipart/....aspx?lc=en-us
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\???? ?? ????\Hebrew.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Software602\Print2PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [LhGGdZRaJ] C:\WINDOWS\euqtvd.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Lh$vשץš/‚²‘ֶfֿNb‰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\euqtvd.exe
O4 - HKLM\..\Run: [Fcixkf] c:\Program Files\Zhfh\Mhqac.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members7.clubphoto.com/_img/u...l_uploader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012bd095...p/RdxIE601.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.clarkcolor.com/ClarkUpload.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fujiprintnet.co.il/online...eUploader3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

**rik** · December 10th, 2005, 21:19 PM

Well at first glance the Internet Optimizer should go as well as istsvc.exe which is "an advertising program by Integrated Search Technologies. This process monitors your browsing habits and distributes the data back to the author's servers for analyses. This also prompts advertising popups. This program is a registered security risk and should be removed immediately." Description courtesy of http://www.liutilities.com/products/...ibrary/istsvc/

But, exactly what problems are you having?

**drrivky** · December 11th, 2005, 08:28 AM

past week i started getting pop-ups. if i leave the computer "unattended" for a short while i start getting problems such as
a. MSEPSVCS.EXE application error
b. the instruction at "0X00320676" reference memory at "0X0000003C" the memory could not be "read". click to terminate the program/click cacel to debug the program.
c. insufficien system resorces exist to complete the requested service.
d. istsvcwnd (ending program)
optimize.exde encountered a program
e. msepsvcs. exe has encountered a problem
f. fcatmfd.exe application error dll initialization failed
g. internet explorer encountered a problem and needs to close
h. condition #5022-units-1782

all or some of these problems happend and i need to restart my computer all the time.

**rik** · December 11th, 2005, 15:41 PM

ok, well remove those 2 I mentioned in the first post, and see what happens after rebooting.

**drrivky** · December 11th, 2005, 15:50 PM

thank you so far things are ok.

**rik** · December 11th, 2005, 16:10 PM

Please let us know how it goes and...

Welcome to Techzonez.

**drrivky** · December 13th, 2005, 19:19 PM

the computer is working ok. thanx. microsoft internet explorer is working really slow and even though i blocked all popups i am still getting a pop[up from http://ad.yieldmanager.com. i restricted the site in the internet options, but it doesnt seem to hlep.
any ideas???

**Ken Moore** · December 13th, 2005, 22:29 PM

1. Try searching out and running CWShredder - it could be you've got one of the many variants of CoolWebSearch infecting your machine.

2. Switch to another browser - Firefox is currently the favoured alternative but the latest incarnation of Opera could well challenge it.