Hello, I need help with the ISTsvc trojan which is just complete poo! I read a forum on it here and ran a HijackThis scan... Here it is: Logfile of HijackThis v1.97.7 Scan saved at 5:15:31 PM, on 28/11/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Bargain Buddy\bin\bargains.exe C:\WINDOWS\System32\RUNDLL32.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\John\My Documents\Virus Stoppers\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=106745 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=106745 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=106745 R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: 212.33.69.3 js1.hitbox.com O1 - Hosts: 212.33.69.3 stats.hitbox.com O1 - Hosts: 212.33.69.3 pagead2.googlesyndication.com O1 - Hosts: 212.33.69.3 m1.nedstatbasic.net O2 - BHO: (no name) - {024DE5EB-3649-445E-8D57-C09A9A33D479} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23BC1CCF-4BE7-497F-B154-6ADA68425FBB} - C:\WINDOWS\System32\expext.dll O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-010002000012} - C:\PROGRA~1\COFFEE~1\POPUPB~1\CCPOPB~1.DLL O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Internet Explorer Updater] C:\WINDOWS\system32\lexbac.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - Startup: CoffeeCup Popup Blocker.lnk = C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe O4 - Startup: Tahni DeskMate.LNK = C:\Program Files\DeskMates\Tahni\Tahni.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: NeoTrace It! (HKCU) O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50023/QDow.cab O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/ActiveXInstallers/Installer/nCaseInstaller.cab O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.mp3s4free.net/Searchmp3s.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37886.062962963 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.climaxbucks.com/mt/dialers/fc/UniDist.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAEA08-F6E6-46DC-B11C-FF81C05C0545}: NameServer = 203.109.128.2 203.109.250.50 Could someone PLEASE help me by going through the scan and telling me which ones i need to delete/fix... My exam is in a week and my material is on my PC. Thanks heaps... Kingy.

Download and run SpyBot, fix everything in red. http://tomcoyote.org/SPYBOT/ also run cwshredder, whatever version works for you; cwshreddder.zip cwshredder.exe a site where you have more log readers. Spyware and Hijackware Removal Support Good luck Abnormal