Home > Hjt Log > HJT Log - ISTBar

HJT Log - ISTBar

Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts Help! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Spyware nasdaq Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ] [ Housecall online virus scan ] [ Bitdefender online virus scan ] [ AVG antivirus ] Join the community here.

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft ok..so i just got another virus..trojan horse lop.ds. Please don`t post your own virus/spyware problems in this thread. Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet

AdAware How To. Click Properties. Do not run it just yet.Download CWShredder.exe CoolWebSearch removal tool fromhttp://www.spywarein.../CWShredder.exePlace the download file in it's own folder. <- Just install the program. what do I need to get rid of??

When the window appears maximise it. Regards Jason Dec 2, 2007 #12 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab Thanks again, Kerry P.S.

Click here to Register a free account now! Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. And I can even find new malware files in C:\Program Files that the system will not allow me to remove. HJT Log - Jesse O'Brien Started by Jesse O'Brien , Dec 01 2004 05:18 AM Please log in to reply 1 reply to this topic #1 Jesse O'Brien Jesse O'Brien Members

When I click on the icon for the perm. You may have to register before you can post: click the register link above to proceed. C'mon guys!!! here they are Nov 20, 2007 #7 howard_hopkinso TS Rookie Posts: 24,177 +19 Download and run this Symantec/Norton removal tool.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus Regards Howard :wave: :wave: This thread is for the use of brendada only. Join our site today to ask your question. Close HJT.

Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? If we have ever helped you in the past, please consider helping us. BLEEPINGCOMPUTER NEEDS YOUR HELP! Turn ON System Restore.

Regards Howard This thread is for the use of brendada only. Below is my Hijackthis log-Logfile of HijackThis v1.99.0Scan saved at 00:29:57, on 14/01/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Vet\isafe.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\AGRSMMSG.exeC:\Vet\VetTray.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXEC:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\jcxfb.exeC:\Vet\VetMsg.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~2.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor Loading...

Can someone help me remove these? Double click on the following services(if there) and select stop if they are running. Ask a question and give support.

Nov 21, 2007 #10 martinr TS Rookie re JS/downloader agent Like so many others AVG has discovered this virus on my computer.

so my AVG popped up 2 times now informing me that I caught the JS/Downloader.Agent. Please don`t post your own virus/spyware problems in this thread. Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). Turn OFF System Restore.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Using the site is easy and fun. istbar Object Recognized!

please help me!Logfile of HijackThis v1.98.2Scan saved at 10:46:46 p.m., on 1/12/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v5.50 (5.50.4134.0600)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\MMGR32.EXEC:\PROGRAM FILES\FORWARD\VERSATO\VERSATO.EXEC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXEC:\PROGRAM FILES\FORWARD\VERSATO\MEPLAYER.EXEC:\PROGRAM FILES\FORWARD\VERSATO\OSD.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\INTERNET file version (HijackThis_sfx) I get the winzip self extractor window. Login now. It is constantly downloading & uploading "something"?

C:\Program Files\Viewpoint C:\windows\downloaded program files\popcaploader.dll Click start/run and type regedit into the run box and press the enter key. Please re-enable javascript to access full functionality. Please don`t post your own virus/spyware problems in this thread. Check Turn off System Restore.

You may also... You can delete it right from the search results window.DIRECTORY CONTENTS (But not the directory)%windir%\Temp\%temp%\%userprofile%\Local Settings\Temp\C:\Documents and Settings\\Local Settings\Temporary Internet Files\C:\Documents and Settings\\Local Settings\Temp\Click on You can re enable it after you are clean. Follow all the instructions exactly.

Logfile of HijackThis v1.99.1 Scan saved at 7:47:32 AM, on 2/27/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Reboot into normal mode and rehide your protected OS files.