Hi Yesterday I downloaded a series of trial dvd authoring software (TMPGEnc, Ulead, and others) and today Ad-aware found 135 critical new objects! Previously I had had none for a couple months. I've removed all except for something called ISTBar. Ad-aware found Regkey and Regvalue. I ran something called FxIstbar but it came back saying it couldn't find it on my pc. Please help, if anyone knows how to remove it I'd appreciate a step by step guide (I guess I have to put the pc into safe mode and back it up). Has anyone had any experience with this spyware?
I have ad aware SE. However, although it removes Istbar regkey and istbar regvalue, they are back again after next start up. Also ran a2 (A square) which removed 10 malware items linked to Istbar but then ran adaware and same two reg items appeared. Is there a manual way to remove Istbar?
check msconfig/startup & programs/startup to see if istbar there. also run in safe mode to run programs to delete spyware
I ran Hijack This and here is the log - can anyone see anything there that I need to remove? Logfile of HijackThis v1.99.0 Scan saved at 22:03:03, on 13/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE F:\AVAST4~1\ashDisp.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MZL & Novatech TrafficStatistic\bin\gui\TrafficStatisticGUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\a2\a2guard.exe F:\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe F:\Canopus 2\Procoder2.exe F:\Avast 4\aswUpdSv.exe F:\Avast 4\ashServ.exe F:\Kerio Personal Firewall\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MZL & Novatech TrafficStatistic\bin\http_server\HTTP_Srv.exe C:\Program Files\MZL & Novatech TrafficStatistic\bin\cpm\RunCPM.exe C:\WINDOWS\system32\wdfmgr.exe F:\Kerio Personal Firewall\Personal Firewall 4\kpf4gui.exe C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe F:\Kerio Personal Firewall\Personal Firewall 4\kpf4gui.exe F:\Avast 4\ashMaiSv.exe C:\WINDOWS\System32\alg.exe F:\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\ht.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...k/*http://uk.docs.yahoo.com/info/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] F:\AVAST4~1\ashDisp.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrafficStatisticGUI] "C:\Program Files\MZL & Novatech TrafficStatistic\bin\gui\TrafficStatisticGUI.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [80DW] C:\WINDOWS\qxkalmv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - Global Startup: Acrobat Assistant.lnk = F:\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O23 - Service: avast! iAVS4 Control Service - Unknown - F:\Avast 4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown - F:\Avast 4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Avast 4\ashMaiSv.exe O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - F:\Kerio Personal Firewall\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing) O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrafficStatistic HTTPSrv Service - MZL & Novatech - C:\Program Files\MZL & Novatech TrafficStatistic\bin\http_server\HTTP_Srv.exe O23 - Service: TrafficStatistic RunCPM Service - MZL & Novatech - C:\Program Files\MZL & Novatech TrafficStatistic\bin\cpm\RunCPM.exe
@ denis2 if your running Windows XP, you can do system restore, to a few days before you downloaded it..... also a installed personal firewall might stop you from getting that some of those, you get while surfing a lot, and are hard as hell, to delete sometimes even ADD/REMOVE PROGRAMS will not even work. the worst is those damn PORNO-SITES they put shit in your computer you didn't even know about good day..................