Tech Support Forum - View Single Post

FALLOUTGOD · 04-20-2005, 06:23 PM

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:00:42 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Documents and Settings\falloutgod\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...73/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\falloutgod\Desktop\CWShredder.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

End of KRC HijackThis Analyzer Log.
====================================================================

Alright, I took care of the two things in HijackThis.
Scanned with that prog and it seems istbar just dosen't want to die.

File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\FALLOU~1\LOCALS~1\Temp\fkFDddF.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\FALLOU~1\LOCALS~1\TEMPOR~1\Content.IE5\IXI7S1IB\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\falloutgod\Local Settings\Temp\fkFDddF.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\falloutgod\Local Settings\Temporary Internet Files\Content.IE5\IXI7S1IB\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken.
File C:\Program Files\BitTorrent\uninstall.exe tagged as not-a-virus:RiskWare.Tool.Processor.1001. No Action Taken.
File C:\RECYCLER\S-1-5-21-1801674531-602162358-682003330-1003\Dc115.PATCH-oWNAGE\start.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1801674531-602162358-682003330-1003\Dc132.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1801674531-602162358-682003330-1003\Dc133.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{373A1A78-26C0-4C5B-B414-00249C4F515D}\RP23\A0003910.exe tagged as not-a-virus:RiskWare.Tool.Processor.1001. No Action Taken.

04-20-2005, 06:23 PM	#5 (permalink)
FALLOUTGOD Registered User Join Date: Mar 2005 Posts: 253 OS: MS Win Vista Ultimate SP1 x64	==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 7:00:42 PM, on 4/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\ABIT\ABIT uGuru\uGuru.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Documents and Settings\falloutgod\Desktop\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...73/mcfscan.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\falloutgod\Desktop\CWShredder.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe End of KRC HijackThis Analyzer Log. ==================================================================== Alright, I took care of the two things in HijackThis. Scanned with that prog and it seems istbar just dosen't want to die. File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\FALLOU~1\LOCALS~1\Temp\fkFDddF.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\FALLOU~1\LOCALS~1\TEMPOR~1\Content.IE5\IXI7S1IB\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\falloutgod\Local Settings\Temp\fkFDddF.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\falloutgod\Local Settings\Temporary Internet Files\Content.IE5\IXI7S1IB\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. File C:\Program Files\BitTorrent\uninstall.exe tagged as not-a-virus:RiskWare.Tool.Processor.1001. No Action Taken. File C:\RECYCLER\S-1-5-21-1801674531-602162358-682003330-1003\Dc115.PATCH-oWNAGE\start.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. File C:\RECYCLER\S-1-5-21-1801674531-602162358-682003330-1003\Dc132.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. File C:\RECYCLER\S-1-5-21-1801674531-602162358-682003330-1003\Dc133.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{373A1A78-26C0-4C5B-B414-00249C4F515D}\RP23\A0003910.exe tagged as not-a-virus:RiskWare.Tool.Processor.1001. No Action Taken. Last edited by FALLOUTGOD; 04-20-2005 at 06:37 PM.