avast scan says Win32:Istbar-ap & others. Im so lost!! HELP!!

On sunday I dl avast 4.7. Did scan for virus on Monday. During scan it said i had the trojen Win32:IstBar-ap. It suggested i put it in the chest. i tried and it said not enough room ot disk space. cant remember exact words. Not sure if I should continue the scan I followed link to get online. Was looking at list of viruses that avast could detect and fix but did not see this one. So I went to microsoft and ran there live onecare anti virus full scan. It came back with 125 problems and so many issues. I went all the way thru the scan and fix with this and it took care of alot. Hotbar, a porn dialer, Altnet, and a few others. It listed the trojen and and showed 1 part the troj. fixed but listed it further down the list. Ok I dont remember some of the things I have read or all the issues. It has been 3 days and I have 3 kids so alot goes on. One care said some files could not be cleaned or scanned. Gave reasons of files may be in use by a program and that I should close all and rerun. I did my best to close all and reran but still did not work. So I reran avast and and this time when avast said it detected the troj and tried to move to the chest it still said no. So i left it alone and continued scan. After all was done I tried to move all virus to chest as it suggested Some went ok but some say (total being 1260)they are password protected. These are in my System volume\restore followed by alot of #'s file. I read help file abit and looked at option to take care of them. If I can click repair it gives an error message and the others say delete is my only option. Should I do this. I closed out the log that was showing all 1260 prob. and have an event log opened now. Under warning it shows 8 things. is there a way to copy paste that log here or do I need to type it out. I am using windows xp home sp2. I feel the need to tell you that I scanned archive files. and in one care most of the issues were in temp. file. I had norton 2002 that my hubby put on my pc 3 or 4 yrs ago and after a year i could no longer update. so until now that was only virus protection I had. What info do u need. I have never been on any forum before so sorry if i do this wrong.

:slight_smile: Hi :

  Having 2 different antiVIRUS programs, even IF one is "disabled",
  is NOT recommended, since even "remnants" of the "old" will
 "conflict" with the "new" . What have you done to "remove" the
  Norton 2002 ? It needs to be COMPLETELY "Gone" for Avast to
  function at its best .

  And you should have more than an antiVIRUS program for protection;
  I recommend you use the Good & Free antiSPYWARE program called
  "AVG Antispyware" from www.ewido.net .

I used add remove to get rid of norton before i did the install on avast. when norton was running it was running to its fullest other then the update for virus. did add remove take it off completely. I do see 2 norton files in the file string for some of the issues found. I will try what you suggested. I dont think im typing this in the correct place to respond to you. Thanks

can i keep avast on pc when i use avg? what happens if im asked to restart pc? is it ok? How do i tell if norton is gone?

Hi daysi04,

Have you tried a boot time scan with avast!? (Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.)

You can safely ignore any detections in System Restore (for now), as they are not active; the same for any detections in locked or password protected files.

It sounds like you have some adware/spyware infections, so after the avast! scan, download, install and update all theses scanners and run scans:

a-Squared Free:

http://www.emsisoft.com/en/software/free/

Ad-Aware:

http://www.download.com/3000-2144-10045910.html

Spybot Search & Destroy:

http://www.safer-networking.org/en/download/index.html

When you’ve done that, create a clean System Restore point and then simply delete all previous infected System Restore points:

http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual

Then:

Deleting Restore Points

There are three known safe ways to delete restore points stored on your computer. These ways are described below:

Disk Cleanup - Launch the Disk Cleanup tool and then select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete

Wow! This is over whelming! I know nothing about all this stuff. Ill print before i leave forum and have my hubby help. He normally does all this but is working 65 hrs a week right now. Thanks

I started dl programs FreewheelinFrank suggested. I started with a-squared and decieded to dl and scan one than another. Was not sure I would have room on pc for all at the same time. I scanned with a-square and it shows atleast 15-20 trojens and backdoor, hackers,worms. I have no clue how to do this. Can I just wipe out windows xp reload it and start fresh or are they some how still gonna be there when I put windows back.

log to big

Copy it in sections and paste into different posts.

C:\Documents and Settings\Boobi\Cookies\boobi@bs.serving-sys[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@burstnet[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@casalemedia[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@clickbank[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@data.coremetrics[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@doubleclick[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@edge.ru4[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@fastclick[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@hitbox[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@media.adrevolver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@mediaplex[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@pro-market[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@questionmarket[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@realmedia[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@server.iad.liveperson[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@server.iad.liveperson[3].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@server.iad.liveperson[4].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@serving-sys[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@specificclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@stat.onestat[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@statse.webtrendslive[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@tradedoubler[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@trafficmp[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@tribalfusion[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@weborama[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@www.directnetadvertising[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@zedo[1].txt detected: Trace.TrackingCookie
C:\Downloads\Bej2Setup_TryGames-dm[1].exe detected: Adware.Win32.Trymedia.b
C:\WINDOWS\Downloaded Program Files\popcaploader.dll detected: Riskware.Downloader.Win32.PopCap.b
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll detected: Adware.WildTangent.b
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll detected: Adware.WildTangent.b
C:\WINDOWS\wt\wtvh.dll detected: Adware.WildTangent.b

Scanned

Files: 153471
Traces: 99932
Cookies: 243
Processes: 41

Found

Files: 5
Traces: 147
Cookies: 30
Processes: 0
Registry keys: 0

Scan end: 3/1/2007 12:57:25 PM
Scan time: 2:05:43 AM

From your a-squared report, you should remove all that infections.
I also recommend:

  1. Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

  2. Clean your temporary files. You can use the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run other trojan remover tool: a-squared and/or Free AVG Antispyware (trojan removers).

Trace.Registry.MyWaySpeedBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar → Id detected: Trace.Registry.MyWaySpeedBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar → Maximized detected: Trace.Registry.MyWaySpeedBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar → Visible detected: Trace.Registry.MyWaySpeedBar
Key: HKEY_LOCAL_MACHINE\software\myway detected: Trace.Registry.MyWaySpeedbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer → CacheDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer → CheckForConnection detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer → CurInstall detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer → Dir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer → pl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer → sr detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation → CODEBASE detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation → INF detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InstalledVersion → LastModified detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} → Installer detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} → SystemComponent detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → CurInstall detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → Dir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → pid detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → pl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → SettingsDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → sr detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar → un detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → ConfigDateStamp detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → CurInstall detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → Dir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → Id detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → pid detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → pl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant → sr detected: Trace.Registry.MyWebSearch Toolbar
Key: HKEY_CLASSES_ROOT\clsid{147a976e-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface{07b18eaa-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface{07b18eac-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface{3e1656ed-f60e-4597-b6aa-b6a58e171495} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid{147a976e-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface{07b18eaa-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface{07b18eac-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface{3e1656ed-f60e-4597-b6aa-b6a58e171495} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToolbar
Value: HKEY_CLASSES_ROOT\wuse.1 → wuse_id detected: Trace.Registry.PurityScan
Key: HKEY_CLASSES_ROOT\clsid{205ff73b-ca67-11d5-99dd-444553540013} detected: Trace.Registry.RegistryCleaner
Key: HKEY_CURRENT_USER\software\registry cleaner detected: Trace.Registry.RegistryCleaner
Key: HKEY_CURRENT_USER\software\softwareonline.com\soref{334cca36-c1f1-4649-8dae-a46e24911e1b} detected: Trace.Registry.RegistryCleaner
Key: HKEY_LOCAL_MACHINE\software\registry cleaner detected: Trace.Registry.RegistryCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{360E40AA-EE8B-4101-BA67-0CAD3F7A48DD}\DownloadInformation → CODEBASE detected: Trace.Registry.RiverBellPoker
Key: HKEY_CLASSES_ROOT\clsid{708be496-e202-497b-bc31-9cf47e3bf8d6} detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface{26e8361f-bce7-4f75-a347-98c88b418321} detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\handler\relatedlinks detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res detected: Trace.Registry.WebSearchToolbar
Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks → {8952a998-1e7e-4716-b23d-3dbe03910972} detected: Trace.Registry.WebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{26e8361f-bce7-4f75-a347-98c88b418322} detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CURRENT_USER\software\whenu detected: Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\wuse.1 detected: Trace.Registry.WhenUSearch
Value: HKEY_CLASSES_ROOT\wuse.1 → wuse_id detected: Trace.Registry.WhenUSearch
Key: HKEY_CLASSES_ROOT\clsid{86227d9c-0efe-4f8a-aa55-30386a3f5686} detected: Trace.Registry.YourSiteBar
C:\Documents and Settings\Boobi\Cookies\boobi@2o7[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Boobi\Cookies\boobi@advertising[2].txt detected: Trace.TrackingCookie

Wow… you’re deeply infected :o
Please, follow my earlier advices and get clean 8)

are u saying in quarantine to delete inected files. If so I dont know how to tell what ones are infected. There is processes and services ports auto runs and others. Under auto runs the files are not clear as to infected or clean. I am getting a response on a-squared now finally so they can help clear up whats what. I will down load other programs thanks.

I will, That was only half the log. Do u want me to post the rest for future ref.

Hi daysi04,

Put a check mark next to everything A-Squared found and click the Quarantine Selected Items button.

Prior to the boot scan Tech suggested scan with AVG AntiSpyware and SuperAntispyware

http://free.grisoft.com/doc/20/lng/us/tpl/v5

http://www.superantispyware.com/

Quarantine anything they find as well.

It won’t be necessary I think… just send the infected files to a-squared Quarantine.
Then, follow the other steps I’ve posted before.

ok now from the begining. I have the post thing figured out now

ok after i clean temp files with windows adv. care im to download avg and super anti spyware. Then quarantine any thing thy find. then do the boot scan.

Im not to delete any quarantine files from avg or sup anti spyware. Right?