Question on Registry

[Gerald Mak]

Im just wondering, for the Anti Spyware, is there a registry that's
installed "HKEY_LOCAL_MACHINE\software\microsoft\downloadmanager"?
Since I have a spyware product and it keeps detecting this as a IST Bar
(Hijacker) after when I installed Microsoft Anti Spyware Beta. Please reply!

The other spyware program I still have is PestPatrol

 

[AndyManchesta]

Hi Gerald

This probably is ISTbar's entries i know it does use it &
I do not have this entry in my registry and have MS
Antispy installed

Theres a GIANTCompany entry in

HKEY_LOCAL_MACHINE/Software/GiantCompany/Antispyware same
again in HKEY_CURRENT_USER

but no download manager entries except just for Adobe
which i have installed.

Theres alot of different malware that use the entry
\Microsoft\DownloadManager in the registry ranging from
Adware to Viruses but if a scanner is detecting ISTbar
then its saving you some time as you can just download
and run the istbar remover in safe mode then reset your
web settings.

Check your add/remove screen for ISTbar entries and
remove any found

MS AUpdate, MS Updates, XXXToolbar, ISTsvc or ISTBar.


Download Symantecs Removal Tool and run in safe mode
(reboot & keep tapping F8 then choose safe mode)

http://securityresponse.symantec.com/avcenter/FxIstbar.exe


To restore default settings in Internet Explorer

Click Start > Settings > Control Panel
Select Internet Options
Select the Programs tab
Click Reset Web Settings
Click OK
Exit Control Panel



Theres to many reg entries to go for this manually and
the fix tool works well in safe mode i will post the
entries and files though in case you do need to delete
any .




File names:

ISTsvc.exe
IstBar_DH.dll
ysbactivex.dll
sfbho.dll
sfexd001
sidefind.dll
istrecover[1].exe
istbar.dll
ysb.dll
istbarcm.dll
ISTactivex.dll
istdownload.exe
sidefind.exe
sfsetup.exe
sfbho.dll
cmctl.dll
juhpad.exe;
ysb_regular[1].cab
gjefpet.exe


File & Folder Locations:


C:\Program Files\ISTsvc\
C:\Program Files\SideFind\
C:\Program Files\YourSiteBar\

C:\Windows\System32\gjefpet.exe

C:\Windows\Downloaded Program Files\ysbactivex.dll


can drop numerous link files in these folder's :

C:\Documents and Settings\[Current User]\Fun & Games,

C:\Documents and Settings\[Current User]\Going Places,

C:\Documents and Settings\[Current User]\Living,

C:\Documents and Settings\[Current User]\Shop,

C:\Documents and Settings\[Current User]\Technology,



Reg Entries :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run

"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
"[5 random characters]" = "[path to adware]"



HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search


"SearchAssistant" = "[Web site on the couldnotfind.com
domain]"



Creates some of the following registry keys depending on
the variant:

HKEY_LOCAL_MACHINE\Software\ISTsvc
HKEY_LOCAL_MACHINE\Software\ISTbar
HKEY_LOCAL_MACHINE\Software\Sidefind
HKEY_LOCAL_MACHINE\Software\YourSiteBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Sidefind
HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\ISTbar
HKEY_CLASSES_ROOT\ISTbar.BarObj
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1
HKEY_CLASSES_ROOT\SideFind.Finder
HKEY_CLASSES_ROOT\SideFind.Finder.1
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\YSBactivex.Installer.1
HKEY_CLASSES_ROOT\YSBactivex.Installer
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_CLASSES_ROOT\ISTactivex.Installer
HKEY_CLASSES_ROOT\ISTactivex.Installer.1
HKEY_CLASSES_ROOT\ISTactivex.Installer.2
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
..1
HKEY_CLASSES_ROOT\ISTx.Installer
HKEY_CLASSES_ROOT\ISTx.Installer.2
HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-
A3021C6E7D52}
HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-
64C578C9EED7}
HKEY_CLASSES_ROOT\CLSID\{A3FDD654-A057-4971-9844-
4ED8E67DBBB8}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-
B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-
CF994BA2CEBE}
HKEY_CLASSES_ROOT\CLSID\{42F2C9BA-614F-47c0-B3E3-
ECFD34EED658}
HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-
30386A3F5686}
HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-
32F1B706892F}
HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-
0000E82C6C0D}
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-
96E83861CC5A}
HKEY_CLASSES_ROOT\CLSID\{7C559105-9ECF-42b8-B3F7-
832E75EDD959}
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-
319A1931887F}
HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-
275D16CFC5BD}
HKEY_CLASSES_ROOT\Interface\{339D8AFF-0B42-4260-AD82-
78CE605A9543}
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-
F7625246E245}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-
F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-
CBCA08CC9E8F}
HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-
4929FD104D43}
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-
92648BA4630F}
HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-
BB802C6DD7C1}
HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-
C3FFDA1E1FFE}
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-
2A3E6D15B4F8}
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-
CC1562021542}
HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-
34FCA89BA0DF}
HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-
FFC69FA20D1B}
HKEY_CLASSES_ROOT\TypeLib\{58634367-D62B-4C2C-86BE-
5AAC45CDB671}
HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-
7AAF1F8F3D1B}
HKEY_CLASSES_ROOT\TypeLib\{D0288A41-9855-4A9B-8316-
BABE243648DA}
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-
720DA496F514}
HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-
2B8195990CCA}
HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-
9AC771ABAAE6}
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-
3FCD5F526429}
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-
2DB3AD3FDF44}
HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-
0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explo
rer\Browser Helper Objects\{A3FDD654-A057-4971-9844-
4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\contentmatch.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-
832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\ModuleUsage\C:/WINDOWS/Downloaded Program
Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\ModuleUsage\C:/WINNT/Downloaded Program
Files/ISTactivex.dll


to redirect the start page and search pages it add these :

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main

"Bandrest" = "Never"
"Search Bar" = "[Web site on the couldnotfind.com domain]"
"Search Page" = "[Web site on the couldnotfind.com
domain]"
"Search Page_bak" = "[Web site on the microsoft.com
domain]"
"Start Page" = "[Web site on the slotch.com domain]"
"Start Page_bak" = "file:/ //C:/WINNT/Web/Start.htm"
"Use Search Assistant" = "no"


HKEY_LOCAl_MACHINE\Software\Microsoft\Internet
Explorer\Main

"Bandrest" = "Never"





Andy

 

[Gerald Mak]

No I don't have any "porn" or whatever on my laptop nor accessed any on this
computer.
After when I installed Microsoft Anti Spyware then the problem started.

Do you have any other suggestions before I uninstall it and see if that
works?

Hi Gerald

This probably is ISTbar's entries i know it does use it &
I do not have this entry in my registry and have MS
Antispy installed

Theres a GIANTCompany entry in

HKEY_LOCAL_MACHINE/Software/GiantCompany/Antispyware same
again in HKEY_CURRENT_USER

but no download manager entries except just for Adobe
which i have installed.

Theres alot of different malware that use the entry
\Microsoft\DownloadManager in the registry ranging from
Adware to Viruses but if a scanner is detecting ISTbar
then its saving you some time as you can just download
and run the istbar remover in safe mode then reset your
web settings.

Check your add/remove screen for ISTbar entries and
remove any found

MS AUpdate, MS Updates, XXXToolbar, ISTsvc or ISTBar.


Download Symantecs Removal Tool and run in safe mode
(reboot & keep tapping F8 then choose safe mode)

http://securityresponse.symantec.com/avcenter/FxIstbar.exe


To restore default settings in Internet Explorer

Click Start > Settings > Control Panel
Select Internet Options
Select the Programs tab
Click Reset Web Settings
Click OK
Exit Control Panel



Theres to many reg entries to go for this manually and
the fix tool works well in safe mode i will post the
entries and files though in case you do need to delete
any .




File names:

ISTsvc.exe
IstBar_DH.dll
ysbactivex.dll
sfbho.dll
sfexd001
sidefind.dll
istrecover[1].exe
istbar.dll
ysb.dll
istbarcm.dll
ISTactivex.dll
istdownload.exe
sidefind.exe
sfsetup.exe
sfbho.dll
cmctl.dll
juhpad.exe;
ysb_regular[1].cab
gjefpet.exe


File & Folder Locations:


C:\Program Files\ISTsvc\
C:\Program Files\SideFind\
C:\Program Files\YourSiteBar\

C:\Windows\System32\gjefpet.exe

C:\Windows\Downloaded Program Files\ysbactivex.dll


can drop numerous link files in these folder's :

C:\Documents and Settings\[Current User]\Fun & Games,

C:\Documents and Settings\[Current User]\Going Places,

C:\Documents and Settings\[Current User]\Living,

C:\Documents and Settings\[Current User]\Shop,

C:\Documents and Settings\[Current User]\Technology,



Reg Entries :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run

"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
"[5 random characters]" = "[path to adware]"



HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search


"SearchAssistant" = "[Web site on the couldnotfind.com
domain]"



Creates some of the following registry keys depending on
the variant:

HKEY_LOCAL_MACHINE\Software\ISTsvc
HKEY_LOCAL_MACHINE\Software\ISTbar
HKEY_LOCAL_MACHINE\Software\Sidefind
HKEY_LOCAL_MACHINE\Software\YourSiteBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Sidefind
HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\ISTbar
HKEY_CLASSES_ROOT\ISTbar.BarObj
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1
HKEY_CLASSES_ROOT\SideFind.Finder
HKEY_CLASSES_ROOT\SideFind.Finder.1
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\YSBactivex.Installer.1
HKEY_CLASSES_ROOT\YSBactivex.Installer
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_CLASSES_ROOT\ISTactivex.Installer
HKEY_CLASSES_ROOT\ISTactivex.Installer.1
HKEY_CLASSES_ROOT\ISTactivex.Installer.2
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
.1
HKEY_CLASSES_ROOT\ISTx.Installer
HKEY_CLASSES_ROOT\ISTx.Installer.2
HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-
A3021C6E7D52}
HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-
64C578C9EED7}
HKEY_CLASSES_ROOT\CLSID\{A3FDD654-A057-4971-9844-
4ED8E67DBBB8}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-
B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-
CF994BA2CEBE}
HKEY_CLASSES_ROOT\CLSID\{42F2C9BA-614F-47c0-B3E3-
ECFD34EED658}
HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-
30386A3F5686}
HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-
32F1B706892F}
HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-
0000E82C6C0D}
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-
96E83861CC5A}
HKEY_CLASSES_ROOT\CLSID\{7C559105-9ECF-42b8-B3F7-
832E75EDD959}
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-
319A1931887F}
HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-
275D16CFC5BD}
HKEY_CLASSES_ROOT\Interface\{339D8AFF-0B42-4260-AD82-
78CE605A9543}
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-
F7625246E245}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-
F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-
CBCA08CC9E8F}
HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-
4929FD104D43}
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-
92648BA4630F}
HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-
BB802C6DD7C1}
HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-
C3FFDA1E1FFE}
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-
2A3E6D15B4F8}
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-
CC1562021542}
HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-
34FCA89BA0DF}
HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-
FFC69FA20D1B}
HKEY_CLASSES_ROOT\TypeLib\{58634367-D62B-4C2C-86BE-
5AAC45CDB671}
HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-
7AAF1F8F3D1B}
HKEY_CLASSES_ROOT\TypeLib\{D0288A41-9855-4A9B-8316-
BABE243648DA}
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-
720DA496F514}
HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-
2B8195990CCA}
HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-
9AC771ABAAE6}
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-
3FCD5F526429}
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-
2DB3AD3FDF44}
HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-
0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explo
rer\Browser Helper Objects\{A3FDD654-A057-4971-9844-
4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\contentmatch.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-
832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\ModuleUsage\C:/WINDOWS/Downloaded Program
Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\ModuleUsage\C:/WINNT/Downloaded Program
Files/ISTactivex.dll


to redirect the start page and search pages it add these :

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main

"Bandrest" = "Never"
"Search Bar" = "[Web site on the couldnotfind.com domain]"
"Search Page" = "[Web site on the couldnotfind.com
domain]"
"Search Page_bak" = "[Web site on the microsoft.com
domain]"
"Start Page" = "[Web site on the slotch.com domain]"
"Start Page_bak" = "file:/ //C:/WINNT/Web/Start.htm"
"Use Search Assistant" = "no"


HKEY_LOCAl_MACHINE\Software\Microsoft\Internet
Explorer\Main

"Bandrest" = "Never"





Andy

 

[AndyManchesta]

I wasnt suggesting you have Porn on your pc, wasnt it you
who said you had istbar ?

Im just telling you its not connected to Microsoft
Antispyware

You have some malware on your pc which has created this
entry,theres too many that use it to list , have you
tried the ISTbar remover ? did it find anything ? have
you tried online virus scans ? have you tried running MS
Antispy in safe mode ?

If you have some problem with MS Antispy then you should
uninstall it and carry on using your other protection
products


Andy

 

[Gerald Mak]

Reason I suggest porn cause when I read the message seemed like it was all
XXX stuff related haha.
I tried the IST toolbar remover and it didn't seem to find anything when my
Pest Patrol picked up something.


What was kinda strange was the Log from the removal tool said the not
scanned part.
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
Adware.Istbar has not been found on your computer.

So was it not scanned? or Its just like that?


Thanks for the toolbar removal thing Andy

 

[AndyManchesta]

Hi Again Gerald,

The log results you posted just means that the removal
tool does not have access to the system restore
information which is stored on your pc as these are
protected by Windows,If ISTbar was active on your system
the removal tool would of found this ,

Does Pest Patrol give a file path to the infected file or
is it just showing this one registry value ?

This entry isnt exclusive to ISTbar as i mentioned it is
used by alot of malware,If the pest patrol scanner is
just showing the one reg entry as being connected to
ISTbar it could be wrong because if ISTbar was on your
system it would also show some ISTbar files,

I think you should run a online virus scanner to make
sure your system is clean also flush the system restore
to clear any previous points and start a new restore
point.

Goto start then right click my computer then goto
properties . Goto system restore and check the box 'turn
off system restore' then press apply .Reboot then follow
the above but this time uncheck the box 'turn off system
restore' then press apply this will clear any old point
and create a new one.


Then run a online virus scan at any of these sites :

Trend Micro

http://housecall.antivirus.com/

Panda

http://www.pandasoftware.com/activescan/

Bitdefender

http://www.bitdefender.com/scan/Msie/index.php

Symantecs Security Check & Virus scanner

http://security.symantec.com/default.asp?
productid=symhome&langid=ie&venid=sym


Reboot in between scans if you run more than one then try
your pest patrol scanner again and see if its still
detecting any problems.

I know Pest Patrol are a good company but i have seen
some of their support pages and sometimes when its needed
to unregister .dll files the pest patrol site gives
instructions how to unregister the .dll but misses a
essential part ( /u ) .Ive seen this many times on pest
patrols sites when instead of unregistering the .dll the
site gives incorrect info and it would mean you register
the .dll if you followed their advise .

I know this isnt connected to your problem but i was
suprised when i saw those errors on pest patrols pages as
it sort of defeats the object of removal when it tells
you to manually register the malicious .dll files.


Reset the system restore then Try a online virus scan and
some Antispy removers to make sure your system is clean


If you are still having prolems after this i will post
all the malware that use the reg entry you posted,But if
Antispy and Antivirus removers cannot find a problem it
may be a fault in Pest Patrol

Alternative AntiSpy Removers

Spybot Search & Destroy

http://fileforum.betanews.com/download/Spybot_Search_and_D
estroy/1043809773/1

Ad-Aware SE

http://www.download.com/3000-2144-10045910.html


Also use Ccleaner to remove all the temp & unused files
off your system

http://download.ccleaner.com/download120bin.asp

Run the issues part as well and clear any problems
detected.



Andy

 

[Gerald Mak]

Hi Again Gerald,

The log results you posted just means that the removal
tool does not have access to the system restore
information which is stored on your pc as these are
protected by Windows,If ISTbar was active on your system
the removal tool would of found this ,

Does Pest Patrol give a file path to the infected file or
is it just showing this one registry value ?

Just one Registry Value

This entry isnt exclusive to ISTbar as i mentioned it is
used by alot of malware,If the pest patrol scanner is
just showing the one reg entry as being connected to
ISTbar it could be wrong because if ISTbar was on your
system it would also show some ISTbar files,

Hmmmmm, it only shows up once (just one) in a while after I installed the
Windows Anti Spyseeper (WAS)

I think you should run a online virus scanner to make
sure your system is clean also flush the system restore
to clear any previous points and start a new restore
point.

Goto start then right click my computer then goto
properties . Goto system restore and check the box 'turn
off system restore' then press apply .Reboot then follow
the above but this time uncheck the box 'turn off system
restore' then press apply this will clear any old point
and create a new one.

Yes its already off.since a long time

Then run a online virus scan at any of these sites :

Trend Micro
http://housecall.antivirus.com/
Doesnt seem to good, I had someone sent me a virus since they're computer

were infected and hotmail uses this company and didnt even catch it until
the person told me before opening it.

Panda
http://www.pandasoftware.com/activescan/

A lot of downloading from this website

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php

Doesnt Work

Symantecs Security Check & Virus scanner

http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
This one caused my internet to be down for a while every time I scan through
there.

Reboot in between scans if you run more than one then try
your pest patrol scanner again and see if its still
detecting any problems.

I know Pest Patrol are a good company but i have seen
some of their support pages and sometimes when its needed
to unregister .dll files the pest patrol site gives
instructions how to unregister the .dll but misses a
essential part ( /u ) .Ive seen this many times on pest
patrols sites when instead of unregistering the .dll the
site gives incorrect info and it would mean you register
the .dll if you followed their advise .

I know this isnt connected to your problem but i was
suprised when i saw those errors on pest patrols pages as
it sort of defeats the object of removal when it tells
you to manually register the malicious .dll files.


Reset the system restore then Try a online virus scan and
some Antispy removers to make sure your system is clean


If you are still having prolems after this i will post
all the malware that use the reg entry you posted,But if
Antispy and Antivirus removers cannot find a problem it
may be a fault in Pest Patrol

Alrighty that would be great, thanks a lot

Alternative AntiSpy Removers

Spybot Search & Destroy

http://fileforum.betanews.com/download/Spybot_Search_and_Destroy/1043809773/1
I use to use this but not that effective

Ad-Aware SE
http://www.download.com/3000-2144-10045910.html

Not 24/7 protection hahaha

Also use Ccleaner to remove all the temp & unused files
off your system

http://download.ccleaner.com/download120bin.asp

I used this one and it cleaned out A LOT, I would highly recommend this one
since its easy to use and excellent!


Thanks for the website,

-Gerald