FIX ALL? after 1st malware scan- Safe to fix all?

[nextari]

Hi,
I'm trying to clean things up for an SSD install. (2nd drive on HP dv7t)
Is it safe to click 'FIX ALL' after doing a spybot scan?

Or should I just click on known malware? Scan results below.

Any further suggestions before doing a SSD install will be greatly appreciated.

Using Chrome, I was having 3 trojan horses appear (or be blocked?) by AVAST frequently but now they are not appearing. Maybe Hijackthis just got rid of them, not sure. I have not executed the Spybot 'Fix' yet.
I 'think' I just got rid of Snap.do, magic desktop, funmoods, maybe Wildtangent. but I have not restarted.

Thanks!

Search results from Spybot - Search & Destroy

12/1/2012 10:13:33 PM
Scan took 00:24:23.
39 items found.

Yontoo.Pagerage: [SBI $AFC40A75] Library (File, nothing done)
C:\Program Files (x86)\Yontoo\YontooIEClient.dll
Properties.size=194848
Properties.md5=EAE584FD3CDA98BEEEE80317C845E7BE
Properties.filedate=1323393099
Properties.filedatetext=2011-12-08 18:11:38

Yontoo.Pagerage: [SBI $5622446A] Program directory (Directory, nothing done)
C:\Program Files (x86)\Yontoo\
Directory.subfile=C:\Program Files (x86)\Yontoo\YontooIEClient.dll
Directory.subfile.size=194848
Directory.subfile.md5=EAE584FD3CDA98BEEEE80317C845E7BE
Directory.subfile.filedate=1323393099
Directory.subfile.filedatetext=2011-12-08 18:11:38

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\wave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5KS2PJC7\mail.google.com\wakeup.sol
Properties.size=37
Properties.md5=FAEBF828D6C5D158230E0778B228B291
Properties.filedate=1348900247
Properties.filedatetext=2012-09-28 23:30:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\wave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5KS2PJC7\s.nsdsvc.com\dropdowndeals.sol
Properties.size=182
Properties.md5=E1D706329E6B5644D0612C59506C0639
Properties.filedate=1354418147
Properties.filedatetext=2012-12-01 20:15:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\wave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5KS2PJC7\tbupdate.zugo.com\tbstore.sol
Properties.size=67
Properties.md5=CD5130715DFB729A3E52F8E0203FF5CC
Properties.filedate=1354077812
Properties.filedatetext=2012-11-27 21:43:32

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\wave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5KS2PJC7\skype.com\#ui\preferences.sol
Properties.size=234
Properties.md5=A3EABB33397088AB9782567E622EA491
Properties.filedate=1354317515
Properties.filedatetext=2012-11-30 16:18:35

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\wave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5KS2PJC7\partners.cltrda.com\flash\ga.swf\transCheck.sol
Properties.size=51
Properties.md5=AAFC0C1C4F409C952BA317EE52A189DE
Properties.filedate=1354077800
Properties.filedatetext=2012-11-27 21:43:19

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): wave) (Browser: Cookie, nothing done)


CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): wave) (Browser: Cookie, nothing done)


WebTrends live: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Statcounter: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1094289370-2260044910-3710719214-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (21) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (1124) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (285) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (243) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-01 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)

[nextari]

oddly, the site is not allowing me to edit the above post, but does allow here.

here is a screengrab of the scan results.
the checked ones I will 'fix' tonight.





http://spybotscan.yolasite.com/

[nextari]

This site will not let me edit my posts.

snap.do keeps opening with chrome no matter what I do.

Wildtangents will not go away. I tried downloading and uninstalling. I have not tried 'Wildtangents Uninstaller tool download'. I thought I saw a post saying it's malware.

Avast is telling me it's continually blocking 3 trojan horses, including
http://urlfilter.vmn.net/vmnsbf/data/121114080835-m.zip|1211...
It will not give me a report to print of them, nor the full addresses.

I was fine with AVG, then switched to Avast because I heard it was better, and now all these problems. System is running fine otherwise. Any recommendations?
Thanks!

Do I just go ahead with the SSD or get rid of this stuff first?

[nextari]

After posting above, I updated Spybot, restarted in safemode, nothing in red.

snap.do keeps opening with chrome. I removed it from settings, add-ons, & hijackthis. It only opens on chrome startup.

Wildtangents remains.

Trojan horses remain. Avast does not detect any of this.

Should I just go ahead with the SSD or get rid of this stuff first?

Thanks!

[tashi]

Hello nextari,

oddly, the site is not allowing me to edit the above post, but does allow here.

This site will not let me edit my posts.

"Can I edit my own posts?

1. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.
2. In the Malware Removal Forum, members may not edit their posts. A helper may already be analyzing the information given."

http://forums.spybot.info/showpost.p...36&postcount=6

Hi,
I'm trying to clean things up for an SSD install. (2nd drive on HP dv7t)
Is it safe to click 'FIX ALL' after doing a spybot scan?

Might want to wait for a detective to take a look at the flagged items.

Avast is telling me it's continually blocking 3 trojan horses

For someone to take a look at the system (if this is a personal computer), please start a topic in the Malware Removal Forum and a volunteer analyst will advise when available.

First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288

Best regards.

[nextari]

Thank you very much for your help Tashi!