Tech Support Forum banner
Cancel

Stupid Me please help

1161 Views 7 Replies 2 Participants Last post by  Aaflac
F
I downloaded a torrent and opened it before I scanned it. Now I keep getting popup up the yingyang about all sorts of spyware blockerand registry scans. I also get A notification about a Worm.win32.Netsky may be attackingmy computer. My computer has been going haywire since that one Stupid little mistake. Can some one please help my computer over its epidemic.I have done a alvira ant virus scan and an AVG spyware scan. and nothing really comes up just minor tracking cookies.

here is my DSS log if you want to look at that first.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-18 11:44:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:49 AM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: GNX Rolex - {E919A377-7B3B-4737-B6E1-38930F9B4256} - C:\WINDOWS\drnpfdxxsn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: etlrlws - {1AA3E3E1-2FAD-4FE8-B7F4-296597F3CC92} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O21 - SSODL: altvxvm - {1A08D3CE-4453-406A-8A9D-08E0C59D4288} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: bokpkov - {B32D9598-EC63-4041-9100-7F0BDBE1D3B3} - C:\WINDOWS\bokpkov.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6144 bytes

-- Files created between 2008-02-18 and 2008-03-18 -----------------------------

2008-03-18 09:59:35 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-18 09:57:31 0 d-------- C:\WINDOWS\LastGood
2008-03-18 09:28:01 0 d-------- C:\Program Files\Trend Micro
2008-03-17 16:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-17 04:20:59 98304 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-17 04:20:58 278528 --a------ C:\WINDOWS\drnpfdxxsn.dll
2008-03-17 04:20:58 217088 --a------ C:\WINDOWS\bokpkov.dll
2008-03-17 04:20:58 241664 --a------ C:\WINDOWS\altvxvm.dll
2008-03-14 22:23:45 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-03-14 19:42:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-14 19:35:33 0 d-------- C:\Program Files\VideoLAN
2008-03-14 19:21:51 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-14 19:21:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-14 18:20:53 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-03-14 18:17:19 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-09 17:04:10 0 d-------- C:\Program Files\Winamp
2008-03-08 17:59:08 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip
2008-03-08 17:59:05 12896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-08 17:58:50 0 d-------- C:\Program Files\Illustrate
2008-03-08 16:59:54 638976 --a------ C:\Program Files\coolplayer.exe
2008-03-08 06:24:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-08 06:23:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 03:44:39 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTyrant
2008-03-05 03:41:39 0 d-------- C:\Program Files\BitTyrant
2008-03-04 16:09:40 0 d-------- C:\Program Files\NCH Software
2008-03-01 23:47:26 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-01 23:45:08 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-01 23:45:08 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-03-01 22:40:50 0 d-------- C:\Program Files\Maxis
2008-03-01 22:31:43 122372241 --a------ C:\Program Files\Sound.dat
2008-03-01 22:30:51 115072687 --a------ C:\Program Files\SimCity_3.dat
2008-03-01 22:29:33 0 d-------- C:\Program Files\autorun
2008-03-01 22:29:32 0 d-------- C:\Program Files\UKEnglsh
2008-03-01 22:29:30 0 d-------- C:\Program Files\Swedish
2008-03-01 22:29:13 0 d-------- C:\Program Files\Support
2008-03-01 22:29:11 0 d-------- C:\Program Files\Spanish
2008-03-01 22:29:11 0 d-------- C:\Program Files\Sku_Data
2008-03-01 22:29:11 0 d-------- C:\Program Files\Regions
2008-03-01 22:29:10 0 d-------- C:\Program Files\ReadMe
2008-03-01 22:29:10 0 d-------- C:\Program Files\Radio
2008-03-01 22:29:08 0 d-------- C:\Program Files\Portgese
2008-03-01 22:29:06 0 d-------- C:\Program Files\Polish
2008-03-01 22:29:05 0 d-------- C:\Program Files\Plugins
2008-03-01 22:29:03 0 d-------- C:\Program Files\Norwgian
2008-03-01 22:29:01 0 d-------- C:\Program Files\Italian
2008-03-01 22:28:58 0 d-------- C:\Program Files\German
2008-03-01 22:28:56 0 d-------- C:\Program Files\French
2008-03-01 22:28:42 0 d-------- C:\Program Files\Fonts
2008-03-01 22:28:41 0 d-------- C:\Program Files\Finnish
2008-03-01 22:28:40 0 d-------- C:\Program Files\Dutch
2008-03-01 22:28:09 169268568 --a------ C:\Program Files\SimCity_2.dat
2008-03-01 22:28:08 0 d-------- C:\Program Files\DirectX
2008-03-01 22:28:07 0 d-------- C:\Program Files\Danish
2008-03-01 22:27:50 0 d-------- C:\Program Files\Apps
2008-03-01 22:27:49 102400 --a------ C:\Program Files\setup.exe <Not Verified; Electronic Arts Canada; Electronic Arts Canada Setup>
2008-03-01 22:27:24 286720 --a------ C:\Program Files\eauninstall.exe <Not Verified; Electronic Arts, Inc.; EA Uninstall>
2008-03-01 22:26:19 144547650 --a------ C:\Program Files\SimCity_1.dat
2008-03-01 22:26:18 12400 --a------ C:\Program Files\SECDRV.SYS <Not Verified; Macrovision Europe Ltd; Security Windows NT>
2008-03-01 22:26:17 147456 --a------ C:\Program Files\RunGame.exe <Not Verified; ; rungame Application>
2008-03-01 22:26:01 18242823 --a------ C:\Program Files\Intro.dat
2008-03-01 22:25:52 104090983 --a------ C:\Program Files\SimCity_5.dat
2008-03-01 22:25:06 61030094 --a------ C:\Program Files\EP1.dat
2008-03-01 22:25:04 41472 --a------ C:\Program Files\DRVMGT.DLL
2008-03-01 22:24:39 125574688 --a------ C:\Program Files\SimCity_4.dat
2008-03-01 22:24:39 700416 --a------ C:\Program Files\SC4_uninst.exe <Not Verified; Electronic Arts Inc.; SimCity 4 EP Uninstaller>
2008-03-01 22:24:39 1736704 --a------ C:\Program Files\AutoRunGUI.dll <Not Verified; ; AutoRunGUI_Deluxe Dynamic Link Library>
2008-03-01 22:24:38 561152 --a------ C:\Program Files\AutoRun.exe <Not Verified; Electronic Arts Inc.; Electronic Arts AutoRun>
2008-03-01 16:44:48 531 --a------ C:\WINDOWS\eReg.dat
2008-03-01 15:41:19 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-01 05:52:30 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-01 05:52:10 0 d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-03-01 01:42:34 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-03-01 01:42:32 0 d-------- C:\Program Files\MagicDisc
2008-03-01 01:33:23 0 d-a------ C:\Program Files\CD 2
2008-03-01 01:31:34 0 d-a------ C:\Program Files\CD 1
2008-03-01 01:31:02 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-02-27 19:17:36 0 d-------- C:\Program Files\FLAC
2008-02-25 04:27:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-25 04:25:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-02-24 19:12:31 0 d---s---- C:\Documents and Settings\Owner\UserData
2008-02-23 18:57:35 0 d-------- C:\Program Files\PeerGuardian2
2008-02-23 16:44:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-23 16:43:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-02-23 16:42:36 0 d-------- C:\Program Files\Azureus
2008-02-23 04:05:24 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-23 03:12:37 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-02-23 03:12:34 471300 --a------ C:\WINDOWS\wallpe.exe <Not Verified; ; wallpe>
2008-02-23 03:11:02 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-02-23 03:10:59 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-02-23 03:10:13 0 d-------- C:\Program Files\Avira
2008-02-23 03:10:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-23 03:09:21 0 d-------- C:\Program Files\Google
2008-02-23 03:09:06 18000 --a------ C:\WINDOWS\BigFixClientOverride.dll <Not Verified; BigFix, Inc.; BigFix>
2008-02-23 03:09:06 0 d-------- C:\Program Files\BigFix
2008-02-23 03:08:57 53248 --a------ C:\WINDOWS\system32\NeroCo.dll <Not Verified; Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]; Nero Burning Rom>
2008-02-23 03:08:32 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-23 03:08:31 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-23 03:08:31 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-02-23 03:08:31 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-02-23 03:08:30 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-23 03:08:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-23 03:08:27 0 d-------- C:\Program Files\Ahead
2008-02-23 03:08:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-23 03:07:20 0 d-------- C:\Program Files\Digital Media Reader
2008-02-23 03:07:16 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-23 03:07:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-23 03:07:12 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-02-23 03:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-23 03:07:05 0 d-------- C:\Program Files\AOL Companion
2008-02-23 03:07:02 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-02-23 03:07:02 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-02-23 03:07:02 118784 --a------ C:\WINDOWS\system32\Msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-02-23 03:07:02 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-02-23 03:07:00 0 d-------- C:\WINDOWS\occache
2008-02-23 03:07:00 0 d-------- C:\Program Files\Pure Networks
2008-02-23 03:07:00 0 d-------- C:\Program Files\Learn2.com
2008-02-23 03:06:59 0 d-------- C:\Program Files\Viewpoint
2008-02-23 03:06:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-23 03:05:04 0 d-------- C:\WINDOWS\system32\QuickTime
2008-02-23 03:05:04 0 d-------- C:\Program Files\QuickTime
2008-02-23 03:05:04 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-23 03:05:00 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-02-23 03:04:56 0 d-------- C:\My Music
2008-02-23 03:04:55 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-23 03:04:54 0 d-------- C:\Program Files\Real
2008-02-23 03:04:54 0 d-------- C:\Program Files\Common Files\Real
2008-02-23 03:04:41 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-02-23 03:04:41 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2008-02-23 03:04:41 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-02-23 03:04:24 0 d-------- C:\Program Files\Common Files\aolshare
2008-02-23 03:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-23 03:02:13 0 d-------- C:\Program Files\Common Files\AOL
2008-02-23 03:02:12 335 --a------ C:\WINDOWS\nsreg.dat
2008-02-23 03:02:07 212480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-02-23 03:02:07 37888 -ra------ C:\WINDOWS\system32\ochlp30e.dll <Not Verified; Microsoft Corporation; Microsoft Multimedia Controls>
2008-02-23 03:02:07 91136 -ra------ C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
2008-02-23 03:02:06 31744 -ra------ C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
2008-02-23 02:52:32 0 d-------- C:\Program Files\Symantec
2008-02-23 02:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-23 02:51:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-02-23 02:51:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-23 02:51:24 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-23 02:50:24 0 d-------- C:\Program Files\Common Files\New Boundary
2008-02-23 02:50:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-02-23 02:47:40 0 d-------- C:\Documents and Settings\Owner\Shared
2008-02-23 02:47:37 0 d-------- C:\Documents and Settings\Owner\Incomplete
2008-02-23 02:47:28 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2008-02-23 02:46:47 0 d-------- C:\Program Files\CONEXANT
2008-02-23 02:45:24 0 d--hs---- C:\System Volume Information
2008-02-23 02:36:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2008-02-23 02:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-23 02:36:38 0 d-------- C:\Program Files\COMODO
2008-02-23 02:26:50 0 d-------- C:\WINDOWS\Sun
2008-02-23 02:15:18 0 d-------- C:\Program Files\Java
2008-02-23 02:15:16 0 d-------- C:\Program Files\Common Files\Java
2008-02-23 02:15:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-02-23 02:14:34 0 d-------- C:\Program Files\FrostWire
2008-02-23 02:14:33 0 d-------- C:\Program Files\AskSBar
2008-02-23 02:04:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-02-23 02:03:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-02-23 01:32:10 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-02-23 01:32:05 0 d-------- C:\WINDOWS\creator
2008-02-23 01:31:58 0 d-------- C:\WINDOWS\SMINST
2008-02-23 01:31:32 0 dr------- C:\Program Files
2008-02-23 01:31:24 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-02-23 01:31:23 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-02-23 01:31:23 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-02-23 01:31:23 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-02-23 01:31:23 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-02-23 01:31:23 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2008-02-23 01:31:23 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-23 01:31:23 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-23 01:31:23 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-02-23 01:31:23 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-23 01:31:23 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-23 01:31:22 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-23 01:31:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-23 01:31:04 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-23 01:29:45 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-02-23 01:28:27 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-02-23 01:28:27 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-02-23 01:28:27 0 d-------- C:\Documents and Settings\Default User\Application Data\McAfee
2008-02-23 01:28:27 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-02-23 01:27:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-23 01:16:05 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-23 01:15:52 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-23 01:15:45 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-23 01:15:33 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-23 01:15:13 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-02-23 01:14:57 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-02-23 01:14:54 208896 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2008-02-23 01:14:54 139264 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2008-02-23 01:14:44 0 d-------- C:\Program Files\MSN Encarta Plus
2008-02-23 01:14:05 0 d-------- C:\Program Files\CyberLink


-- Find3M Report ---------------------------------------------------------------

2008-03-08 17:10:57 0 --a------ C:\Program Files\default.m3u
2008-03-08 17:10:57 1259 --a------ C:\Program Files\coolplayer.ini
2008-02-25 04:27:20 0 d-------- C:\Program Files\Common Files
2008-02-24 04:26:24 0 d-------- C:\Program Files\Messenger


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E919A377-7B3B-4737-B6E1-38930F9B4256}]
03/16/2008 11:18 PM 278528 --a------ C:\WINDOWS\drnpfdxxsn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/23/2008 02:14 AM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [02/23/2008 02:14 AM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [03/19/2004 05:17 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/23/2008 03:09 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 07:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [02/23/2008 02:36 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/23/2008 03:12 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/25/2008 04:26 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [04/01/2003 09:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 07:40 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 06:09 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"= {1A08D3CE-4453-406A-8A9D-08E0C59D4288} - C:\WINDOWS\altvxvm.dll [03/16/2008 11:18 PM 241664]
"bokpkov"= {B32D9598-EC63-4041-9100-7F0BDBE1D3B3} - C:\WINDOWS\bokpkov.dll [03/16/2008 11:18 PM 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll




-- End of Deckard's System Scanner: finished at 2008-03-18 11:47:52 ------------
See less See more
Save
Like
Status
Not open for further replies.
1 - 8 of 8 Posts
Aaflac
Please do the following:

First, disable the Spybot Search and Destroy TeaTimer, as it may interfere with the removal of malware.
  • Open Spybot Search & Destroy
  • In the Mode menu click Advanced Mode, if not already selected.
  • Select: Yes at the Warning prompt.
  • Expand the Tools menu.
  • Click: Resident
  • Uncheck the Resident TeaTimer (Protection of overall system settings) active.
  • In the File menu click Exit

Restart the computer!!

~~~~
Now, download SDFix
Save it to the Desktop
Right click SDFix.zip
Select: Extract All to extract it to its own folder​
Now, reboot to Safe Mode
  • Restart your computer.
  • When the machine starts, tap the F8 key before Windows starts
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
In Safe Mode, open the SDFix folder on the Desktop
  • Double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.
  • Press any key to restart the PC.
  • When the PC restarts the SDFix will run again and complete the removal process
  • It then displays Finished
  • Press any key to end the script and load the Desktop icons.
  • Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.

~~~~
Next, download ComboFix
Save to the Desktop <<< Important!!

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of the SDFix Report.txt, the ComboFix log , and the new HijackThis log in your reply.
See less See more
Save
Like
F
SDFix: Version 1.159

Run by Administrator on Thu 03/20/2008 at 01:40 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\Setup.exe - Deleted
C:\WINDOWS\rs.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 01:43:18
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:31,2b,8f,21,77,ce,4d,e5,e8,4c,b6,80,20,a9,b2,d5,92,21,b4,4a,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f6,71,30,db,1f,91,19,42,22,cd,05,34,a6,8a,4d,a5,f8,..
"khjeh"=hex:76,62,9b,72,d1,3f,d7,69,81,fd,68,8a,f0,48,b3,b8,9c,93,9c,5e,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9b,1b,df,5c,21,9f,75,0a,61,61,e7,ee,0f,09,dc,ac,e6,46,8a,ac,1a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:31,2b,8f,21,77,ce,4d,e5,e8,4c,b6,80,20,a9,b2,d5,92,21,b4,4a,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f6,71,30,db,1f,91,19,42,22,cd,05,34,a6,8a,4d,a5,f8,..
"khjeh"=hex:76,62,9b,72,d1,3f,d7,69,81,fd,68,8a,f0,48,b3,b8,9c,93,9c,5e,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9b,1b,df,5c,21,9f,75,0a,61,61,e7,ee,0f,09,dc,ac,e6,46,8a,ac,1a,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x3720\x21b\x3720\x21b\1"
"DeviceDesc"="\x3720\x21b\x3720\x21b\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x620"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"d:\i386\apps\app16164\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTyrant\\Azureus.exe"="C:\\Program Files\\BitTyrant\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

Remaining Files :


File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 14 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!



ComboFix 08-03-18.1 - Owner 2008-03-20 1:49:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.110 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-20 01:39 . 2008-03-20 01:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 02:03 . 2008-03-19 02:06 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-19 02:03 . 2008-03-19 02:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 00:16 . 2008-03-19 00:16 <DIR> d-------- C:\Program Files\Universal
2008-03-18 23:58 . 2008-03-19 00:19 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-18 23:58 . 2008-03-19 00:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-18 23:58 . 2008-03-19 00:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-18 23:45 . 2008-03-18 23:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-18 23:42 . 2005-03-23 22:22 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-18 23:42 . 2008-02-23 01:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-03-18 23:42 . 2008-02-23 01:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-03-18 23:37 . 2008-03-18 23:37 <DIR> d-------- C:\Program Files\Advanced Windows Cleaner
2008-03-18 11:29 . 2008-03-18 11:29 <DIR> d-------- C:\Deckard
2008-03-18 09:59 . 2008-03-19 00:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-18 09:28 . 2008-03-18 09:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 16:04 . 2008-03-20 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-17 16:04 . 2008-03-20 01:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-17 04:20 . 2008-03-16 23:18 204,800 --------- C:\WINDOWS\etlrlws.dll_old
2008-03-14 22:23 . 2008-03-14 22:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-03-14 19:42 . 2008-03-18 23:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-14 19:21 . 2008-03-18 23:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-14 18:20 . 2008-03-14 18:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-03-14 18:17 . 2008-03-14 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-09 17:05 . 2008-03-19 02:09 1,065 --a------ C:\WINDOWS\winamp.ini
2008-03-09 17:04 . 2008-03-09 17:07 <DIR> d-------- C:\Program Files\Winamp
2008-03-08 17:59 . 2008-03-08 17:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip
2008-03-08 17:59 . 2008-03-08 17:58 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-08 17:59 . 2008-03-08 17:58 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-03-08 17:59 . 2008-03-08 17:59 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-08 17:58 . 2008-03-08 17:58 <DIR> d-------- C:\Program Files\Illustrate
2008-03-08 16:59 . 2006-11-30 20:50 638,976 --a------ C:\Program Files\coolplayer.exe
2008-03-08 06:24 . 2008-03-08 06:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-08 06:23 . 2008-03-18 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 06:23 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-08 06:22 . 2007-06-14 18:38 12,413,440 --a------ C:\Program Files\avgas-setup-7.5.1.43.exe
2008-03-05 03:44 . 2008-03-08 17:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTyrant
2008-03-05 03:41 . 2008-03-08 17:19 <DIR> d-------- C:\Program Files\BitTyrant
2008-03-04 16:09 . 2008-03-04 16:09 <DIR> d-------- C:\Program Files\NCH Software
2008-03-01 23:47 . 2008-03-01 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-01 23:45 . 2008-03-08 16:42 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-03-01 23:45 . 2008-03-01 23:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-03-01 22:40 . 2008-03-01 22:40 <DIR> d-------- C:\Program Files\Maxis
2008-03-01 22:31 . 2003-08-28 10:27 122,372,241 --a------ C:\Program Files\Sound.dat
2008-03-01 22:30 . 2003-08-28 10:27 115,072,687 --a------ C:\Program Files\SimCity_3.dat
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\UKEnglsh
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Swedish
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Support
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Spanish
2008-03-01 22:29 . 2008-03-01 22:34 <DIR> d-------- C:\Program Files\Sku_Data
2008-03-01 22:29 . 2008-03-01 22:33 <DIR> d-------- C:\Program Files\Regions
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\ReadMe
2008-03-01 22:29 . 2008-03-01 22:30 <DIR> d-------- C:\Program Files\Radio
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Portgese
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Polish
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Plugins
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Norwgian
2008-03-01 22:29 . 2008-03-01 22:29 <DIR> d-------- C:\Program Files\Italian
2008-03-01 22:29 . 2008-03-18 09:11 <DIR> d-------- C:\Program Files\autorun
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\German
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\French
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\Fonts
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\Finnish
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\Dutch
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\DirectX
2008-03-01 22:28 . 2008-03-01 22:28 <DIR> d-------- C:\Program Files\Danish
2008-03-01 22:28 . 2003-08-28 10:27 169,268,568 --a------ C:\Program Files\SimCity_2.dat
2008-03-01 22:27 . 2008-03-01 22:27 <DIR> d-------- C:\Program Files\Apps
2008-03-01 22:27 . 2003-08-28 11:02 286,720 --a------ C:\Program Files\eauninstall.exe
2008-03-01 22:26 . 2003-08-28 10:27 144,547,650 --a------ C:\Program Files\SimCity_1.dat
2008-03-01 22:26 . 2003-08-24 23:04 18,242,823 --a------ C:\Program Files\Intro.dat
2008-03-01 22:26 . 2003-08-28 11:02 147,456 --a------ C:\Program Files\RunGame.exe
2008-03-01 22:26 . 2003-08-28 10:16 12,400 --a------ C:\Program Files\SECDRV.SYS
2008-03-01 22:25 . 2003-08-28 10:27 104,090,983 --a------ C:\Program Files\SimCity_5.dat
2008-03-01 22:25 . 2003-08-28 10:27 61,030,094 --a------ C:\Program Files\EP1.dat
2008-03-01 22:25 . 2003-08-28 10:16 41,472 --a------ C:\Program Files\DRVMGT.DLL
2008-03-01 22:24 . 2003-08-28 10:27 125,574,688 --a------ C:\Program Files\SimCity_4.dat
2008-03-01 22:24 . 2003-08-28 10:38 1,736,704 --a------ C:\Program Files\AutoRunGUI.dll
2008-03-01 22:24 . 2003-08-28 10:37 700,416 --a------ C:\Program Files\SC4_uninst.exe
2008-03-01 22:24 . 2003-08-28 11:02 561,152 --a------ C:\Program Files\AutoRun.exe
2008-03-01 16:44 . 2008-03-01 22:40 531 --a------ C:\WINDOWS\eReg.dat
2008-03-01 15:41 . 2008-03-01 15:41 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-01 05:52 . 2008-03-01 05:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-03-01 05:52 . 2008-03-01 05:52 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-01 01:42 . 2008-03-01 01:43 <DIR> d-------- C:\Program Files\MagicDisc
2008-03-01 01:42 . 2008-02-18 18:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-01 01:33 . 2004-09-22 02:02 <DIR> d-a------ C:\Program Files\CD 2
2008-03-01 01:31 . 2004-09-22 01:54 <DIR> d-a------ C:\Program Files\CD 1
2008-02-27 19:17 . 2008-02-27 19:18 <DIR> d-------- C:\Program Files\FLAC
2008-02-27 17:01 . 2008-03-19 02:13 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-25 04:27 . 2008-02-25 04:27 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-24 19:12 . 2008-02-24 19:12 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-02-24 04:12 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-24 04:06 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-24 04:06 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-24 04:06 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-23 18:57 . 2008-03-20 01:51 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-02-23 16:44 . 2008-02-23 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-23 16:43 . 2008-03-20 01:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-02-23 16:42 . 2008-03-19 16:58 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 22:10 1,259 ----a-w C:\Program Files\coolplayer.ini
2008-03-08 22:10 0 ----a-w C:\Program Files\default.m3u
2008-02-23 08:04 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2007-12-14 15:07 48,130 ------w C:\Program Files\autoruns.chm
2006-07-28 13:32 7,005 ------w C:\Program Files\Eula.txt
2004-09-07 04:15 773,337,600 ----a-r C:\Program Files\SC4DELUXE1.mdf
2003-08-28 16:02 23,214 ----a-w C:\Program Files\sv_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\pt-br_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\pl_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\no_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\nl_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\it_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\fr-fr_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\fi_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\es_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\en-uk_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\de_filelist.txt
2003-08-28 16:02 23,214 ----a-w C:\Program Files\da_filelist.txt
2003-08-28 15:16 317,440 ----a-w C:\Program Files\00000002.TMP
2003-08-28 15:16 308,280 ----a-w C:\Program Files\00000000.256
2003-08-28 15:16 2,048 ----a-w C:\Program Files\00000001.TMP
2003-08-28 15:16 153,718 ----a-w C:\Program Files\00000000.016
2003-08-25 04:10 10,420 ----a-w C:\Program Files\Video Cards.sgr
2003-08-25 04:03 19,976 ----a-w C:\Program Files\Graphics Rules.sgr
2003-07-12 17:31 10,134 ----a-w C:\Program Files\SC4_ConnectToWebIcon.ico
2003-07-12 17:31 10,134 ----a-w C:\Program Files\SC4.ico
2003-07-12 17:31 10,134 ----a-w C:\Program Files\eauninstall.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-23 02:14 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-02-23 02:14 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 17:17 78960]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04 135168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-23 03:09 98304]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 19:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-02-23 02:36 1502976]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-23 03:12 249896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-25 04:26 185632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\BitTyrant\\Azureus.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-23 02:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-23 02:36]

*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 01:51:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-03-20 1:53:06
ComboFix-quarantined-files.txt 2008-03-20 06:52:50
.
2008-03-12 08:05:14 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:56:02 AM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\COMODO\Firewall\cfpupdat.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtorrent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5842 bytes
See less See more
Save
Like
Aaflac
2
AskSBar is a questionable program. Further information is found here: AskSBar

If you wish to remove it, do so as follows:
Go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs

On the list of Currently Installed Programs, look for and uninstall by selecting the entry and clicking on Remove:
AskSBar

Next, search for and delete the following folder:
C:\Program Files\AskSBar

~~~~
Download ATF Cleaner

Double-click ATF-Cleaner.exe to run the program
Click Select All
Click: Empty Selected

If you use the Firefox browser click it on the top menu
Next, choose Select All
Click: Empty Selected

NOTE:
If you would like to keep your saved passwords, click 'No' at the prompt.

Click Exit to close the ATF Cleaner program.

~~~~
Now, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one. (Print the instructions first)

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
  • If an update is found, MBAM will download and install the latest.
  • Click OK
At the main program window
  • Make sure the following is checked: Perform Quick Scan
  • Click: Scan (The scan may take some time to finish, so please be patient.)
  • When the scan completes, a message box appears as shown in the image below:
  • Click OK

At the main Scanner screen:
  • Click on: Show Results
  • A screen displaying the malware found shows as seen in the image below. (Results may be different.)
  • Make sure everything found is checked, and click: Remove Selected
  • When the disinfection is complete, you may be prompted to Restart. Please do so.
  • When MBAM finishes removing the malware, a log opens in Notepad
  • The log is automatically saved and can be viewed by clicking the Logs tab.
~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post MBAM report, and a new HijackThis log in your reply.
See less See more
Save
Like
F
Malwarebytes' Anti-Malware 1.09
Database version: 515

Scan type: Quick Scan
Objects scanned: 26381
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:36:53 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Azureus\Azureus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtorrent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5727 bytes
See less See more
Save
Like
Aaflac
My apology!!

I do not recall receiving a notification of your reply.

Are you still having malware problems?
Save
Like
F
No thank you very much for all your help
Save
Like
Aaflac
2


If you are not having malware problems, you are good to go!

Please do the following to wrap up:

  • Go to Start then Run
  • Type Combofix /u in the Open box, and click OK. (Notice the space before /u)
  • This command uninstalls ComboFix, implements some cleanup procedures, and resets System Restore points to prevent re-infection from old Restore points.



Also remove the following (bold):
C:\Documents and Settings\Administrator\Desktop\SDFix


And, re-enable TeaTimer.


~~~~
Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:
How Did I Get Infected In The First Place

It is also a very good practice to perform an online virus scan on a regular basis.
Scanners do not have identical malware definitions, and what one misses, another one can catch.
Some of the scanners are:
BitDefender Online Scanner
ESET NOD32 Online Scanner
F-Secure Online Scanner
Panda ActiveScan
TrendMicro HouseCall

~~~~
If you have any questions or comments, post back. Otherwise...

Good luck, safe journey through the Internet!!
See less See more
Save
Like
1 - 8 of 8 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top