Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2008


  • This topic is locked This topic is locked
6 replies to this topic

#1 zthomas88

zthomas88

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 20 December 2008 - 05:02 PM

Hello, Ive had the Microsoft AntiSpyware virus for around 3 days now, and im starting to get really irritated. So you rhelp is greatly appreciated.

My problem is not that the program is downloaded it is that the virus/trojan has been redirecting me to always buy it at the "Microsoft Security Center"

I tried this guide Guide


had some success but it has not completely fixed the problem

I have no idea were, ive got this from or how I have got it. Ive used Webroot, AVG, Microsoft Defender, MalwareBytes Anti Malware, Windows Malicious Software Remover.

here are my logs, good luck and thank you so much.

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2008-12-20 17:00:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 102 GB (85%) free of 120 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:02 PM, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Saf16.tmp\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ovzluk.dll
O20 - Winlogon Notify: jkkKddBQ - jkkKddBQ.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5426 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\wrSpySweeper_L4D58827647B24E1D8ACD9B76E684606B.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-19 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-24 333192]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-19 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-19 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ares"=C:\Program Files\Ares\Ares.exe [2008-12-16 887808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll ovzluk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkKddBQ]
jkkKddBQ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-20 16:31:44 ----D---- C:\rsit
2008-12-20 16:07:23 ----D---- C:\Program Files\Trend Micro
2008-12-20 15:01:39 ----D---- C:\Program Files\Windows Defender
2008-12-20 14:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-20 14:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 14:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 14:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-20 14:37:37 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-20 14:36:27 ----D---- C:\Program Files\iPod
2008-12-20 14:36:09 ----D---- C:\Program Files\iTunes
2008-12-20 14:36:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 14:32:51 ----D---- C:\Program Files\QuickTime
2008-12-20 14:32:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-20 14:31:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-20 14:29:56 ----D---- C:\Program Files\Common Files\Apple
2008-12-20 14:09:23 ----D---- C:\Documents and Settings\User\Application Data\Apple Computer
2008-12-20 14:08:20 ----D---- C:\Program Files\Safari
2008-12-20 14:07:33 ----D---- C:\Program Files\Bonjour
2008-12-20 14:07:13 ----D---- C:\Program Files\Apple Software Update
2008-12-20 14:07:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-20 13:27:52 ----D---- C:\World of Warcraft
2008-12-20 11:53:49 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 10:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 10:52:19 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-20 10:52:19 ----D---- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-12-20 09:56:09 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-12-20 09:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 09:55:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 09:49:39 ----D---- C:\WINDOWS\pss
2008-12-19 17:23:20 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-12-19 17:19:27 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-12-19 15:14:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-19 14:51:07 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2008-12-19 14:23:00 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-12-19 14:23:00 ----A---- C:\WINDOWS\WRSetup.dll
2008-12-19 14:21:13 ----HD---- C:\$AVG8.VAULT$
2008-12-19 14:05:11 ----D---- C:\Documents and Settings\User\Application Data\AVGTOOLBAR
2008-12-19 14:04:32 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2008-12-19 13:53:08 ----A---- C:\WINDOWS\system32\cb2ce4b4-.txt
2008-12-19 13:49:43 ----D---- C:\Program Files\Ares
2008-12-19 13:25:07 ----D---- C:\Program Files\AskBarDis
2008-12-19 13:24:03 ----D---- C:\Program Files\Vuze
2008-12-19 13:24:03 ----D---- C:\Program Files\Common Files\i4j_jres
2008-12-06 13:52:47 ----D---- C:\Program Files\Webroot
2008-12-06 13:52:47 ----D---- C:\Documents and Settings\User\Application Data\Webroot
2008-12-06 13:40:55 ----D---- C:\Documents and Settings\User\Application Data\Macromedia
2008-12-06 13:39:07 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-12-06 13:39:02 ----D---- C:\Documents and Settings\User\Application Data\Azureus
2008-12-06 13:38:16 ----D---- C:\Program Files\Vuze(2)
2008-12-06 13:38:16 ----D---- C:\Program Files\Common Files\i4j_jres(2)
2008-12-06 13:36:30 ----D---- C:\Program Files\WinRAR
2008-12-06 13:32:36 ----A---- C:\WINDOWS\system32\avgrsstx(2).dll
2008-12-06 13:32:22 ----D---- C:\Program Files\AVG
2008-12-06 13:32:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-06 10:21:59 ----SHD---- C:\RECYCLER
2008-12-06 10:16:18 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2008-12-20 17:01:00 ----D---- C:\WINDOWS\Temp
2008-12-20 16:48:27 ----SD---- C:\WINDOWS\Tasks
2008-12-20 16:45:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 16:45:21 ----D---- C:\WINDOWS
2008-12-20 16:44:43 ----D---- C:\WINDOWS\system32
2008-12-20 16:44:43 ----D---- C:\Program Files\Internet Explorer
2008-12-20 16:43:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 16:07:23 ----RD---- C:\Program Files
2008-12-20 15:01:52 ----SHD---- C:\WINDOWS\Installer
2008-12-20 15:01:42 ----HD---- C:\WINDOWS\inf
2008-12-20 15:01:42 ----D---- C:\WINDOWS\WinSxS
2008-12-20 15:01:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 15:01:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-20 15:01:39 ----D---- C:\WINDOWS\pchealth
2008-12-20 14:58:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-20 14:58:07 ----D---- C:\WINDOWS\ie7updates
2008-12-20 14:58:04 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-20 14:58:00 ----A---- C:\WINDOWS\imsins.BAK
2008-12-20 14:50:58 ----SH---- C:\boot.ini
2008-12-20 14:50:58 ----A---- C:\WINDOWS\win.ini
2008-12-20 14:50:58 ----A---- C:\WINDOWS\system.ini
2008-12-20 14:37:46 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 14:29:56 ----D---- C:\Program Files\Common Files
2008-12-20 14:15:09 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-12-20 10:32:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-20 09:57:49 ----D---- C:\WINDOWS\Prefetch
2008-12-19 13:55:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 14:46:09 ----D---- C:\WINDOWS\system32\config
2008-12-06 14:46:03 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 14:46:03 ----D---- C:\WINDOWS\Registration
2008-12-06 14:45:26 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-19 98440]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-19 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-19 90632]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-19 29208]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-11-15 6912]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-19 29208]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-01-09 42496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-11-24 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-11-24 234888]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-19 874776]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 231704]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-19 1212184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

-----------------EOF-----------------

Edited by zthomas88, 20 December 2008 - 05:17 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 20 December 2008 - 08:02 PM

Hello zthomas88,

Do you really use the AskBar?

Posted Image

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 zthomas88

zthomas88
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 21 December 2008 - 04:09 PM

Ha no I dont use the askbar.

here is my combofix log though

ComboFix 08-12-21.01 - User 2008-12-21 15:23:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.244 [GMT -8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\User\LOCALS~1\Temp\tmp2.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-20 16:31 . 2008-12-20 16:32 <DIR> d-------- C:\rsit
2008-12-20 16:28 . 2008-12-20 16:28 13,484 --ah----- c:\windows\system32\mlfcache.dat
2008-12-20 16:07 . 2008-12-20 16:07 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 14:37 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-20 14:37 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-20 14:36 . 2008-12-20 14:37 <DIR> d-------- c:\program files\iTunes
2008-12-20 14:36 . 2008-12-20 14:36 <DIR> d-------- c:\program files\iPod
2008-12-20 14:36 . 2008-12-20 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 14:32 . 2008-12-20 14:34 <DIR> d-------- c:\program files\QuickTime
2008-12-20 14:32 . 2008-12-20 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-20 14:31 . 2008-12-20 14:37 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-20 14:29 . 2008-12-20 14:36 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-20 14:09 . 2008-12-20 14:39 <DIR> d-------- c:\documents and settings\User\Application Data\Apple Computer
2008-12-20 14:08 . 2008-12-20 14:09 <DIR> d-------- c:\program files\Safari
2008-12-20 14:07 . 2008-12-20 14:07 <DIR> d-------- c:\program files\Bonjour
2008-12-20 14:07 . 2008-12-20 14:07 <DIR> d-------- c:\program files\Apple Software Update
2008-12-20 14:07 . 2008-12-20 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-20 13:27 . 2008-12-21 12:46 <DIR> d-------- C:\World of Warcraft
2008-12-20 11:54 . 2008-12-20 11:54 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-12-20 10:52 . 2008-12-20 13:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-20 10:52 . 2008-12-20 13:11 <DIR> d-------- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2008-12-20 10:52 . 2008-12-20 10:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 09:56 . 2008-12-20 09:56 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2008-12-20 09:55 . 2008-12-20 09:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-20 09:55 . 2008-12-20 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-20 09:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-20 09:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 17:23 . 2008-12-19 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-19 17:19 . 2008-12-20 14:31 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-19 15:14 . 2008-12-19 14:05 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-19 15:14 . 2008-12-19 14:05 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-19 15:14 . 2008-12-19 15:14 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-19 15:13 . 2008-12-21 12:49 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-19 14:27 . 2008-12-19 14:27 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Webroot
2008-12-19 14:23 . 2008-12-19 14:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-19 14:23 . 2008-08-09 16:04 1,538,928 --a------ c:\windows\WRSetup.dll
2008-12-19 14:21 . 2008-12-20 09:28 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-19 14:05 . 2008-12-19 14:43 <DIR> d-------- c:\documents and settings\User\Application Data\AVGTOOLBAR
2008-12-19 14:04 . 2008-12-19 14:04 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-12-19 14:04 . 2008-12-19 14:04 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-12-19 13:49 . 2008-12-19 13:50 <DIR> d-------- c:\program files\Ares
2008-12-19 13:25 . 2008-12-19 13:25 <DIR> d-------- c:\program files\AskBarDis
2008-12-19 13:24 . 2008-12-19 13:24 <DIR> d-------- c:\program files\Vuze
2008-12-19 13:24 . 2008-12-19 13:24 <DIR> d-------- c:\program files\Common Files\i4j_jres
2008-12-06 13:52 . 2008-12-06 13:52 <DIR> d-------- c:\program files\Webroot
2008-12-06 13:52 . 2008-12-06 13:52 <DIR> d-------- c:\documents and settings\User\Application Data\Webroot
2008-12-06 13:39 . 2008-12-19 14:30 <DIR> d-------- c:\documents and settings\User\Application Data\Azureus
2008-12-06 13:39 . 2008-12-06 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-06 13:38 . 2008-12-06 14:45 <DIR> d-------- c:\program files\Vuze(2)
2008-12-06 13:38 . 2008-12-06 14:45 <DIR> d-------- c:\program files\Common Files\i4j_jres(2)
2008-12-06 13:32 . 2008-12-06 13:33 <DIR> d-------- c:\windows\system32\drivers\Avg(2)
2008-12-06 13:32 . 2008-12-06 13:32 <DIR> d-------- c:\program files\AVG
2008-12-06 13:32 . 2008-12-20 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-06 13:32 . 2008-12-06 13:32 10,520 --a------ c:\windows\system32\avgrsstx(2).dll
2008-12-06 13:23 . 2008-12-06 13:23 0 --a------ c:\windows\nsreg.dat
2008-12-06 10:16 . 2008-04-13 16:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-06 10:16 . 2008-04-13 16:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-06 10:16 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-06 10:16 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-06 10:16 . 2008-04-13 10:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-06 10:16 . 2008-04-13 10:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 23:33 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-15 21:50 --------- d-----w c:\program files\microsoft frontpage
2008-11-15 19:56 6,912 ----a-w c:\windows\system32\drivers\NTIDrvr.sys
2008-11-15 19:56 --------- d-----w c:\program files\NewTech Infosystems
2008-11-15 19:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-16 887808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2004-07-27 68096]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-19 1261336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll ovzluk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-19 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-19 90632]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-19 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-19 234888]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-19 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-19 1212184]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-19 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-19 29208]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-06 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 16:12]

2008-12-21 c:\windows\Tasks\wrSpySweeper_L4D58827647B24E1D8ACD9B76E684606B.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2008-12-21 c:\windows\Tasks\wrSpySweeper_L4D58827647B24E1D8ACD9B76E684606B.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2008-12-21 c:\windows\Tasks\wrSpySweeper_L4D58827647B24E1D8ACD9B76E684606B.job
- a:\","c:\","d:\","e:\","f:\","g:\","h:\","i:\" []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
Notify-jkkKddBQ - jkkKddBQ.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 15:39:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-21 16:00:00
ComboFix-quarantined-files.txt 2008-12-21 23:59:46

Pre-Run: 103,413,354,496 bytes free
Post-Run: 103,665,139,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

183 --- E O F --- 2008-11-17 19:05:55

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 21 December 2008 - 04:15 PM

And a new HijackThis log please? :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 zthomas88

zthomas88
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 21 December 2008 - 04:22 PM

Here it is. Good luck. Hope this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:43 PM, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ovzluk.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4725 bytes

Edited by zthomas88, 21 December 2008 - 04:38 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 21 December 2008 - 05:05 PM

Thanks. :thumbsup:

Uninstall the AskBar from Add/Remove Programs and reboot.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders (if they exist):

C:\Program Files\AskBarDis

Reboot your computer.

How is it running now please? Have a run with MBAM and let me know how it comes out. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:00 PM

Posted 31 December 2008 - 02:48 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users