Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Toolbar.AskSBar


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cosmin

Cosmin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 31 May 2009 - 01:56 PM

I downloaded nero 9 in my computer,i instaled it,but my antivirus quarantined the program saying the reason was:Win32/Toolbar.AskSBar .......But the program is still installed and properly working,for now.....I did the same thing 4 weeks ago and after 2 weeks,my computer broke down(I got message like :Sistem32 is missing,or something),and i resofted it.I'm afraid i'll have to do the same thing again...



DDS (Ver_09-05-14.01) - NTFSx86
Run by Cosmin at 21:21:48.64 on Sun 05/31/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.2047.1449 [GMT 3:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Cosmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\DESCARCARI\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\cosmin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DriverCD] J:\Run.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cosmin\applic~1\mozilla\firefox\profiles\x39m73pt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\documents and settings\cosmin\application data\mozilla\firefox\profiles\x39m73pt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\cosmin\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\opera7\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJPI142_01.dll
FF - plugin: c:\program files\opera7\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera7\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera7\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-23 604416]
R3 esihdrv;esihdrv;\??\c:\docume~1\cosmin\locals~1\temp\esihdrv.sys --> c:\docume~1\cosmin\locals~1\temp\esihdrv.sys [?]
S2 EsetNod32Fix;Nod32 AV;c:\windows\regedit.exe [2004-8-4 146432]

=============== Created Last 30 ================

2009-05-29 15:39 <DIR> --d----- c:\documents and settings\cosmin\LocalLow
2009-05-29 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-05-29 15:12 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-29 15:12 <DIR> --d----- c:\program files\SopCast4.3
2009-05-29 13:33 <DIR> --d----- c:\windows\system32\scripting
2009-05-29 13:33 <DIR> --d----- c:\windows\system32\en
2009-05-29 13:33 <DIR> --d----- c:\windows\system32\bits
2009-05-29 13:33 <DIR> --d----- c:\windows\l2schemas
2009-05-29 13:30 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-29 13:29 <DIR> --d----- c:\windows\network diagnostic
2009-05-27 00:40 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-26 16:35 375,519 -c------ c:\windows\system32\dllcache\nuskin.wmv
2009-05-26 16:22 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-26 16:22 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-05-26 16:20 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-05-26 16:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-26 16:19 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-05-26 16:19 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-05-26 16:18 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-05-26 16:17 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-26 16:17 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-26 16:17 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-26 16:17 <DIR> --d-h--- c:\windows\$hf_mig$
2009-05-26 16:14 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-23 19:12 <DIR> --d----- c:\docume~1\cosmin\applic~1\XnView
2009-05-23 19:12 <DIR> --d----- c:\program files\XnView
2009-05-23 18:33 <DIR> --d----- c:\docume~1\cosmin\applic~1\BitTorrent
2009-05-23 18:33 <DIR> --d----- c:\program files\DNA
2009-05-23 18:33 <DIR> --d----- c:\docume~1\cosmin\applic~1\DNA
2009-05-23 18:33 <DIR> --d----- c:\program files\BitTorrent
2009-05-23 18:33 <DIR> --d----- c:\program files\AskSearch
2009-05-23 16:41 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-05-23 16:40 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-05-23 16:39 74,240 a------- c:\windows\system32\usbui.dll
2009-05-23 16:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-23 16:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-23 16:38 <DIR> --d----- c:\program files\common files\ODBC
2009-05-23 16:38 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-23 16:38 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-05-23 16:36 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-05-23 16:35 <DIR> --d----- c:\program files\Webteh
2009-05-23 16:35 261 a------- c:\windows\system32\$winnt$.inf
2009-05-23 16:34 545 a------- c:\windows\UC.PIF
2009-05-23 16:34 545 a------- c:\windows\RAR.PIF
2009-05-23 16:34 545 a------- c:\windows\PKZIP.PIF
2009-05-23 16:34 545 a------- c:\windows\PKUNZIP.PIF
2009-05-23 16:34 545 a------- c:\windows\NOCLOSE.PIF
2009-05-23 16:34 545 a------- c:\windows\LHA.PIF
2009-05-23 16:34 545 a------- c:\windows\ARJ.PIF
2009-05-23 16:34 324 a------- c:\windows\wincmd.ini
2009-05-23 16:34 <DIR> --d----- C:\totalcmd
2009-05-23 16:34 <DIR> --d----- c:\program files\VideoLAN
2009-05-23 16:29 <DIR> --d----- c:\program files\Free Internet TV
2009-05-23 15:22 <DIR> --d----- c:\program files\Nero
2009-05-23 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-23 15:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-05-23 14:59 <DIR> --d----- c:\program files\common files\HP
2009-05-23 14:59 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-23 14:58 <DIR> --d----- c:\program files\HP
2009-05-23 14:48 <DIR> --d----- c:\program files\Opera7
2009-05-23 14:45 <DIR> --d----- c:\program files\PhotoScape
2009-05-23 14:45 <DIR> --d----- c:\program files\Unlocker
2009-05-23 14:45 <DIR> --d----- c:\docume~1\cosmin\applic~1\Desktopicon
2009-05-23 14:44 <DIR> --d----- c:\program files\DivX
2009-05-23 14:41 <DIR> --d----- c:\program files\Ares
2009-05-23 14:41 <DIR> --d----- c:\program files\mIRC
2009-05-23 14:41 <DIR> --d----- c:\docume~1\cosmin\applic~1\mIRC
2009-05-23 14:36 <DIR> --ds---- c:\documents and settings\cosmin\UserData
2009-05-23 14:32 <DIR> --d----- c:\program files\Yahoo!
2009-05-23 14:26 <DIR> --d----- c:\docume~1\cosmin\applic~1\ESET
2009-05-23 14:25 <DIR> --d----- c:\program files\ESET
2009-05-23 14:22 <DIR> --d----- c:\program files\MyXOFT
2009-05-23 14:16 <DIR> --d----- c:\program files\Total Video Converter
2009-05-23 14:15 <DIR> --d----- c:\docume~1\cosmin\applic~1\TuneUp Software
2009-05-23 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-05-23 14:14 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-05-23 14:14 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-23 14:11 <DIR> --d----- c:\program files\My-Tool
2009-05-23 14:11 <DIR> --d----- c:\program files\Conduit
2009-05-23 14:09 <DIR> --d----- c:\documents and settings\cosmin\Bluetooth Software
2009-05-23 14:07 <DIR> --d----- c:\program files\WIDCOMM
2009-05-23 13:57 <DIR> --d----- c:\program files\Realtek
2009-05-23 13:46 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-23 13:46 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-23 13:45 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-23 13:44 <DIR> --d----- c:\program files\Online Services
2009-05-23 13:44 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-23 13:43 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-05-29 13:35 89,783 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-23 15:03 141,136 a------- c:\windows\hpoins14.dat
2009-05-23 14:44 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-23 14:15 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-05-23 14:15 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-05-23 14:00 15,600 a------- c:\windows\gdrv.sys
2009-05-23 13:57 315,392 a------- c:\windows\HideWin.exe
2009-05-23 13:44 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-27 15:21 28,928 a------- c:\windows\system32\uxtuneup.dll
2009-03-06 17:22 284,160 a------- c:\windows\system32\pdh.dll

============= FINISH: 21:21:58.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 11 June 2009 - 09:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Edited by RenatoMejias, 11 June 2009 - 09:01 PM.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 21 June 2009 - 11:44 AM

Due to the lack of feedback, this Topic is now closed.

In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days. Anything beyond the 5 day period from the timestamp of this post, please start a new topic.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users