[malibulady53]

Good evening: I have a problem with my desktop computer. Last week the AntispywareXP 2009 invaded my computer. I made the error of trying to uninstall it using the ADD/REMOVE Hardware program of Windows XP. When I go to startup my computer, the error message" SQLBOOT.DLL file is corrupted and needs to be uninstalled and to re-run set up. Upon realizing the AntispywareSP 2009 was a trojan virus, I then went online looking up this and downloaded Superantispyware Free Edition and ran it. It found and quarantined a great number of adware, trojan files, etc. But I still get the same error message. I am not able to run iTunes anymore, it keeps shutting down on me. I found your website forum and saw where several people were having similar problems and I ran SDFix and saved the report on my desktop. I also ran Malwarebytes Anti-Malware scan and this program found nothing. I also downloaded ComboFix, but have not done anything with that program yet, until I converse with someone here. Can you help me get back my computer???

Malibulady53

Here is the log from Superantispyware free edition and also SDFix:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2008 at 08:07 PM

Application Version : 4.20.1046

Core Rules Database Version : 3612
Trace Rules Database Version: 1598

Scan type : Complete Scan
Total Scan Time : 00:39:20

Memory items scanned : 424
Memory threats detected : 1
Registry items scanned : 6918
Registry threats detected : 12
File items scanned : 24158
File threats detected : 132

Trojan.Dropper/Gen-NV
C:\WINDOWS\SYSTEM32\BRASTK.EXE
C:\WINDOWS\SYSTEM32\BRASTK.EXE
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE

Rogue.AntiSpywareXP2009
[AntiSpywareXP 2009] C:\PROGRAM FILES\ANTISPYWAREXP2009\ANTISPYWAREXP2009.EXE
C:\PROGRAM FILES\ANTISPYWAREXP2009\ANTISPYWAREXP2009.EXE
HKLM\Software\AntiSpywareXP2009
HKLM\Software\AntiSpywareXP2009#info
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareXP2009
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareXP2009#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareXP2009#UninstallString
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#AntiSpywareXP 2009 [ "C:\Program Files\AntiSpywareXP2009\antispywarexp2009.exe" /hide ]
C:\Program Files\AntiSpywareXP2009\data\daily.cvd
C:\Program Files\AntiSpywareXP2009\data
C:\Program Files\AntiSpywareXP2009\htmlayout.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll
C:\Program Files\AntiSpywareXP2009\Uninstall.exe
C:\Program Files\AntiSpywareXP2009
C:\Documents and Settings\Owner\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\AntiSpywareXP2009
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk
C:\Documents and Settings\Owner\Desktop\AntiSpywareXP2009.lnk
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP198\A0031531.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP198\A0031565.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP198\A0031566.LNK
C:\WINDOWS\Prefetch\ANTISPYWAREXP2009.EXE-0DA5D93F.pf
C:\WINDOWS\Prefetch\UNINSTALL.EXE-3530B573.pf

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@howardcountymd[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@badassteens[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornokinki[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultadworld[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornotribune[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1071530996[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@urteenmovieclips[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@asianteenpictureclub[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@1058646592[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@youngporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1068177418[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trackitback[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@teeniesxxx[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][bleep]sying[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\owner@mediaplex[1].txt
C:\WINDOWS\Temp\Cookies\owner@doubleclick[1].txt
C:\WINDOWS\Temp\Cookies\owner@atdmt[2].txt
C:\WINDOWS\Temp\Cookies\owner@zedo[1].txt

Rogue.XP AntiSpyware 2009
HKU\S-1-5-21-1102143622-2713621043-2143654909-1003\Control Panel\don't load#wscui.cpl [ No ]

Rogue.XP AntiSpyware2009-Trace
C:\Documents and Settings\Owner\Desktop\delself.bat

Trojan.Downloader-Gen
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
HKU\S-1-5-21-1102143622-2713621043-2143654909-1003\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]

Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\~.EXE
C:\WINDOWS\Prefetch\~.EXE-3B3A448A.pf

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LFJB9X0E\g_default[1].gif


Here is the one from SDFix:


SDFix: Version 1.238
Run by Administrator on Sun 11/02/2008 at 07:48 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\wini101953.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 20:04:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1130635355\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1130635355\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 28 Oct 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Tue 28 Oct 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"

Finished!

I do hope that someone can help me, even if you can just send me an email to : removed email addresses and let me know to go on this website so that you can help me. Thanks so much!!!!

Edited by Octagonal, 03 November 2008 - 04:48 AM.