GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

computer infected with spyware worm.win32.netsky

View previous topic View next topic Go down

computer infected with spyware worm.win32.netsky

Post by caffey1821 on Mon Jan 25, 2010 12:01 am

Computer is infected with spayware. I have no idea how to get rid of it. When the system boot ups it says my system is infected. It says worm.win32.netsky was detected. It also changes my desktop picture to say "your system is infected"

Here is the hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:47 PM, on 1/24/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\DOCUME~1\Caffey\LOCALS~1\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Caffey\Desktop\winlogon.scr
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 antivirsystem-pro.microsoft.com
O1 - Hosts: 94.232.248.66 antivir-system-pro.com
O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cfimido] rundll32.exe "C:\WINDOWS\isasujoxu.dll",Startup
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\Caffey\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O18 - Filter hijack: text/html - {0EB00690-8FA1-11D3-96C7-829E3EA50C29} - C:\WINDOWS\ftpsconfig.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9739 bytes

caffey1821
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-01-24
OS : windows xp
Points : 25149
# Likes : 0

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by Belahzur on Mon Jan 25, 2010 12:04 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 94.232.248.66 antivirsystem-pro.microsoft.com
    O1 - Hosts: 94.232.248.66 antivir-system-pro.com
    O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Cfimido] rundll32.exe "C:\WINDOWS\isasujoxu.dll",Startup
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\Caffey\LOCALS~1\Temp\richtx64.exe
    O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
    O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
    O18 - Filter hijack: text/html - {0EB00690-8FA1-11D3-96C7-829E3EA50C29} - C:\WINDOWS\ftpsconfig.dll
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by caffey1821 on Mon Jan 25, 2010 2:27 am

Once i Download Malwarebytes' Anti-Malware i try to open but it doesn't respond. I restarted my computer and still does not work. I also uninstalled it and then restalled. Have you seen this problem before?

caffey1821
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-01-24
OS : windows xp
Points : 25149
# Likes : 0

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by Belahzur on Mon Jan 25, 2010 9:40 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by caffey1821 on Tue Jan 26, 2010 11:30 pm

ComboFix 10-01-26.02 - Caffey 01/26/2010 17:53:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.225 [GMT -5:00]
Running from: c:\documents and settings\Caffey\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Caffey\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\documents and settings\Caffey\Desktop\Internet Security 2010.lnk
c:\documents and settings\Caffey\Start Menu\Internet Security 2010.lnk
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\InternetSecurity2010
c:\program files\InternetSecurity2010\IS2010.exe
c:\windows\010112010146118114.dat
c:\windows\0101120101465452.dat
c:\windows\0101120101465749.dat
c:\windows\bf23567.dat
c:\windows\isasujoxu.dll
c:\windows\jmmark2.dat
c:\windows\rvmv32.dll
c:\windows\system32\drivers\H8SRTvwtbomvmyb.sys
c:\windows\system32\H8SRTirjxbrkvwi.dll
c:\windows\system32\H8SRToexmujnsbi.dat
c:\windows\system32\H8SRTrsaywhkotr.dll
c:\windows\system32\H8SRTtuiqckvnpu.dll
c:\windows\system32\helper32.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\smss32.exe
c:\windows\system32\spool\prtprocs\w32x86\E.tmp
c:\windows\system32\srcr.dat
c:\windows\system32\warning.html
c:\windows\system32\winlogon32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-25 00:55 . 2010-01-25 00:55 -------- d-s---w- c:\documents and settings\Caffey\UserData
2010-01-25 00:52 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 00:52 . 2010-01-25 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 00:52 . 2010-01-25 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-25 00:52 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 14:43 . 2010-01-26 22:34 0 ----a-w- c:\windows\Xwiqe.bin
2010-01-19 14:43 . 2010-01-26 22:34 120 ----a-w- c:\windows\Jsedida.dat
2010-01-19 14:42 . 2010-01-19 14:42 -------- d-----w- c:\documents and settings\Caffey\Local Settings\Application Data\{DCD21E93-8B59-463C-88E9-896DE5A7A2F8}
2010-01-13 10:39 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-28 16:50 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-28 16:50 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-28 16:50 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-28 16:50 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-28 16:50 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-28 16:50 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-28 16:50 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-28 16:50 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-28 16:50 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-28 16:49 . 2009-12-28 16:49 -------- d-----w- c:\program files\Alwil Software
2009-12-28 16:33 . 2009-12-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-28 16:24 . 2009-12-28 16:24 -------- d-----w- c:\documents and settings\Caffey\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 00:11 . 2004-08-04 03:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-25 00:00 . 2005-09-07 12:46 -------- d-----w- c:\program files\Java
2010-01-24 23:54 . 2010-01-24 23:54 152576 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-24 23:54 . 2009-11-24 01:59 79488 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 17:30 . 2005-09-28 19:34 32914 ----a-w- c:\documents and settings\Caffey\Application Data\wklnhst.dat
2010-01-14 08:16 . 2008-12-24 19:19 -------- d-----w- c:\documents and settings\Caffey\Application Data\Azureus
2010-01-07 13:02 . 2005-09-21 18:33 -------- d-----w- c:\documents and settings\Caffey\Application Data\AdobeUM
2009-12-22 20:22 . 2005-09-07 12:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-22 05:42 . 2004-08-10 17:51 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 14:56 . 2008-12-24 19:19 -------- d-----w- c:\program files\Vuze
2009-12-19 20:40 . 2006-05-17 02:14 -------- d-----w- c:\documents and settings\Caffey\Application Data\LimeWire
2009-11-29 19:28 . 2006-11-24 19:24 -------- d-----w- c:\program files\Flock
2009-11-24 04:00 . 2006-04-05 17:11 1924440 ----a-w- c:\documents and settings\Caffey\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 20:19 . 2009-06-21 23:37 10686001 ----a-w- c:\documents and settings\Caffey\Application Data\Azureus\plugins\azump\mplayer.exe
2009-10-29 05:48 . 2009-10-29 05:48 2029706 ----a-w- c:\windows\system32\jmpoloas.dll
2009-10-29 05:48 . 2004-08-10 17:51 662016 ----a-w- c:\windows\system32\wininet(2)(2).dll
2009-10-29 05:48 . 2004-08-10 17:51 624640 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2009-10-29 05:48 . 2004-08-10 17:51 1506304 ----a-w- c:\windows\system32\shdocvw(2)(2).dll
2006-03-25 04:14 . 2006-03-25 04:14 7203235 ----a-w- c:\program files\moe - Spine of a Dog.mp3
2006-03-25 04:14 . 2006-03-25 04:14 8573466 ----a-w- c:\program files\moe - Water.mp3
2006-03-25 04:13 . 2006-03-25 04:13 8834692 ----a-w- c:\program files\moe - So Long.mp3
2006-03-25 04:13 . 2006-03-25 04:13 4151466 ----a-w- c:\program files\moe - New York City.mp3
2006-03-25 04:13 . 2006-03-25 04:13 4458668 ----a-w- c:\program files\moe - Captain America.mp3
2006-03-25 04:13 . 2006-03-25 04:13 5277858 ----a-w- c:\program files\moe - Faker.mp3
2006-03-25 04:12 . 2006-03-25 04:12 5173895 ----a-w- c:\program files\moe - Understand.mp3
2006-03-25 04:12 . 2006-03-25 04:12 5351271 ----a-w- c:\program files\moe - Time Again.mp3
2006-03-25 04:12 . 2006-03-25 04:12 5521174 ----a-w- c:\program files\moe - St Augustine.mp3
2006-03-25 04:12 . 2006-03-25 04:12 10312240 ----a-w- c:\program files\moe - Timmy Tucker.mp3
2006-03-25 04:11 . 2006-03-25 04:11 9850180 ----a-w- c:\program files\moe - Mexico.mp3
2006-03-25 04:09 . 2006-03-25 04:09 8039155 ----a-w- c:\program files\Black Crowes The - Twice As Hard.mp3
2006-03-25 04:05 . 2006-03-25 04:05 3267336 ----a-w- c:\program files\Lynyrd Skynyrd - Gimme Three Steps.mp3
2006-03-25 04:05 . 2006-03-25 04:05 4306160 ----a-w- c:\program files\Lynyrd Skynyrd - Simple Man.mp3
2006-03-25 04:02 . 2006-03-25 04:02 3519382 ----a-w- c:\program files\Lynyrd Skynyrd - The Ballad Of Curtis Lowe.mp3
2006-03-25 03:55 . 2006-03-25 03:55 3557345 ----a-w- c:\program files\System Of A Down - Toxicity.m4a
2006-03-25 03:55 . 2006-03-25 03:55 3417591 ----a-w- c:\program files\System Of A Down - Chop Suey.m4a
2006-03-25 03:52 . 2006-03-25 03:52 3852040 ----a-w- c:\program files\Nate Dogg - Music And Me.mp3
2006-03-22 18:38 . 2006-03-22 18:38 2162073 ----a-w- c:\program files\The Who - Happy Jack.m4a
2006-03-22 18:38 . 2006-03-22 18:38 3243907 ----a-w- c:\program files\The Who - My Generation.m4a
2006-03-22 18:37 . 2006-03-22 18:37 2789376 ----a-w- c:\program files\Tom Petty - Life Is A Highway.mp3
2006-03-22 18:36 . 2006-03-22 18:36 7660895 ----a-w- c:\program files\Phish - Prince Caspian.mp3
2006-03-22 18:36 . 2006-03-22 18:36 2343819 ----a-w- c:\program files\Phish - Steep.mp3
2006-03-22 18:36 . 2006-03-22 18:36 1839138 ----a-w- c:\program files\Phish - Swept Away.mp3
2006-03-22 18:36 . 2006-03-22 18:36 7960572 ----a-w- c:\program files\Phish - Billy Breathes.mp3
2006-03-22 18:35 . 2006-03-22 18:35 2970756 ----a-w- c:\program files\Phish - Bliss.mp3
2006-03-22 18:35 . 2006-03-22 18:35 3693622 ----a-w- c:\program files\Phish - Train Song.mp3
2006-03-22 18:35 . 2006-03-22 18:35 9173078 ----a-w- c:\program files\Phish - Theme From The Bottom.mp3
2006-03-22 18:35 . 2006-03-22 18:35 4541864 ----a-w- c:\program files\Phish - Talk.mp3
2006-03-22 18:34 . 2006-03-22 18:34 3486112 ----a-w- c:\program files\Phish - Cars Trucks Buses.mp3
2006-03-22 18:34 . 2006-03-22 18:34 5936804 ----a-w- c:\program files\Phish - Taste.mp3
2006-03-22 18:34 . 2006-03-22 18:34 6964356 ----a-w- c:\program files\Phish - Waste.mp3
2006-03-22 18:34 . 2006-03-22 18:34 5766285 ----a-w- c:\program files\Phish - Character Zero.mp3
2006-03-22 18:34 . 2006-03-22 18:34 5501080 ----a-w- c:\program files\Phish - Free.mp3
2006-03-22 18:31 . 2006-03-22 18:31 3465009 ----a-w- c:\program files\Eric Clapton - Cocaine.mp3
2006-03-21 20:46 . 2006-03-21 20:46 3997656 ----a-w- c:\program files\Led Zeppelin - Out On The Tiles.m4a
2006-03-21 20:45 . 2006-03-21 20:45 3402854 ----a-w- c:\program files\Led Zeppelin - Celebration Day.m4a
2006-03-21 20:45 . 2006-03-21 20:45 3801910 ----a-w- c:\program files\Led Zeppelin - Friends.m4a
2006-03-21 20:44 . 2006-03-21 20:44 2378204 ----a-w- c:\program files\Led Zeppelin - Immigrant Song.m4a
2006-03-21 20:37 . 2006-03-21 20:37 3454770 ----a-w- c:\program files\The Allman Brothers Band - Aint Wastin Time No More.mp3
2006-03-21 20:37 . 2006-03-21 20:37 2080102 ----a-w- c:\program files\The Allman Brothers Band - Whipping Post.mp3
2006-03-21 20:37 . 2006-03-21 20:37 4138133 ----a-w- c:\program files\The Allman Brothers Band - Wasted Words.mp3
2006-03-21 20:37 . 2006-03-21 20:37 4969872 ----a-w- c:\program files\The Allman Brothers Band - Southbound.mp3
2006-03-21 20:37 . 2006-03-21 20:37 3929989 ----a-w- c:\program files\The Allman Brothers Band - Revival.mp3
2006-03-21 20:36 . 2006-03-21 20:36 4549823 ----a-w- c:\program files\The Allman Brothers Band - Ramblin Man.mp3
2006-03-21 20:36 . 2006-03-21 20:36 4768833 ----a-w- c:\program files\The Allman Brothers Band - One Way Out.mp3
2006-03-21 20:36 . 2006-03-21 20:36 2838698 ----a-w- c:\program files\The Allman Brothers Band - Midnight Rider.mp3
2006-03-21 20:36 . 2006-03-21 20:36 3650375 ----a-w- c:\program files\The Allman Brothers Band - Melissa.mp3
2006-03-21 20:36 . 2006-03-21 20:36 2052517 ----a-w- c:\program files\The Allman Brothers Band - Little Martha.mp3
2006-03-21 20:36 . 2006-03-21 20:36 7191325 ----a-w- c:\program files\The Allman Brothers Band - Jessica.mp3
2006-03-21 20:32 . 2006-03-21 20:32 6498177 ----a-w- c:\program files\Dave Matthews Band - What You Are Live.m4a
2006-03-21 20:32 . 2006-03-21 20:32 4844299 ----a-w- c:\program files\Dave Matthews Band - Grey Street Live.m4a
2006-03-21 20:32 . 2006-03-21 20:32 3798690 ----a-w- c:\program files\Dave Matthews Band - Where Are You Going Live.m4a
2006-03-21 20:31 . 2006-03-21 20:31 5306308 ----a-w- c:\program files\Dave Matthews Band - What Would You Say Live.m4a
2006-03-21 20:31 . 2006-03-21 20:31 10577866 ----a-w- c:\program files\Dave Matthews Band - Cortez The Killer Live.m4a
2006-03-21 20:31 . 2006-03-21 20:31 5244450 ----a-w- c:\program files\Dave Matthews Band - Help Myself Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 5458940 ----a-w- c:\program files\Dave Matthews Band - Rhyme And Reason Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 5697846 ----a-w- c:\program files\Dave Matthews Band - Ants Marching Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 9410959 ----a-w- c:\program files\Dave Matthews Band - Warehouse Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 9528071 ----a-w- c:\program files\Dave Matthews Band - Dancing Nancies Live.m4a
2006-03-21 20:29 . 2006-03-21 20:29 3805095 ----a-w- c:\program files\Dave Matthews Band - When The World Ends Live.m4a
2006-03-21 20:26 . 2006-03-21 20:26 4425271 ----a-w- c:\program files\Dave Matthews Band - Granny Live.m4a
2006-03-21 20:26 . 2006-03-21 20:26 6509308 ----a-w- c:\program files\Dave Matthews Band - Too Much Live.m4a
2006-03-21 20:26 . 2006-03-21 20:26 4130749 ----a-w- c:\program files\Dave Matthews Band - So Much To Say Live.m4a
2006-03-21 20:25 . 2006-03-21 20:25 3261634 ----a-w- c:\program files\Dropkick Murphys - Dirty Water.m4a
2006-03-21 20:19 . 2006-02-03 03:47 8618527 ----a-w- c:\program files\Coldplay - Yellow.mp3
2006-03-21 20:19 . 2006-03-21 20:19 7271455 ----a-w- c:\program files\Coldplay - Sparks.mp3
2006-03-21 20:18 . 2006-03-21 20:18 10205214 ----a-w- c:\program files\Coldplay - Spies.mp3
2006-03-21 20:18 . 2006-03-21 20:18 9594655 ----a-w- c:\program files\Coldplay - Shiver.mp3
2006-03-21 20:16 . 2006-03-21 20:16 4383780 ----a-w- c:\program files\Coldplay - Dont Panic.mp3
2006-03-21 20:15 . 2006-03-21 20:15 4639098 ----a-w- c:\program files\Billy Joel - Youre Only Human Second Wind.mp3
2006-03-21 20:15 . 2006-03-21 20:15 2926709 ----a-w- c:\program files\Billy Joel - Shes Got A Way live.mp3
2006-03-21 20:09 . 2006-03-21 20:09 6576513 ----a-w- c:\program files\Phish - First Tube.m4a
2006-03-21 20:09 . 2006-03-21 20:09 3331648 ----a-w- c:\program files\Phish - Sand.m4a
2006-03-21 20:09 . 2006-03-21 20:09 2872215 ----a-w- c:\program files\Phish - The Inlaw Josie Wales.m4a
2006-03-21 20:09 . 2006-03-21 20:09 2123041 ----a-w- c:\program files\Phish - Sleep.m4a
2006-03-21 20:09 . 2006-03-21 20:09 4338852 ----a-w- c:\program files\Phish - Piper.m4a
2006-03-21 20:08 . 2006-03-21 20:08 4416859 ----a-w- c:\program files\Phish - Dirt.m4a
2006-03-21 20:08 . 2006-03-21 20:08 5371064 ----a-w- c:\program files\Phish - Gotta Jibboo.m4a
2006-03-21 20:07 . 2006-03-21 20:07 4148262 ----a-w- c:\program files\Phish - Heavy Things.m4a
2008-12-20 16:44 . 2005-09-10 15:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 16:44 . 2005-09-10 15:05 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 16:44 . 2006-11-21 22:59 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 16:44 . 2006-11-21 22:59 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 16:44 . 2005-09-10 15:05 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-12 185632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-7 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/28/2009 11:50 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/28/2009 11:50 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 3:20 PM 24652]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/3/2009 1:53 PM 108289]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 5:53 PM 167808]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [4/24/2007 6:44 PM 7548]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/24/2008 2:19 PM 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/24/2008 2:20 PM 234888]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-07 17:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Caffey\Application Data\Mozilla\Firefox\Profiles\523reakp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - hȋdden: XULRunner: {DCD21E93-8B59-463C-88E9-896DE5A7A2F8} - c:\documents and settings\Caffey\Local Settings\Application Data\{DCD21E93-8B59-463C-88E9-896DE5A7A2F8}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cfimido - c:\windows\isasujoxu.dll
AddRemove-HijackThis - c:\documents and settings\Caffey\Desktop\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-26 18:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\RtlGina2.dll

- - - - - - - > 'explorer.exe'(1540)
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\asw5Noti.exe
.
**************************************************************************
.
Completion time: 2010-01-26 18:21:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 23:21

Pre-Run: 9,753,825,280 bytes free
Post-Run: 10,731,134,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 83B9AD3FBD5F82BDEAF3ACF753C9CE3A

caffey1821
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-01-24
OS : windows xp
Points : 25149
# Likes : 0

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by Belahzur on Wed Jan 27, 2010 1:40 am

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by caffey1821 on Wed Jan 27, 2010 1:44 am

GooredFix by jpshortstuff (08.01.10.1)
Log created at 20:43 on 26/01/2010 (Caffey)
Firefox version 2.0.0.20 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{DCD21E93-8B59-463C-88E9-896DE5A7A2F8} -> Success!
Deleting C:\Documents and Settings\Caffey\Local Settings\Application Data\{DCD21E93-8B59-463C-88E9-896DE5A7A2F8} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[You must be registered and logged in to see this link.] [22:59 21/11/2006]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:06 10/09/2005]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:29 15/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [00:01 25/01/2010]

C:\Documents and Settings\Caffey\Application Data\Mozilla\Firefox\Profiles\523reakp.default\extensions\
{E9A1DEE0-C623-4439-8932-001E7D17607D} [19:19 24/12/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:28 15/08/2009]

-=E.O.F=-

caffey1821
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-01-24
OS : windows xp
Points : 25149
# Likes : 0

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by Belahzur on Wed Jan 27, 2010 1:50 am

Nearly done now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by caffey1821 on Wed Jan 27, 2010 2:05 am

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AOLIcon
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Bonjour
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Digital Line Detect
EarthLink setup files
GradeQuick Web Plugin
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Learn2 Player (Uninstall Only)
Lexmark 640 Series
LimeWire 5.2.13
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWay Search Assistant
NETGEAR WG111v2 wireless USB 2.0 adapter
NetWaiting
NetZeroInstallers
Photo Click
Qualxserve Service Agreement
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shockwave
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vuze
Vuze Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086

caffey1821
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-01-24
OS : windows xp
Points : 25149
# Likes : 0

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by Belahzur on Wed Jan 27, 2010 11:59 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Pro Studio, Dell Editon
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 17
    LimeWire 5.2.13
    MyWay Search Assistant
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Vuze
    Vuze Toolbar

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\Xwiqe.bin
    c:\windows\Jsedida.dat

    Driver::
    ASKService
    ASKUpgrade

    Folder::
    c:\program files\AskBarDis
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by caffey1821 on Thu Jan 28, 2010 10:49 pm

ComboFix 10-01-26.02 - Caffey 01/28/2010 17:36:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.199 [GMT -5:00]
Running from: c:\documents and settings\Caffey\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Caffey\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1368 [VPS 100128-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Jsedida.dat"
"c:\windows\Xwiqe.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Jsedida.dat
c:\windows\Xwiqe.bin

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-28 22:32 . 2010-01-28 22:32 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 22:31 . 2010-01-28 22:31 61440 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c801b60-n\decora-sse.dll
2010-01-28 22:31 . 2010-01-28 22:31 503808 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-613106bd-n\msvcp71.dll
2010-01-28 22:31 . 2010-01-28 22:31 499712 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-613106bd-n\jmc.dll
2010-01-28 22:31 . 2010-01-28 22:31 348160 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-613106bd-n\msvcr71.dll
2010-01-28 22:31 . 2010-01-28 22:31 12800 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c801b60-n\decora-d3d.dll
2010-01-28 22:30 . 2010-01-28 22:30 -------- d-----w- c:\program files\Java
2010-01-25 00:55 . 2010-01-25 00:55 -------- d-s---w- c:\documents and settings\Caffey\UserData
2010-01-25 00:52 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 00:52 . 2010-01-25 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 00:52 . 2010-01-25 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-25 00:52 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 23:54 . 2010-01-24 23:54 152576 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-13 10:39 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 22:32 . 2008-12-24 19:19 -------- d-----w- c:\program files\Vuze
2010-01-28 22:30 . 2009-08-15 01:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 22:18 . 2005-09-07 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-28 22:17 . 2006-05-17 02:12 -------- d-----w- c:\program files\LimeWire
2010-01-28 22:14 . 2005-09-07 12:49 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-25 00:11 . 2004-08-04 03:59 95360 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-24 23:54 . 2009-11-24 01:59 79488 ----a-w- c:\documents and settings\Caffey\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 17:30 . 2005-09-28 19:34 32914 ----a-w- c:\documents and settings\Caffey\Application Data\wklnhst.dat
2010-01-14 08:16 . 2008-12-24 19:19 -------- d-----w- c:\documents and settings\Caffey\Application Data\Azureus
2010-01-07 13:02 . 2005-09-21 18:33 -------- d-----w- c:\documents and settings\Caffey\Application Data\AdobeUM
2009-12-28 16:49 . 2009-12-28 16:49 -------- d-----w- c:\program files\Alwil Software
2009-12-28 16:40 . 2009-12-28 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-28 16:24 . 2009-12-28 16:24 -------- d-----w- c:\documents and settings\Caffey\Application Data\AVG8
2009-12-22 20:22 . 2005-09-07 12:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-22 05:42 . 2004-08-10 17:51 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 20:40 . 2006-05-17 02:14 -------- d-----w- c:\documents and settings\Caffey\Application Data\LimeWire
2009-11-24 23:54 . 2009-12-28 16:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-28 16:50 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-28 16:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-28 16:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-28 16:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-28 16:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-28 16:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-28 16:50 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-28 16:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 04:00 . 2006-04-05 17:11 1924440 ----a-w- c:\documents and settings\Caffey\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-21 16:36 . 2004-08-10 17:50 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 20:19 . 2009-06-21 23:37 10686001 ----a-w- c:\documents and settings\Caffey\Application Data\Azureus\plugins\azump\mplayer.exe
2006-03-25 04:14 . 2006-03-25 04:14 7203235 ----a-w- c:\program files\moe - Spine of a Dog.mp3
2006-03-25 04:14 . 2006-03-25 04:14 8573466 ----a-w- c:\program files\moe - Water.mp3
2006-03-25 04:13 . 2006-03-25 04:13 8834692 ----a-w- c:\program files\moe - So Long.mp3
2006-03-25 04:13 . 2006-03-25 04:13 4151466 ----a-w- c:\program files\moe - New York City.mp3
2006-03-25 04:13 . 2006-03-25 04:13 4458668 ----a-w- c:\program files\moe - Captain America.mp3
2006-03-25 04:13 . 2006-03-25 04:13 5277858 ----a-w- c:\program files\moe - Faker.mp3
2006-03-25 04:12 . 2006-03-25 04:12 5173895 ----a-w- c:\program files\moe - Understand.mp3
2006-03-25 04:12 . 2006-03-25 04:12 5351271 ----a-w- c:\program files\moe - Time Again.mp3
2006-03-25 04:12 . 2006-03-25 04:12 5521174 ----a-w- c:\program files\moe - St Augustine.mp3
2006-03-25 04:12 . 2006-03-25 04:12 10312240 ----a-w- c:\program files\moe - Timmy Tucker.mp3
2006-03-25 04:11 . 2006-03-25 04:11 9850180 ----a-w- c:\program files\moe - Mexico.mp3
2006-03-25 04:09 . 2006-03-25 04:09 8039155 ----a-w- c:\program files\Black Crowes The - Twice As Hard.mp3
2006-03-25 04:05 . 2006-03-25 04:05 3267336 ----a-w- c:\program files\Lynyrd Skynyrd - Gimme Three Steps.mp3
2006-03-25 04:05 . 2006-03-25 04:05 4306160 ----a-w- c:\program files\Lynyrd Skynyrd - Simple Man.mp3
2006-03-25 04:02 . 2006-03-25 04:02 3519382 ----a-w- c:\program files\Lynyrd Skynyrd - The Ballad Of Curtis Lowe.mp3
2006-03-25 03:55 . 2006-03-25 03:55 3557345 ----a-w- c:\program files\System Of A Down - Toxicity.m4a
2006-03-25 03:55 . 2006-03-25 03:55 3417591 ----a-w- c:\program files\System Of A Down - Chop Suey.m4a
2006-03-25 03:52 . 2006-03-25 03:52 3852040 ----a-w- c:\program files\Nate Dogg - Music And Me.mp3
2006-03-22 18:38 . 2006-03-22 18:38 2162073 ----a-w- c:\program files\The Who - Happy Jack.m4a
2006-03-22 18:38 . 2006-03-22 18:38 3243907 ----a-w- c:\program files\The Who - My Generation.m4a
2006-03-22 18:37 . 2006-03-22 18:37 2789376 ----a-w- c:\program files\Tom Petty - Life Is A Highway.mp3
2006-03-22 18:36 . 2006-03-22 18:36 7660895 ----a-w- c:\program files\Phish - Prince Caspian.mp3
2006-03-22 18:36 . 2006-03-22 18:36 2343819 ----a-w- c:\program files\Phish - Steep.mp3
2006-03-22 18:36 . 2006-03-22 18:36 1839138 ----a-w- c:\program files\Phish - Swept Away.mp3
2006-03-22 18:36 . 2006-03-22 18:36 7960572 ----a-w- c:\program files\Phish - Billy Breathes.mp3
2006-03-22 18:35 . 2006-03-22 18:35 2970756 ----a-w- c:\program files\Phish - Bliss.mp3
2006-03-22 18:35 . 2006-03-22 18:35 3693622 ----a-w- c:\program files\Phish - Train Song.mp3
2006-03-22 18:35 . 2006-03-22 18:35 9173078 ----a-w- c:\program files\Phish - Theme From The Bottom.mp3
2006-03-22 18:35 . 2006-03-22 18:35 4541864 ----a-w- c:\program files\Phish - Talk.mp3
2006-03-22 18:34 . 2006-03-22 18:34 3486112 ----a-w- c:\program files\Phish - Cars Trucks Buses.mp3
2006-03-22 18:34 . 2006-03-22 18:34 5936804 ----a-w- c:\program files\Phish - Taste.mp3
2006-03-22 18:34 . 2006-03-22 18:34 6964356 ----a-w- c:\program files\Phish - Waste.mp3
2006-03-22 18:34 . 2006-03-22 18:34 5766285 ----a-w- c:\program files\Phish - Character Zero.mp3
2006-03-22 18:34 . 2006-03-22 18:34 5501080 ----a-w- c:\program files\Phish - Free.mp3
2006-03-22 18:31 . 2006-03-22 18:31 3465009 ----a-w- c:\program files\Eric Clapton - Cocaine.mp3
2006-03-21 20:46 . 2006-03-21 20:46 3997656 ----a-w- c:\program files\Led Zeppelin - Out On The Tiles.m4a
2006-03-21 20:45 . 2006-03-21 20:45 3402854 ----a-w- c:\program files\Led Zeppelin - Celebration Day.m4a
2006-03-21 20:45 . 2006-03-21 20:45 3801910 ----a-w- c:\program files\Led Zeppelin - Friends.m4a
2006-03-21 20:44 . 2006-03-21 20:44 2378204 ----a-w- c:\program files\Led Zeppelin - Immigrant Song.m4a
2006-03-21 20:37 . 2006-03-21 20:37 3454770 ----a-w- c:\program files\The Allman Brothers Band - Aint Wastin Time No More.mp3
2006-03-21 20:37 . 2006-03-21 20:37 2080102 ----a-w- c:\program files\The Allman Brothers Band - Whipping Post.mp3
2006-03-21 20:37 . 2006-03-21 20:37 4138133 ----a-w- c:\program files\The Allman Brothers Band - Wasted Words.mp3
2006-03-21 20:37 . 2006-03-21 20:37 4969872 ----a-w- c:\program files\The Allman Brothers Band - Southbound.mp3
2006-03-21 20:37 . 2006-03-21 20:37 3929989 ----a-w- c:\program files\The Allman Brothers Band - Revival.mp3
2006-03-21 20:36 . 2006-03-21 20:36 4549823 ----a-w- c:\program files\The Allman Brothers Band - Ramblin Man.mp3
2006-03-21 20:36 . 2006-03-21 20:36 4768833 ----a-w- c:\program files\The Allman Brothers Band - One Way Out.mp3
2006-03-21 20:36 . 2006-03-21 20:36 2838698 ----a-w- c:\program files\The Allman Brothers Band - Midnight Rider.mp3
2006-03-21 20:36 . 2006-03-21 20:36 3650375 ----a-w- c:\program files\The Allman Brothers Band - Melissa.mp3
2006-03-21 20:36 . 2006-03-21 20:36 2052517 ----a-w- c:\program files\The Allman Brothers Band - Little Martha.mp3
2006-03-21 20:36 . 2006-03-21 20:36 7191325 ----a-w- c:\program files\The Allman Brothers Band - Jessica.mp3
2006-03-21 20:32 . 2006-03-21 20:32 6498177 ----a-w- c:\program files\Dave Matthews Band - What You Are Live.m4a
2006-03-21 20:32 . 2006-03-21 20:32 4844299 ----a-w- c:\program files\Dave Matthews Band - Grey Street Live.m4a
2006-03-21 20:32 . 2006-03-21 20:32 3798690 ----a-w- c:\program files\Dave Matthews Band - Where Are You Going Live.m4a
2006-03-21 20:31 . 2006-03-21 20:31 5306308 ----a-w- c:\program files\Dave Matthews Band - What Would You Say Live.m4a
2006-03-21 20:31 . 2006-03-21 20:31 10577866 ----a-w- c:\program files\Dave Matthews Band - Cortez The Killer Live.m4a
2006-03-21 20:31 . 2006-03-21 20:31 5244450 ----a-w- c:\program files\Dave Matthews Band - Help Myself Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 5458940 ----a-w- c:\program files\Dave Matthews Band - Rhyme And Reason Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 5697846 ----a-w- c:\program files\Dave Matthews Band - Ants Marching Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 9410959 ----a-w- c:\program files\Dave Matthews Band - Warehouse Live.m4a
2006-03-21 20:30 . 2006-03-21 20:30 9528071 ----a-w- c:\program files\Dave Matthews Band - Dancing Nancies Live.m4a
2006-03-21 20:29 . 2006-03-21 20:29 3805095 ----a-w- c:\program files\Dave Matthews Band - When The World Ends Live.m4a
2006-03-21 20:26 . 2006-03-21 20:26 4425271 ----a-w- c:\program files\Dave Matthews Band - Granny Live.m4a
2006-03-21 20:26 . 2006-03-21 20:26 6509308 ----a-w- c:\program files\Dave Matthews Band - Too Much Live.m4a
2006-03-21 20:26 . 2006-03-21 20:26 4130749 ----a-w- c:\program files\Dave Matthews Band - So Much To Say Live.m4a
2006-03-21 20:25 . 2006-03-21 20:25 3261634 ----a-w- c:\program files\Dropkick Murphys - Dirty Water.m4a
2006-03-21 20:19 . 2006-02-03 03:47 8618527 ----a-w- c:\program files\Coldplay - Yellow.mp3
2006-03-21 20:19 . 2006-03-21 20:19 7271455 ----a-w- c:\program files\Coldplay - Sparks.mp3
2006-03-21 20:18 . 2006-03-21 20:18 10205214 ----a-w- c:\program files\Coldplay - Spies.mp3
2006-03-21 20:18 . 2006-03-21 20:18 9594655 ----a-w- c:\program files\Coldplay - Shiver.mp3
2006-03-21 20:16 . 2006-03-21 20:16 4383780 ----a-w- c:\program files\Coldplay - Dont Panic.mp3
2006-03-21 20:15 . 2006-03-21 20:15 4639098 ----a-w- c:\program files\Billy Joel - Youre Only Human Second Wind.mp3
2008-12-20 16:44 . 2005-09-10 15:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 16:44 . 2005-09-10 15:05 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 16:44 . 2006-11-21 22:59 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 16:44 . 2006-11-21 22:59 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 16:44 . 2005-09-10 15:05 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-12 185632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-7 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/28/2009 11:50 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/28/2009 11:50 AM 20560]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/3/2009 1:53 PM 108289]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 5:53 PM 167808]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [4/24/2007 6:44 PM 7548]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-07 17:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Caffey\Application Data\Mozilla\Firefox\Profiles\523reakp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-28 17:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\CLBCATQ.DLL
.
Completion time: 2010-01-28 17:47:53
ComboFix-quarantined-files.txt 2010-01-28 22:47
ComboFix2.txt 2010-01-26 23:21

Pre-Run: 10,956,820,480 bytes free
Post-Run: 10,927,853,568 bytes free

- - End Of File - - 9233B1CBD10126C4505D6BDFBB5F49C3

caffey1821
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-01-24
OS : windows xp
Points : 25149
# Likes : 0

View user profile

Back to top Go down

Re: computer infected with spyware worm.win32.netsky

Post by Belahzur on Fri Jan 29, 2010 12:09 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum