Worm.Win32.NetSky

View previous topic View next topic Go down

Worm.Win32.NetSky

Post by Vista on Mon Feb 08, 2010 3:08 am

I have a worm (Worm.Win32.NetSky) on my PC. I opened in Safe Mode and preformed an AVG safemode scan on whole computer which sent trojans to a vault. Now I can not even get on safe mode anymore. It just brings me to the opening of windows and I click on my name, then it goes right to "save settings" and starts to close. It won't let me past that point. This happened today. Can you please help. I am writing to you on my daughters laptop, so I do have access to the internet. Appreciate you recommendations! :smile2: Valerie

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Belahzur on Mon Feb 08, 2010 8:28 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Mon Feb 08, 2010 8:41 pm

Thanks for the info, but I can not even get to the desktop. I can only get to the point where I boot it up, my MSN starts up and I click my name to open to the desktop but it then switches to logging off and then gives the option to shut down or restart ...then the cycle repeats itself. I only could get to the desktop one time in safe mode. It doesn't let me in anymore. Any suggestions? Thank you for your help.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Belahzur on Tue Feb 09, 2010 1:37 am

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Tue Feb 09, 2010 9:36 pm

Thank you, I completed the above , I closed out the program, booted it back up and it did the same thing.. (When trying to open to desktop,I am on the WELCOME page of Windows XP and click on my name, but it immediately tries to shut down and says "saving your settings" then gives me the option to turn off). Can not get to anything else. Wondering if it has something to do with Windows XP. Is there something else I should do? I am desperate at this point....i have my work files on this computer. Thank you for your advice!


Last edited by Vista on Wed Feb 10, 2010 3:46 pm; edited 2 times in total (Reason for editing : Gave more updated info)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Wed Feb 10, 2010 8:16 pm

OK I am trying all I can to fix this. It now does not allow me into safe mode.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Fri Feb 12, 2010 3:09 pm

I was able to get to the desktop. It has a green screen with the ALERT message Your System is Infected! Did a Highjack This and Malware bytes anti malware scan, but can not post because I can not access the internet. Also did an AVG full scan and no infections. Not sure where I go from here, please advise!

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Belahzur on Fri Feb 12, 2010 3:14 pm

Okay, good.

Can you check the IE/FF proxy setting, make sure the infection hasn't set a proxy.

The proxy is pointed to 127.0.0.1:5555, so if that's present, it has to go.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Fri Feb 12, 2010 3:42 pm

Thanks, the proxy server was not checked and I am able to access the internet right now. What should I do next?

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Belahzur on Fri Feb 12, 2010 3:47 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Fri Feb 12, 2010 4:26 pm

OTL logfile created on: 2/12/2010 10:57:01 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Valerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 130.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 212.45 Gb Free Space | 91.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIE-DAAA710
Current User Name: Valerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/12 10:56:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
PRC - [2010/01/14 10:54:09 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2009/12/10 11:08:56 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/10 11:08:53 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/10/29 10:27:04 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 10:27:04 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/29 10:26:49 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/10/29 10:26:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/29 10:26:43 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/22 07:25:30 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/16 13:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2002/12/12 07:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2000/09/28 22:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/12 10:56:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/01 19:03:38 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/14 10:54:09 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/11/22 18:41:33 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/29 10:26:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/29 10:26:43 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/05/30 06:35:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/27 19:54:37 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/22 07:25:30 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/16 13:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/03/30 15:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000/09/28 22:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 14:49:09 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/29 10:27:18 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/29 10:27:18 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/29 10:27:18 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2009/10/29 10:27:17 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/29 10:26:46 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2009/10/29 10:26:45 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2009/10/29 10:26:44 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2009/10/29 10:26:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/29 10:26:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/05/30 06:28:39 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/10/14 16:15:18 | 001,302,812 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 07:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/03/22 11:08:40 | 000,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 08:26:42 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 15:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} [You must be registered and logged in to see this link.] (CMV5 Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [You must be registered and logged in to see this link.] (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} [You must be registered and logged in to see this link.] (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 13:12:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/12 10:56:24 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
[2010/02/12 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/02/12 10:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/02/11 21:05:26 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\TFC.exe
[2010/02/11 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/02/07 21:16:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/01 19:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/01 19:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/19 09:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valerie\Local Settings\Application Data\magicJack
[2009/10/29 10:18:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/29 10:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/26 08:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/10/26 08:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/09/21 11:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/27 20:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2008/07/27 20:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2008/06/24 09:02:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/22 15:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit

========== Files - Modified Within 30 Days ==========

[2010/02/12 10:56:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
[2010/02/12 10:31:47 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2010/02/12 10:09:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/12 08:30:30 | 055,498,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/12 08:26:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
[2010/02/12 08:24:12 | 000,001,034 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/12 08:24:12 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/12 08:24:12 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/02/12 08:24:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 08:23:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/12 08:22:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/12 08:22:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 22:54:29 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Valerie\ntuser.dat
[2010/02/11 22:54:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Valerie\ntuser.ini
[2010/02/11 22:54:27 | 004,308,024 | -H-- | M] () -- C:\Documents and Settings\Valerie\Local Settings\Application Data\IconCache.db
[2010/02/11 22:43:52 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/02/11 22:23:32 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\System Restore.lnk
[2010/02/11 21:05:30 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\TFC.exe
[2010/02/11 18:09:30 | 000,564,577 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/11 08:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 19:46:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/07 19:46:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 19:46:24 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/07 03:28:52 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/07 03:28:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/05 10:05:57 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/05 09:33:49 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Microsoft Office Word 2003.lnk
[2010/02/04 12:09:04 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Delaware Art Museum 2010-2.doc
[2010/02/04 12:08:16 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Delaware Art Museum 2010-1.doc
[2010/02/03 18:01:29 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Delaware Art Museum 2010.doc
[2010/02/03 17:54:48 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\E J Alemar.doc
[2010/01/31 19:02:38 | 003,269,632 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/31 19:02:37 | 002,440,192 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/29 12:25:57 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Service Magic response.doc
[2010/01/28 15:34:07 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Cox, Donna.doc
[2010/01/28 15:02:38 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 11.doc
[2010/01/28 15:01:01 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 10.doc
[2010/01/28 11:08:54 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\FAX COVER SHEET (Orig).doc
[2010/01/27 11:22:56 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Marrows Court Apt.doc
[2010/01/21 10:07:32 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 9.doc
[2010/01/20 14:08:58 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\alico.doc
[2010/01/20 14:04:05 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Hockessin Liquors2.doc
[2010/01/19 17:44:57 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 11:44:32 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 8.doc
[2010/01/19 11:34:38 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 7.doc
[2010/01/19 09:51:04 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$son Const,Sallie Mae5.doc
[2010/01/19 09:14:58 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\magicJack.lnk
[2010/01/15 09:45:29 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 6.doc
[2010/01/14 11:55:32 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/01/13 11:29:16 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\My Documents.lnk
[2010/01/13 11:29:07 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Dynamic Phys. Therapy (Bear)2010.doc

========== Files Created - No Company Name ==========

[2010/02/12 10:31:47 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2010/02/11 18:11:52 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/02/07 03:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/07 03:29:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 03:28:47 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/02/05 10:05:55 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/04 12:09:03 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Delaware Art Museum 2010-2.doc
[2010/02/04 12:08:16 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Delaware Art Museum 2010-1.doc
[2010/02/03 17:59:39 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Delaware Art Museum 2010.doc
[2010/02/03 17:54:48 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\E J Alemar.doc
[2010/02/01 19:04:38 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/01 19:04:37 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/29 12:25:56 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Service Magic response.doc
[2010/01/28 15:34:07 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Cox, Donna.doc
[2010/01/28 15:02:38 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 11.doc
[2010/01/28 14:54:30 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 10.doc
[2010/01/27 11:00:07 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Marrows Court Apt.doc
[2010/01/21 10:07:31 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 9.doc
[2010/01/20 14:04:04 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Hockessin Liquors2.doc
[2010/01/19 11:44:32 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 8.doc
[2010/01/19 11:34:37 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 7.doc
[2010/01/19 09:51:04 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$son Const,Sallie Mae5.doc
[2010/01/15 09:45:28 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Nason, Sallie Mae 6.doc
[2010/01/13 11:29:16 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\My Documents.lnk
[2010/01/13 11:28:51 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Dynamic Phys. Therapy (Bear)2010.doc
[2009/05/19 19:59:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Valerie.ini
[2009/04/21 20:05:26 | 000,000,070 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/16 10:41:17 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Valerie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 20:02:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/26 09:50:36 | 000,013,019 | ---- | C] () -- C:\Documents and Settings\Valerie\Application Data\Tab Separated Values (Windows).CAL
[2009/01/13 07:16:46 | 001,330,253 | -HS- | C] () -- C:\WINDOWS\System32\jqexeubt.ini
[2009/01/11 07:55:46 | 001,330,253 | -HS- | C] () -- C:\WINDOWS\System32\aygfrjpd.ini
[2009/01/08 19:59:05 | 001,326,815 | -HS- | C] () -- C:\WINDOWS\System32\vulavbmb.ini
[2009/01/07 19:54:43 | 001,326,815 | -HS- | C] () -- C:\WINDOWS\System32\urwbsscn.ini
[2009/01/07 13:31:49 | 001,320,830 | -HS- | C] () -- C:\WINDOWS\System32\gwwbhtkh.ini
[2009/01/06 13:29:12 | 001,320,830 | -HS- | C] () -- C:\WINDOWS\System32\kixopxec.ini
[2009/01/04 16:56:49 | 001,307,356 | -HS- | C] () -- C:\WINDOWS\System32\lmwnesdx.ini
[2008/05/29 17:37:45 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/05/29 17:37:45 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/05/29 17:37:45 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/05/06 07:39:42 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2008/04/30 14:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/04/30 14:17:21 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/04/30 14:17:21 | 000,000,378 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/04/30 14:17:18 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/04/29 10:40:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2008/04/29 10:39:08 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2008/04/29 10:39:08 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2008/04/29 10:39:08 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2008/04/29 10:39:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2008/04/29 10:39:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2008/04/29 10:39:07 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2008/04/29 10:39:07 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2008/04/29 10:39:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2008/04/29 10:39:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2008/04/29 10:39:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2008/04/29 10:39:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2008/04/29 10:39:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2008/04/29 10:39:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2008/04/29 10:39:03 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2008/04/29 10:39:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2008/04/29 10:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2008/04/29 10:39:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/04/18 13:57:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/04/18 13:48:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/18 13:47:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/10 08:43:24 | 003,563,520 | R--- | C] () -- C:\WINDOWS\System32\BGP856.dll
[2005/06/01 11:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Unicode (All) ==========
[2010/02/06 19:02:21 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\彀ʀ
[2010/02/06 19:02:20 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\彀ʀ
[2010/01/29 14:25:40 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\媰ʈ
[2010/01/29 14:25:40 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\媰ʈ
[2010/01/28 13:57:12 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?ª) -- C:\WINDOWS\System32\댸ª
[2010/01/28 13:57:12 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?ª) -- C:\WINDOWS\System32\댸ª
[2010/01/19 12:41:54 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ᇐʡ
[2010/01/19 12:41:54 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ᇐʡ
[2010/01/05 13:57:36 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\⋀ɼ
[2010/01/05 13:57:36 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\⋀ɼ
[2009/12/23 14:53:04 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\쁐ɮ
[2009/12/23 14:53:04 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\쁐ɮ
[2009/11/12 15:21:01 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?r) -- C:\WINDOWS\System32\㡸ř
[2009/11/12 15:21:01 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?r) -- C:\WINDOWS\System32\㡸ř

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\LARRYS PICS 001.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 2007.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 1 2007.png:SummaryInformation
< End of report >

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Fri Feb 12, 2010 4:29 pm

OTL Extras logfile created on: 2/12/2010 10:57:03 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Valerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 130.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 212.45 Gb Free Space | 91.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIE-DAAA710
Current User Name: Valerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dlcjcoms.exe" = C:\WINDOWS\system32\dlcjcoms.exe:*:Enabled:Dell 964 Server -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjpswx.exe:*:Enabled:Dell 964 Printer Status -- ()
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- File not found
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Valerie\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Valerie\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F5DD90A-F60F-4E53-A46B-EA3976A47BE1}" = TaxCut Delaware 2008
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3E8A0E39-C450-413E-9DD3-4AC2E67F2FA1}" = Bluebeam PDF Revu v6.5.4
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"Carbonite Backup" = Carbonite
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3E8A0E39-C450-413E-9DD3-4AC2E67F2FA1}" = Bluebeam PDF Revu v6.5.4
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan (Symantec Corporation)
"PrimoPDF4.1.0.9" = PrimoPDF
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"TeamViewer 4" = TeamViewer 4
"TurboTax Business 2008" = TurboTax Business 2008
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFax" = Symantec WinFax PRO
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2010 4:12:09 PM | Computer Name = VALERIE-DAAA710 | Source = QuickBooks | ID = 4
Description =

Error - 1/29/2010 4:12:09 PM | Computer Name = VALERIE-DAAA710 | Source = QuickBooks | ID = 4
Description =

Error - 2/2/2010 12:41:05 PM | Computer Name = VALERIE-DAAA710 | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 2/4/2010 11:03:13 AM | Computer Name = VALERIE-DAAA710 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 2/5/2010 8:09:05 PM | Computer Name = VALERIE-DAAA710 | Source = Google Update | ID = 20
Description =

Error - 2/5/2010 9:09:05 PM | Computer Name = VALERIE-DAAA710 | Source = Google Update | ID = 20
Description =

Error - 2/7/2010 10:14:41 PM | Computer Name = VALERIE-DAAA710 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/10/2010 2:50:52 PM | Computer Name = VALERIE-DAAA710 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/11/2010 7:09:57 PM | Computer Name = VALERIE-DAAA710 | Source = ESENT | ID = 490
Description = svchost (1440) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/11/2010 7:09:57 PM | Computer Name = VALERIE-DAAA710 | Source = ESENT | ID = 470
Description = Catalog Database (1440) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

[ System Events ]
Error - 2/11/2010 7:24:22 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2/11/2010 7:24:22 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/11/2010 7:24:22 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 2/11/2010 7:30:59 PM | Computer Name = VALERIE-DAAA710 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/11/2010 9:44:23 PM | Computer Name = VALERIE-DAAA710 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 2/11/2010 9:44:23 PM | Computer Name = VALERIE-DAAA710 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

Error - 2/11/2010 10:07:14 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V7 service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/11/2010 10:07:14 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/11/2010 10:07:14 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/11/2010 10:07:15 PM | Computer Name = VALERIE-DAAA710 | Source = Service Control Manager | ID = 7034
Description = The WinFax PRO service terminated unexpectedly. It has done this
1 time(s).


< End of report >


Last edited by Vista on Fri Feb 12, 2010 4:37 pm; edited 1 time in total (Reason for editing : Posted wrong info)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Belahzur on Fri Feb 12, 2010 8:32 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    [2010/02/07 19:46:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
    [2010/02/07 19:46:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
    [2010/02/07 19:46:24 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
    [2009/01/13 07:16:46 | 001,330,253 | -HS- | C] () -- C:\WINDOWS\System32\jqexeubt.ini
    [2009/01/11 07:55:46 | 001,330,253 | -HS- | C] () -- C:\WINDOWS\System32\aygfrjpd.ini
    [2009/01/08 19:59:05 | 001,326,815 | -HS- | C] () -- C:\WINDOWS\System32\vulavbmb.ini
    [2009/01/07 19:54:43 | 001,326,815 | -HS- | C] () -- C:\WINDOWS\System32\urwbsscn.ini
    [2009/01/07 13:31:49 | 001,320,830 | -HS- | C] () -- C:\WINDOWS\System32\gwwbhtkh.ini
    [2009/01/06 13:29:12 | 001,320,830 | -HS- | C] () -- C:\WINDOWS\System32\kixopxec.ini
    [2009/01/04 16:56:49 | 001,307,356 | -HS- | C] () -- C:\WINDOWS\System32\lmwnesdx.ini


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Fri Feb 12, 2010 8:43 pm

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
C:\WINDOWS\system32\IS15.exe moved successfully.
C:\WINDOWS\system32\helper32.dll moved successfully.
C:\WINDOWS\system32\warning.html moved successfully.
C:\WINDOWS\system32\jqexeubt.ini moved successfully.
C:\WINDOWS\system32\aygfrjpd.ini moved successfully.
C:\WINDOWS\system32\vulavbmb.ini moved successfully.
C:\WINDOWS\system32\urwbsscn.ini moved successfully.
C:\WINDOWS\system32\gwwbhtkh.ini moved successfully.
C:\WINDOWS\system32\kixopxec.ini moved successfully.
C:\WINDOWS\system32\lmwnesdx.ini moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 02122010_154335

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Belahzur on Fri Feb 12, 2010 8:56 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Worm.Win32.NetSky

Post by Vista on Fri Feb 12, 2010 9:10 pm

The desk top appears normal and the internet works fine!!! Just want to thank you for all your kind help!! You are truly a genius! Thank You!

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32754
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum