1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Worm.Win32.netsky, what next?

Discussion in 'Virus & Other Malware Removal' started by chappy3, Oct 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. chappy3

    chappy3 Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    3
    I would be happy to make a donation to your website if you could help.
    I have downloaded hijack and ran it on my computer, is this what you need? What should i do next? Thank you very much for your help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:27:07 AM, on 10/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\AOL\1170883215\ee\AOLSoftware.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Ty Chapman\Application Data\U3\000015A2DA606E09\LaunchPad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
    O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170883215\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - Startup: system.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O20 - AppInit_DLLs: sulimo.dat
    O20 - Winlogon Notify: geeda - C:\WINDOWS\system32\geeda.dll (file missing)
    O20 - Winlogon Notify: ibnpm3 - C:\WINDOWS\assembly\temp\ibnpm3.dll (file missing)
    O21 - SSODL: bxsbang - {5C37C260-A2F9-4979-AF74-546B738383E2} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {0976EAA2-AA0D-462D-8851-03CB3F2C4294} - C:\WINDOWS\ocgrep.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 11497 bytes
     
  2. chappy3

    chappy3 Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    3
    Anybody?
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
     
  4. chappy3

    chappy3 Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    3
    SDFix: Version 1.114

    Run by Administrator on Sat 11/10/2007 at 06:37 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Killing PID 820 'printer.exe'

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\privacy_danger\index.htm - Deleted
    C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
    C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
    C:\WINDOWS\privacy_danger\images\down.gif - Deleted
    C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
    C:\Program Files\VideoAccessCodec\install.ico - Deleted
    C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted
    C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx - Deleted
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe - Deleted
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe - Deleted
    C:\WINDOWS\bxsbang.dll - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\kthemup.exe - Deleted
    C:\WINDOWS\movctrlswd.dll - Deleted
    C:\WINDOWS\nssfrch.dll - Deleted
    C:\WINDOWS\ocgrep.dll - Deleted
    C:\WINDOWS\rs.txt - Deleted
    C:\WINDOWS\search_res.txt - Deleted
    C:\WINDOWS\system32\printer.exe - Deleted
    C:\WINDOWS\system32\winavxx.exe - Deleted


    Folder C:\Program Files\VideoAccessCodec - Removed
    Folder C:\WINDOWS\privacy_danger - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-10 18:54:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
    Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
    Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
    Thu 16 Sep 2004 60,928 ...H. --- "C:\Program Files\Microsoft Money 2005\mnysl05.dll"
    Thu 16 Sep 2004 199,680 ...H. --- "C:\Program Files\Microsoft Money 2005\mnysvc05.dll"
    Thu 16 Sep 2004 80,384 ...H. --- "C:\Program Files\Microsoft Money 2005\[email protected]#@.exe"
    Thu 16 Sep 2004 229,888 ...H. --- "C:\Program Files\Microsoft Money 2005\unicows.dll"
    Thu 16 Sep 2004 121,344 ...H. --- "C:\Program Files\Microsoft Money 2005\utilsurf.dll"
    Wed 14 Dec 2005 397,139 A.SH. --- "C:\WINDOWS\system32\adeeg.bak2"
    Wed 5 Apr 2006 634,343 ..SH. --- "C:\WINDOWS\system32\ututv.tmp"
    Tue 15 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 22 Jan 2007 43,008 ...H. --- "C:\Documents and Settings\Tara Mullins\Desktop\~WRL0996.tmp"
    Thu 16 Sep 2004 1,949,696 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\LAUNCHER.EXE"
    Thu 16 Sep 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\MNYINSTA.DLL"
    Thu 16 Sep 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RMVSUITE.EXE"
    Thu 16 Sep 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\SETUPLNG.DLL"
    Thu 16 Sep 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\UNREGWTR.EXE"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Tara Mullins\Local Settings\Temp\BIT2.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT10.tmp"
    Sat 13 Oct 2007 378,306 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT12.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT13.tmp"
    Sat 13 Oct 2007 374,865 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT16.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT19.tmp"
    Sat 13 Oct 2007 378,306 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT1A.tmp"
    Thu 25 Oct 2007 0 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT1B.tmp"
    Sat 27 Oct 2007 0 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT1E.tmp"
    Thu 25 Oct 2007 379,651 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT28.tmp"
    Fri 26 Oct 2007 0 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT41.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BIT42.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BITB.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BITD.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BITE.tmp"
    Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Ty Chapman\Local Settings\Temp\BITF.tmp"
    Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BITF.tmp"
    Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Ty Chapman\Application Data\U3\temp\Launchpad Removal.exe"
    Wed 11 Jan 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
    Sat 28 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tara Mullins\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Sat 28 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tara Mullins\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Sat 28 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tara Mullins\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Sat 28 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tara Mullins\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
    Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ty Chapman\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ty Chapman\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ty Chapman\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Wed 18 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ty Chapman\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

    Finished!

    Thank you for your help, sorry it took so long to get back. Is there anything else that i need to do. I cannot add/delete programs, it says i need to talk to my administrator...i am the administrator. Can you help?
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


    Next:
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Worm Win32 netsky
  1. Sumfeg
    Replies:
    0
    Views:
    1,119
  2. dreamy.dancer
    Replies:
    6
    Views:
    2,142
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/644594

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice