worm.win32.netsky Trojan

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

worm.win32.netsky Trojan30th January 2010, 8:33 am

I keep getting the message when i first turn on the computer, and there is a red circle with a white cross in my taskbar, which keeps popping up a message to instal some sort of spyware removal. Have tried to run malwarebytes Anti-Malware, but it keeps freezing. Cannot open Taskbar manager or anything.

Hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:33, on 30/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy139.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kwanzy\kwanzy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sharon\Application Data\WhereSphere\wheresphere.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Sharon\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P26 "EPSON Stylus CX6500 Series" /O5 "LPT1:" /M "Stylus CX6500"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Frofoyatu] rundll32.exe "C:\WINDOWS\acaqoyejamiyum.dll",Startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WhereSphere] C:\Documents and Settings\Sharon\Application Data\WhereSphere\wheresphere.exe
O4 - HKCU\..\Run: [SfKg6wIPuS] C:\Documents and Settings\Sharon\Application Data\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration .LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kwanzy Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy139.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11389 bytes

Re: worm.win32.netsky Trojan30th January 2010, 5:13 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Frofoyatu] rundll32.exe "C:\WINDOWS\acaqoyejamiyum.dll",Startup
O4 - HKCU\..\Run: [SfKg6wIPuS] C:\Documents and Settings\Sharon\Application Data\Microsoft\Windows\oulwsv.exe
O23 - Service: Kwanzy Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy139.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
worm.win32.netsky Trojan DXwU4

Re: worm.win32.netsky Trojan31st January 2010, 2:14 am

Hey, thanks for the help, I have only been able to do the hijackthis stuff, as when i run Malwarebytes it is still freezing at around 6000 files mark.

Re: worm.win32.netsky Trojan31st January 2010, 2:17 am

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: worm.win32.netsky Trojan31st January 2010, 2:30 am

OTL.txrt

OTL logfile created on: 31/01/2010 12:19:28 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Sharon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 4.53 Gb Free Space | 3.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 18.55 Gb Total Space | 1.02 Gb Free Space | 5.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-19AD2330D9
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 12:18:58 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\Desktop\OTL.exe
PRC - [2010/01/06 17:19:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/08 23:53:01 | 000,827,392 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\WhereSphere\wheresphere.exe
PRC - [2009/10/28 20:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/08 13:09:25 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/08 13:09:25 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/30 12:26:20 | 001,126,400 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2008/04/18 08:52:27 | 000,579,584 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
PRC - [2007/12/21 11:36:57 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
PRC - [2007/10/29 15:34:51 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
PRC - [2007/06/13 20:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/30 17:21:24 | 000,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2006/12/29 04:46:10 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
PRC - [2006/10/23 06:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/09/26 20:51:16 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006/09/26 20:51:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/03/14 12:06:01 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2006/03/02 10:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/07/09 10:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/05/31 14:29:16 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2004/11/03 14:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/03/01 13:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EP.EXE
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/01/31 12:18:58 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\Desktop\OTL.exe
MOD - [2007/03/09 01:36:28 | 000,150,528 | ---- | M] () -- C:\WINDOWS\acaqoyejamiyum.dll
MOD - [2006/08/26 01:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/30 05:06:54 | 000,046,432 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy141.exe -- (Kwanzy Service)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/08 13:09:25 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/21 11:36:57 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS)
SRV - [2007/10/29 15:34:51 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007/01/01 16:47:34 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/12/29 04:46:10 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2006/10/23 06:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/07/09 10:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/16 14:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/12/21 11:36:58 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007/11/13 20:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/29 15:34:35 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/07/20 00:47:22 | 000,109,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\catchme.exe -- (catchme)
DRV - [2007/04/23 10:15:25 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/24 09:22:15 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2006/12/29 04:46:19 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2006/12/29 04:46:13 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2006/10/23 06:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/19 17:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/12 19:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/03/21 08:45:52 | 003,960,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/03/14 12:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/02/27 07:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/07/09 10:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/09 10:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/05/31 14:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 14:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 14:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 14:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 14:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/04 22:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 09:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 6B 28 B9 D0 18 8E E1 4F A2 ED C5 00 9A 2F ED 68 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4E551550-1870-479D-BF66-DF77900E100E}:1.0
FF - prefs.js..extensions.enabledItems: {1E2687DB-3259-463F-8FC8-48BA4248ACC3}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{1E2687DB-3259-463F-8FC8-48BA4248ACC3}: C:\Documents and Settings\Sharon\Local Settings\Application Data\{1E2687DB-3259-463F-8FC8-48BA4248ACC3} [2010/01/30 09:50:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 19:46:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 17:19:40 | 000,000,000 | ---D | M]

[2009/05/07 07:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Extensions
[2009/03/08 10:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/31 12:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions
[2007/08/09 17:57:28 | 000,000,000 | ---D | M] (INpact Dark Orange) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{08749A2F-9877-4934-BB64-687558DBB8D0}
[2008/03/28 06:48:51 | 000,000,000 | ---D | M] (Blue Ice) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/03/18 17:22:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 21:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/23 10:13:49 | 000,000,000 | ---D | M] (Kwanzy) -- C:\Program Files\Mozilla Firefox\extensions\{4E551550-1870-479D-BF66-DF77900E100E}
[2009/12/08 23:53:30 | 000,212,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\wsff.dll
[2009/12/30 15:16:37 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy133.xml
[2010/01/08 18:25:02 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy135.xml
[2010/01/23 10:13:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy139.xml
[2010/01/31 11:53:49 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwanzy141.xml

O1 HOSTS File: ([2007/09/20 00:15:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX6500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Frofoyatu] C:\WINDOWS\acaqoyejamiyum.DLL ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WhereSphere] C:\Documents and Settings\Sharon\Application Data\WhereSphere\wheresphere.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Sharon\Start Menu\Programs\Startup\Registration .LNK = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 16:00:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{51767d24-3168-11dd-a18e-000c5519aea6}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{5338564c-a0be-11de-a315-0017318d60cb}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{ac2ae40c-6152-11dd-a1c9-000c5519aea6}\Shell\AutoRun\command - "" = dmbdkwoo.exe
O33 - MountPoints2\{ac2ae40c-6152-11dd-a1c9-000c5519aea6}\Shell\explore\Command - "" = dmbdkwoo.exe
O33 - MountPoints2\{ac2ae40c-6152-11dd-a1c9-000c5519aea6}\Shell\open\Command - "" = dmbdkwoo.exe
O33 - MountPoints2\{fdb382b7-31b9-11dd-a18f-0017318d60cb}\Shell\AutoRun\command - "" = llefgnuw.exe
O33 - MountPoints2\{fdb382b7-31b9-11dd-a18f-0017318d60cb}\Shell\explore\Command - "" = llefgnuw.exe
O33 - MountPoints2\{fdb382b7-31b9-11dd-a18f-0017318d60cb}\Shell\open\Command - "" = llefgnuw.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 12:18:58 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sharon\Desktop\OTL.exe
[2010/01/31 11:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Desktop\backups
[2010/01/30 18:32:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sharon\Desktop\winlogon.scr
[2010/01/30 16:09:01 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sharon\Desktop\mbam-setup.scr
[2010/01/30 15:56:39 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sharon\Desktop\explorer.exe
[2010/01/30 13:48:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sharon\Recent
[2010/01/30 13:14:07 | 001,128,296 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sharon\Desktop\ccsetup228_slim.exe
[2010/01/30 09:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Local Settings\Application Data\{1E2687DB-3259-463F-8FC8-48BA4248ACC3}
[2010/01/30 09:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/30 09:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Application Data\AntiVirus Plus
[2010/01/19 17:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/01/19 10:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Application Data\Malwarebytes
[2010/01/19 10:14:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/19 10:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/19 10:14:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/19 10:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/19 10:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/19 10:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Application Data\SUPERAntiSpyware.com
[2010/01/19 10:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/19 10:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/19 10:11:57 | 010,038,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sharon\Desktop\windows-kb890830-v3.3.exe
[2010/01/18 16:10:09 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml2a.dll
[2010/01/18 16:10:08 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2010/01/18 16:10:08 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2010/01/18 16:10:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010/01/18 16:09:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung
[2010/01/18 16:07:57 | 000,022,663 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\SUGG1LMK.DLL
[2010/01/18 16:07:56 | 000,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SUGG1CI.exe
[2010/01/18 16:07:56 | 000,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\SUGG1CI.dll
[2010/01/18 16:07:41 | 000,704,512 | ---- | C] (Unified FB) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.dll
[2010/01/18 16:07:41 | 000,224,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ui.dll
[2010/01/18 16:07:41 | 000,022,663 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.dll
[2010/01/18 16:07:40 | 000,837,028 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.dll
[2010/01/18 16:07:40 | 000,204,800 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.dll
[2010/01/18 16:07:40 | 000,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.exe
[2010/01/18 16:07:40 | 000,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.dll
[2010/01/18 16:07:40 | 000,041,984 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\DGIVECP.SYS
[2010/01/18 16:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series
[2010/01/18 16:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung
[2010/01/18 16:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2009/08/28 03:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/29 14:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/18 08:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/04 16:04:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/12/29 09:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2006/12/19 16:00:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 12:18:58 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\Desktop\OTL.exe
[2010/01/31 12:02:12 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/31 12:02:10 | 000,012,718 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/31 12:00:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/31 12:00:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/31 11:58:50 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Sharon\NTUSER.DAT
[2010/01/31 11:58:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sharon\ntuser.ini
[2010/01/31 11:54:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/01/31 11:51:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vravuwafonu.bin
[2010/01/31 11:51:13 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gpavewizutero.dat
[2010/01/31 11:33:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/01/31 11:13:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/01/31 10:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/01/31 10:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/01/31 10:13:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/01/31 09:53:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/01/31 09:33:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/01/31 09:13:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/01/31 08:53:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/01/31 08:32:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/01/31 08:12:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/01/31 07:52:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/01/31 07:32:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/01/31 07:12:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/01/31 06:52:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/01/31 06:32:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/01/31 06:12:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/01/31 05:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/01/31 05:31:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/01/31 05:11:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/01/31 04:51:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/01/31 04:31:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/01/31 04:11:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/01/31 03:51:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/01/31 03:31:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/01/31 03:11:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/01/31 02:50:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/01/31 02:30:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/01/31 02:10:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/01/31 01:50:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/01/31 01:30:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/01/31 01:10:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/01/31 00:50:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/01/31 00:30:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/01/31 00:10:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/01/30 23:49:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/01/30 23:29:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/01/30 23:09:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/01/30 22:49:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/01/30 22:29:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/01/30 22:09:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/30 21:49:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/30 21:29:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/30 21:08:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/30 20:48:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/30 20:28:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/30 20:08:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/30 19:48:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/30 19:28:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/30 19:08:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/30 18:48:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/30 18:32:18 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sharon\Desktop\winlogon.scr
[2010/01/30 18:28:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/30 18:08:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/30 17:48:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/30 17:27:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/30 17:07:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/30 16:47:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/30 16:27:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/30 16:09:23 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sharon\Desktop\mbam-setup.scr
[2010/01/30 16:07:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/30 16:02:45 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\SmitfraudFix.exe
[2010/01/30 15:56:40 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sharon\Desktop\explorer.exe
[2010/01/30 15:47:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/30 15:47:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/30 15:47:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/30 13:38:22 | 002,387,269 | ---- | M] () -- C:\MGtools.exe
[2010/01/30 13:36:46 | 003,840,413 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\ComboFix.exe
[2010/01/30 13:33:34 | 000,000,738 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/30 13:33:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 13:33:34 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/01/30 13:14:44 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\CCleaner.lnk
[2010/01/30 13:14:19 | 001,128,296 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sharon\Desktop\ccsetup228_slim.exe
[2010/01/30 09:44:01 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/30 09:43:49 | 000,016,896 | ---- | M] () -- C:\duehpow.exe
[2010/01/30 09:43:45 | 000,030,720 | ---- | M] () -- C:\dqccpnq.exe
[2010/01/30 09:43:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/30 09:43:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/30 09:43:45 | 000,020,480 | ---- | M] () -- C:\kkalf.exe
[2010/01/30 09:43:43 | 000,023,040 | ---- | M] () -- C:\wtork.exe
[2010/01/30 09:00:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/29 19:04:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/19 10:14:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 10:14:04 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/19 10:13:04 | 010,038,728 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Sharon\Desktop\windows-kb890830-v3.3.exe
[2010/01/19 10:12:07 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\SUPERAntiSpyware.exe
[2010/01/18 23:30:22 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Sharon\My Documents\Roseanne_Mills_Resume.doc
[2010/01/18 17:44:40 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\Microsoft Office Word 2003.lnk
[2010/01/18 16:10:20 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SAMSUNG Dr.Printer.url
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 20:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/05 20:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/05 20:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/01/05 20:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/01/05 20:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/01/05 20:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/01/05 20:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/01/05 20:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/01/05 20:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/01/05 20:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/01/05 20:00:27 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/01/05 20:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/01/05 20:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/01/05 20:00:26 | 003,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/05 20:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/01/05 20:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/05 20:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/01/05 20:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/01/05 20:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/01/05 20:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/05 20:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/05 20:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/01/05 20:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/01/05 20:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/01/05 20:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/01/05 20:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/01/05 20:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/01/05 20:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/05 20:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/01/05 20:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/01/05 20:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/01/05 20:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/05 20:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/01/05 20:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/01/05 20:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/01/05 20:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/01/05 20:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/01/05 20:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll

Re: worm.win32.netsky Trojan31st January 2010, 2:30 am

[2010/01/05 20:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/01/05 20:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/05 20:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/05 20:00:21 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/05 20:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/01/05 20:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/01/05 20:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/01/05 20:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2010/01/05 20:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/01/05 20:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 11:54:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12316.exe
[2010/01/31 11:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\778.exe
[2010/01/31 11:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27529.exe
[2010/01/31 10:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2010/01/31 10:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2010/01/31 10:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2010/01/31 09:53:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2010/01/31 09:33:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32757.exe
[2010/01/31 09:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32662.exe
[2010/01/31 08:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27644.exe
[2010/01/31 08:32:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2010/01/31 08:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6868.exe
[2010/01/31 07:52:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2010/01/31 07:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2010/01/31 07:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2010/01/31 06:52:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2010/01/31 06:32:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2010/01/31 06:12:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2010/01/31 05:51:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2010/01/31 05:31:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2010/01/31 05:11:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2010/01/31 04:51:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2010/01/31 04:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2010/01/31 04:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2010/01/31 03:51:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2010/01/31 03:31:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2010/01/31 03:11:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2010/01/31 02:50:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2010/01/31 02:30:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2010/01/31 02:10:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2010/01/31 01:50:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010/01/31 01:30:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010/01/31 01:10:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010/01/31 00:50:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010/01/31 00:30:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010/01/31 00:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010/01/30 23:49:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010/01/30 23:29:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010/01/30 23:09:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010/01/30 22:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010/01/30 22:29:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010/01/30 22:09:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/30 21:49:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/30 21:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/30 21:08:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/30 20:48:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/30 20:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/30 20:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/30 19:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/30 19:28:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/30 19:08:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/30 18:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/30 16:02:42 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\SmitfraudFix.exe
[2010/01/30 15:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/30 15:01:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/30 14:41:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/30 14:21:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/30 14:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/30 13:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/30 13:38:22 | 002,387,269 | ---- | C] () -- C:\MGtools.exe
[2010/01/30 13:36:46 | 003,840,413 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\ComboFix.exe
[2010/01/30 13:21:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/30 13:14:44 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\CCleaner.lnk
[2010/01/30 10:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/30 09:50:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/30 09:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/30 09:50:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/30 09:50:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vravuwafonu.bin
[2010/01/30 09:50:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gpavewizutero.dat
[2010/01/30 09:44:01 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/30 09:43:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/30 09:43:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/30 09:43:47 | 000,016,896 | ---- | C] () -- C:\duehpow.exe
[2010/01/30 09:43:43 | 000,030,720 | ---- | C] () -- C:\dqccpnq.exe
[2010/01/30 09:43:43 | 000,020,480 | ---- | C] () -- C:\kkalf.exe
[2010/01/30 09:43:41 | 000,023,040 | ---- | C] () -- C:\wtork.exe
[2010/01/24 14:27:00 | 011,481,088 | ---- | C] () -- C:\WINDOWS\System32\milkguitar.dll
[2010/01/19 10:14:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 10:14:04 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/19 10:12:15 | 000,292,352 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\gmer.exe
[2010/01/19 10:10:52 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\SUPERAntiSpyware.exe
[2010/01/18 23:29:59 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Sharon\My Documents\Roseanne_Mills_Resume.doc
[2010/01/18 16:10:20 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SAMSUNG Dr.Printer.url
[2010/01/18 16:10:11 | 000,471,040 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/01/18 16:07:57 | 000,000,555 | ---- | C] () -- C:\WINDOWS\System32\SUGG1LMK.SMT
[2010/01/18 16:07:56 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico
[2010/01/18 16:07:41 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u2.dll
[2010/01/18 16:07:41 | 000,626,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ua.bmp
[2010/01/18 16:07:41 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1U.dll
[2010/01/18 16:07:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M.DLL
[2010/01/18 16:07:41 | 000,206,278 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ub.bmp
[2010/01/18 16:07:41 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uC.bmp
[2010/01/18 16:07:41 | 000,062,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.dat
[2010/01/18 16:07:41 | 000,060,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.dat
[2010/01/18 16:07:41 | 000,059,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.dat
[2010/01/18 16:07:41 | 000,059,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.dat
[2010/01/18 16:07:41 | 000,058,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.dat
[2010/01/18 16:07:41 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucv.bmp
[2010/01/18 16:07:41 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucs.bmp
[2010/01/18 16:07:41 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucp.bmp
[2010/01/18 16:07:41 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1uco.bmp
[2010/01/18 16:07:41 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucd.bmp
[2010/01/18 16:07:41 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucc.bmp
[2010/01/18 16:07:41 | 000,058,276 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.dat
[2010/01/18 16:07:41 | 000,058,042 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.dat
[2010/01/18 16:07:41 | 000,057,303 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.dat
[2010/01/18 16:07:41 | 000,057,083 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.dat
[2010/01/18 16:07:41 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.dat
[2010/01/18 16:07:41 | 000,056,215 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.dat
[2010/01/18 16:07:41 | 000,056,098 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.dat
[2010/01/18 16:07:41 | 000,056,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.dat
[2010/01/18 16:07:41 | 000,055,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.dat
[2010/01/18 16:07:41 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.dat
[2010/01/18 16:07:41 | 000,054,019 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.dat
[2010/01/18 16:07:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lf.dll
[2010/01/18 16:07:41 | 000,052,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.dat
[2010/01/18 16:07:41 | 000,046,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.dat
[2010/01/18 16:07:41 | 000,031,381 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.chm
[2010/01/18 16:07:41 | 000,031,277 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.chm
[2010/01/18 16:07:41 | 000,031,241 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.chm
[2010/01/18 16:07:41 | 000,031,155 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.chm
[2010/01/18 16:07:41 | 000,031,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.chm
[2010/01/18 16:07:41 | 000,030,711 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.chm
[2010/01/18 16:07:41 | 000,030,437 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.chm
[2010/01/18 16:07:41 | 000,030,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.chm
[2010/01/18 16:07:41 | 000,030,247 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.chm
[2010/01/18 16:07:41 | 000,030,229 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.chm
[2010/01/18 16:07:41 | 000,030,223 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.chm
[2010/01/18 16:07:41 | 000,030,199 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.chm
[2010/01/18 16:07:41 | 000,030,025 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.chm
[2010/01/18 16:07:41 | 000,029,945 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.chm
[2010/01/18 16:07:41 | 000,029,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.chm
[2010/01/18 16:07:41 | 000,029,803 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.chm
[2010/01/18 16:07:41 | 000,029,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.chm
[2010/01/18 16:07:41 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M3.bmp
[2010/01/18 16:07:41 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M2.bmp
[2010/01/18 16:07:41 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M1.bmp
[2010/01/18 16:07:41 | 000,029,323 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.chm
[2010/01/18 16:07:41 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uG.bmp
[2010/01/18 16:07:41 | 000,014,700 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u1.bmp
[2010/01/18 16:07:41 | 000,014,684 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.bmp
[2010/01/18 16:07:41 | 000,014,071 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.xml
[2010/01/18 16:07:41 | 000,009,242 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.INI
[2010/01/18 16:07:41 | 000,004,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ul.bmp
[2010/01/18 16:07:41 | 000,000,555 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.smt
[2010/01/18 16:07:40 | 001,443,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.ctd
[2010/01/18 16:07:40 | 000,059,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.dat
[2010/01/18 16:07:40 | 000,046,843 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.dat
[2010/01/18 16:07:40 | 000,041,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1.cat
[2010/01/18 16:07:40 | 000,030,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.chm
[2010/01/18 16:07:40 | 000,029,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.chm
[2010/01/18 16:07:40 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.inf
[2010/01/18 16:07:40 | 000,000,746 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.ver
[2009/12/23 01:27:20 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/23 01:27:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/15 16:03:31 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/03/15 15:59:59 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/03/15 15:59:59 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/03/15 15:59:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/03/13 17:49:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/13 17:45:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6500.ini
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/01 20:13:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/01 17:52:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2008/02/01 17:46:51 | 000,000,593 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2008/02/01 17:46:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/01 17:46:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2007/08/08 22:03:47 | 002,508,649 | -HS- | C] () -- C:\WINDOWS\System32\nxljrybn.ini
[2007/08/07 22:02:26 | 002,511,128 | -HS- | C] () -- C:\WINDOWS\System32\anqlewsy.ini
[2007/08/06 22:00:41 | 002,402,985 | -HS- | C] () -- C:\WINDOWS\System32\txwobqct.ini
[2007/08/05 22:07:05 | 001,205,077 | -HS- | C] () -- C:\WINDOWS\System32\shnbatos.ini
[2007/08/04 21:58:55 | 001,210,973 | -HS- | C] () -- C:\WINDOWS\System32\ijrgpeor.ini
[2007/08/03 22:00:22 | 001,202,976 | -HS- | C] () -- C:\WINDOWS\System32\luhkmcth.ini
[2007/08/01 21:59:43 | 001,190,451 | -HS- | C] () -- C:\WINDOWS\System32\lumktvga.ini
[2007/07/30 21:03:14 | 000,001,713 | -HS- | C] () -- C:\WINDOWS\System32\ufvsnagm.ini
[2007/07/29 20:59:23 | 000,063,809 | -HS- | C] () -- C:\WINDOWS\System32\yptrtxjc.ini
[2007/07/28 20:59:24 | 000,001,139 | -HS- | C] () -- C:\WINDOWS\System32\tqitsnvb.ini
[2007/07/26 17:57:53 | 000,075,876 | -HS- | C] () -- C:\WINDOWS\System32\nuyvhpod.ini
[2007/07/25 18:02:45 | 001,217,686 | -HS- | C] () -- C:\WINDOWS\System32\ywlvvbrl.ini
[2007/07/24 18:01:02 | 001,142,154 | -HS- | C] () -- C:\WINDOWS\System32\jgoqskgj.ini
[2007/07/23 17:58:41 | 001,137,224 | -HS- | C] () -- C:\WINDOWS\System32\xotbapos.ini
[2007/07/22 17:56:07 | 001,136,924 | -HS- | C] () -- C:\WINDOWS\System32\bsrcmvga.ini
[2007/07/18 22:48:38 | 002,250,567 | -HS- | C] () -- C:\WINDOWS\System32\xvfwspur.ini
[2007/07/18 07:39:31 | 001,136,874 | -HS- | C] () -- C:\WINDOWS\System32\ceyinwvh.ini
[2007/07/17 17:41:00 | 001,193,118 | -HS- | C] () -- C:\WINDOWS\System32\nhbfivyv.ini
[2007/07/17 07:14:27 | 001,192,998 | -HS- | C] () -- C:\WINDOWS\System32\tbooqchx.ini
[2007/07/16 07:38:51 | 001,192,879 | -HS- | C] () -- C:\WINDOWS\System32\ekmcxfsr.ini
[2007/07/14 07:58:49 | 001,321,642 | -HS- | C] () -- C:\WINDOWS\System32\prutmagg.ini
[2007/07/13 15:35:29 | 001,185,244 | -HS- | C] () -- C:\WINDOWS\System32\trepsgoj.ini
[2007/07/12 06:51:52 | 001,102,821 | -HS- | C] () -- C:\WINDOWS\System32\walqtxjm.ini
[2007/07/11 07:11:46 | 001,054,301 | -HS- | C] () -- C:\WINDOWS\System32\nocxdlmn.ini
[2007/07/10 07:21:18 | 001,054,182 | -HS- | C] () -- C:\WINDOWS\System32\aqhlddca.ini
[2007/07/09 08:37:46 | 000,770,166 | -HS- | C] () -- C:\WINDOWS\System32\ngglktta.ini
[2007/07/08 22:18:15 | 000,769,926 | -HS- | C] () -- C:\WINDOWS\System32\aptovdla.ini
[2007/07/08 11:15:29 | 000,769,806 | -HS- | C] () -- C:\WINDOWS\System32\jjfkvvkh.ini
[2007/07/07 09:41:45 | 000,769,687 | -HS- | C] () -- C:\WINDOWS\System32\munnimtx.ini
[2007/07/06 17:31:45 | 000,849,878 | -HS- | C] () -- C:\WINDOWS\System32\kbovgjme.ini
[2007/07/05 21:24:22 | 000,789,462 | -HS- | C] () -- C:\WINDOWS\System32\cxhupkfc.ini
[2007/07/05 09:15:09 | 000,789,342 | -HS- | C] () -- C:\WINDOWS\System32\bypeydjm.ini
[2007/07/04 10:32:13 | 000,789,222 | -HS- | C] () -- C:\WINDOWS\System32\pfqrffil.ini
[2007/07/03 20:53:31 | 000,789,103 | -HS- | C] () -- C:\WINDOWS\System32\yoejoyxn.ini
[2007/07/02 07:09:47 | 000,804,107 | -HS- | C] () -- C:\WINDOWS\System32\cdveiuol.ini
[2007/07/01 08:34:59 | 000,756,757 | -HS- | C] () -- C:\WINDOWS\System32\itvjmfpj.ini
[2007/06/30 11:54:41 | 000,756,637 | -HS- | C] () -- C:\WINDOWS\System32\xhwvufrl.ini
[2007/06/30 00:58:27 | 000,756,519 | -HS- | C] () -- C:\WINDOWS\System32\pfjiaoxy.ini
[2007/06/23 23:22:52 | 000,756,397 | -HS- | C] () -- C:\WINDOWS\System32\eufuyumd.ini
[2007/06/23 18:39:38 | 000,756,278 | -HS- | C] () -- C:\WINDOWS\System32\dnnnhowx.ini
[2007/06/23 11:07:48 | 000,756,158 | -HS- | C] () -- C:\WINDOWS\System32\vjsneucc.ini
[2007/06/22 10:16:18 | 000,813,186 | -HS- | C] () -- C:\WINDOWS\System32\tkqnfrdu.ini
[2007/06/21 21:58:25 | 000,877,711 | -HS- | C] () -- C:\WINDOWS\System32\cxpcstuv.ini
[2007/06/21 11:40:39 | 000,877,609 | -HS- | C] () -- C:\WINDOWS\System32\dlinfhtu.ini
[2007/06/20 11:49:21 | 000,877,490 | -HS- | C] () -- C:\WINDOWS\System32\spsqxrts.ini
[2007/06/19 10:18:35 | 000,899,281 | -HS- | C] () -- C:\WINDOWS\System32\ciqimsxq.ini
[2007/06/18 09:53:23 | 000,898,823 | -HS- | C] () -- C:\WINDOWS\System32\fpersvwy.ini
[2007/06/17 15:06:33 | 000,984,610 | -HS- | C] () -- C:\WINDOWS\System32\ahplsbsb.ini
[2007/06/17 07:31:05 | 000,984,490 | -HS- | C] () -- C:\WINDOWS\System32\fvwjcsrm.ini
[2007/06/16 09:52:46 | 000,984,379 | -HS- | C] () -- C:\WINDOWS\System32\uewfqnoe.ini
[2007/06/15 07:02:21 | 000,984,251 | -HS- | C] () -- C:\WINDOWS\System32\veyojnrx.ini
[2007/06/14 13:10:04 | 000,943,927 | -HS- | C] () -- C:\WINDOWS\System32\siccdvew.ini
[2007/06/13 11:14:10 | 000,943,807 | -HS- | C] () -- C:\WINDOWS\System32\tqwqqpgi.ini
[2007/06/12 08:04:40 | 002,736,472 | -HS- | C] () -- C:\WINDOWS\System32\xvurbapr.ini
[2007/06/05 22:07:25 | 000,880,956 | -HS- | C] () -- C:\WINDOWS\System32\xnojhwfo.ini
[2007/06/05 07:07:22 | 001,101,211 | -HS- | C] () -- C:\WINDOWS\System32\grhaylun.ini
[2007/06/02 11:44:00 | 001,102,456 | -HS- | C] () -- C:\WINDOWS\System32\slkvhxrm.ini
[2007/05/19 07:40:40 | 001,102,490 | -HS- | C] () -- C:\WINDOWS\System32\cgkjpeyn.ini
[2007/05/11 10:19:42 | 001,430,244 | -HS- | C] () -- C:\WINDOWS\System32\oqshaius.ini
[2007/05/04 07:01:23 | 001,443,576 | -HS- | C] () -- C:\WINDOWS\System32\vrbcmtjf.ini
[2007/04/30 07:25:42 | 000,000,824 | -HS- | C] () -- C:\WINDOWS\System32\rxykdsog.ini
[2007/04/29 09:11:32 | 000,000,464 | -HS- | C] () -- C:\WINDOWS\System32\vbjqgbpk.ini
[2007/04/28 13:56:32 | 001,511,238 | -HS- | C] () -- C:\WINDOWS\System32\vhufdtdp.ini
[2007/04/27 07:35:53 | 001,511,118 | -HS- | C] () -- C:\WINDOWS\System32\ufaqhdme.ini
[2007/04/26 07:25:51 | 001,511,256 | -HS- | C] () -- C:\WINDOWS\System32\yqkueojr.ini
[2007/04/23 10:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/23 10:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/05 18:42:04 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/04 12:53:54 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\iScrobbler.ini
[2007/03/01 07:19:25 | 000,498,990 | -HS- | C] () -- C:\WINDOWS\System32\qrqss.ini
[2007/02/21 08:03:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/13 07:49:53 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/02/01 07:28:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3y.DLL
[2007/01/30 16:27:41 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/01/30 16:27:41 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/01/30 16:27:41 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/12 00:13:32 | 000,249,856 | ---- | C] () -- C:\Documents and Settings\Sharon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/06 22:13:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/29 04:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/29 03:38:26 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/12/29 03:05:41 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/29 03:05:35 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/12/29 03:03:47 | 000,014,842 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/12/29 03:03:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/12/19 07:49:17 | 000,000,554 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/12/19 07:49:12 | 000,150,528 | ---- | C] () -- C:\WINDOWS\acaqoyejamiyum.dll
[2006/12/19 07:49:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2006/10/23 06:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/23 06:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/23 06:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/23 06:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/23 06:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/23 06:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/23 06:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/05/31 14:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

Re: worm.win32.netsky Trojan31st January 2010, 2:31 am

Extras.txt

OTL Extras logfile created on: 31/01/2010 12:19:28 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Sharon\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 4.53 Gb Free Space | 3.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 18.55 Gb Total Space | 1.02 Gb Free Space | 5.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-19AD2330D9
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe" = C:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe:*:Enabled:Heroes of Might and Magic V: Hammers of Fate -- File not found
"C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE" = C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE:*:Enabled:Heroes of Might and Magic

III -- File not found
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}" = ArcSoft PhotoImpression
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Bluetooth by hp
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{75852F49-2CAF-443F-B7C2-53DE5847DE56}" = OpenOffice.org 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}" = EPSON Photo Print
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B1034C60-9EC4-4B72-81C9-B448052F2D00}" = Mirar
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DEF2E5A3-0317-4822-B930-8B721EB483E4}" = ArcSoft VideoImpression 1.6
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG7Uninstall" = AVG Free Edition
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"iScrobbler" = iScrobbler
"Kwanzy" = Kwanzy 1.0 build 141
"LastFM_is1" = Last.fm 1.5.0.24910
"LimeWire" = LimeWire 5.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"WhereSphere" = WhereSphere

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/01/2010 8:16:48 PM | Computer Name = YOUR-19AD2330D9 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3642, faulting module
unknown, version 0.0.0.0, fault address 0x29acc001.

Error - 13/01/2010 9:15:59 PM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/01/2010 9:32:58 PM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18/01/2010 3:45:20 AM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8313.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/01/2010 3:46:50 AM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18/01/2010 9:29:12 AM | Computer Name = YOUR-19AD2330D9 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 19/01/2010 12:51:02 AM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/01/2010 11:56:33 PM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/01/2010 2:46:27 AM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/01/2010 5:50:49 AM | Computer Name = YOUR-19AD2330D9 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/01/2010 7:49:15 PM | Computer Name = YOUR-19AD2330D9 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 ebbe7e12, parameter2 00000002, parameter3
00000008, parameter4 ebbe7e12.

Error - 29/01/2010 8:28:28 PM | Computer Name = YOUR-19AD2330D9 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 29/01/2010 8:28:28 PM | Computer Name = YOUR-19AD2330D9 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 29/01/2010 8:29:28 PM | Computer Name = YOUR-19AD2330D9 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 30/01/2010 1:33:01 AM | Computer Name = YOUR-19AD2330D9 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 30/01/2010 1:33:01 AM | Computer Name = YOUR-19AD2330D9 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 30/01/2010 1:33:50 AM | Computer Name = YOUR-19AD2330D9 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 30/01/2010 10:00:30 PM | Computer Name = YOUR-19AD2330D9 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 30/01/2010 10:00:30 PM | Computer Name = YOUR-19AD2330D9 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 30/01/2010 10:01:31 PM | Computer Name = YOUR-19AD2330D9 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

< End of report >

Re: worm.win32.netsky Trojan31st January 2010, 8:03 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: worm.win32.netsky Trojan1st February 2010, 7:37 am

ComboFix 10-01-31.03 - Sharon 01/02/2010 16:49:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.696 [GMT 10:00]
Running from: c:\documents and settings\Sharon\Desktop\Combo-Fix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\Sharon\Application Data\AntiVirus Plus
c:\documents and settings\Sharon\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll
c:\documents and settings\Sharon\Application Data\WhereSphere
c:\documents and settings\Sharon\Application Data\WhereSphere\config.cfg
c:\documents and settings\Sharon\Application Data\WhereSphere\wheresphere.exe
c:\documents and settings\Sharon\Application Data\WhereSphere\WSUninstall.exe
c:\documents and settings\Sharon\Start Menu\Programs\Startup\Registration .LNK
c:\program files\Mozilla Firefox\components\wsff.dll
c:\recycler\S-1-5-21-1343024091-790525478-725345543-1003
C:\s
c:\windows\acaqoyejamiyum.dll
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12859.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\20037.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30333.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6868.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\ahplsbsb.ini
c:\windows\system32\anqlewsy.ini
c:\windows\system32\aptovdla.ini
c:\windows\system32\aqhlddca.ini
c:\windows\system32\bsrcmvga.ini
c:\windows\system32\bypeydjm.ini
c:\windows\system32\cdveiuol.ini
c:\windows\system32\ceyinwvh.ini
c:\windows\system32\cgkjpeyn.ini
c:\windows\system32\ciqimsxq.ini
c:\windows\system32\cxhupkfc.ini
c:\windows\system32\cxpcstuv.ini
c:\windows\system32\dlinfhtu.ini
c:\windows\system32\dnnnhowx.ini
c:\windows\system32\ekmcxfsr.ini
c:\windows\system32\eufuyumd.ini
c:\windows\system32\fpersvwy.ini
c:\windows\system32\fvwjcsrm.ini
c:\windows\system32\grhaylun.ini
c:\windows\system32\helper32.dll
c:\windows\system32\ijrgpeor.ini
c:\windows\system32\IS15.exe
c:\windows\system32\itvjmfpj.ini
c:\windows\system32\jgoqskgj.ini
c:\windows\system32\jjfkvvkh.ini
c:\windows\system32\kbdsock.dll
c:\windows\system32\kbovgjme.ini
c:\windows\system32\luhkmcth.ini
c:\windows\system32\lumktvga.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mnnmp.bak1
c:\windows\system32\mnnmp.bak2
c:\windows\system32\munnimtx.ini
c:\windows\system32\ngglktta.ini
c:\windows\system32\nhbfivyv.ini
c:\windows\system32\nocxdlmn.ini
c:\windows\system32\nuyvhpod.ini
c:\windows\system32\nxljrybn.ini
c:\windows\system32\oqshaius.ini
c:\windows\system32\pfjiaoxy.ini
c:\windows\system32\pfqrffil.ini
c:\windows\system32\prqss.bak1
c:\windows\system32\prqss.bak2
c:\windows\system32\prutmagg.ini
c:\windows\system32\qrqss.bak1
c:\windows\system32\qrqss.bak2
c:\windows\system32\qrqss.ini
c:\windows\system32\rxykdsog.ini
c:\windows\system32\shnbatos.ini
c:\windows\system32\siccdvew.ini
c:\windows\system32\slkvhxrm.ini
c:\windows\system32\smss32.exe
c:\windows\system32\spool\prtprocs\w32x86\00000e1c.tmp
c:\windows\system32\spsqxrts.ini
c:\windows\system32\tbooqchx.ini
c:\windows\system32\tkqnfrdu.ini
c:\windows\system32\tqitsnvb.ini
c:\windows\system32\tqwqqpgi.ini
c:\windows\system32\trepsgoj.ini
c:\windows\system32\txwobqct.ini
c:\windows\system32\uewfqnoe.ini
c:\windows\system32\ufaqhdme.ini
c:\windows\system32\ufvsnagm.ini
c:\windows\system32\uttss.bak2
c:\windows\system32\vbjqgbpk.ini
c:\windows\system32\veyojnrx.ini
c:\windows\system32\vhufdtdp.ini
c:\windows\system32\vjsneucc.ini
c:\windows\system32\vrbcmtjf.ini
c:\windows\system32\walqtxjm.ini
c:\windows\system32\winlogon32.exe
c:\windows\system32\xhwvufrl.ini
c:\windows\system32\xnojhwfo.ini
c:\windows\system32\xotbapos.ini
c:\windows\system32\xvfwspur.ini
c:\windows\system32\xvurbapr.ini
c:\windows\system32\yoejoyxn.ini
c:\windows\system32\yptrtxjc.ini
c:\windows\system32\yqkueojr.ini
c:\windows\system32\ywlvvbrl.ini

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-01-30 03:38 . 2010-01-30 03:38 2387269 ----a-w- C:\MGtools.exe
2010-01-29 23:50 . 2010-02-01 06:49 0 ----a-w- c:\windows\Vravuwafonu.bin
2010-01-29 23:50 . 2010-02-01 06:49 120 ----a-w- c:\windows\Gpavewizutero.dat
2010-01-29 23:50 . 2010-01-29 23:50 -------- d-----w- c:\documents and settings\Sharon\Local Settings\Application Data\{1E2687DB-3259-463F-8FC8-48BA4248ACC3}
2010-01-29 23:43 . 2010-01-29 23:43 16896 ----a-w- C:\duehpow.exe
2010-01-29 23:43 . 2010-01-29 23:43 30720 ----a-w- C:\dqccpnq.exe
2010-01-29 23:43 . 2010-01-29 23:43 20480 ----a-w- C:\kkalf.exe
2010-01-29 23:43 . 2010-01-29 23:43 23040 ----a-w- C:\wtork.exe
2010-01-24 04:27 . 2008-07-24 11:37 11481088 ----a-w- c:\windows\system32\milkguitar.dll
2010-01-19 07:22 . 2010-01-19 07:22 -------- d-----w- c:\windows\system32\MpEngineStore
2010-01-19 00:15 . 2010-01-19 00:15 -------- d-----w- c:\documents and settings\Sharon\Application Data\Malwarebytes
2010-01-19 00:14 . 2010-01-07 06:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-19 00:14 . 2010-01-30 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 00:14 . 2010-01-07 06:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\documents and settings\Sharon\Application Data\SUPERAntiSpyware.com
2010-01-19 00:13 . 2010-01-19 00:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 06:10 . 2007-04-24 16:53 471040 ----a-w- c:\windows\ssndii.exe
2010-01-18 06:10 . 2000-08-04 00:52 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-01-18 06:10 . 2006-11-30 16:09 57344 ----a-w- c:\windows\system32\ssdevm.dll
2010-01-18 06:10 . 2004-02-04 13:24 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2010-01-18 06:10 . 2003-04-18 15:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-18 06:09 . 2010-01-18 06:09 -------- d-----w- c:\windows\Samsung
2010-01-18 06:07 . 2006-09-01 13:05 22663 ----a-w- c:\windows\system32\SUGG1LMK.DLL
2010-01-18 06:07 . 2005-03-03 12:32 151552 ----a-w- c:\windows\system32\SUGG1CI.exe
2010-01-18 06:07 . 2004-10-11 20:25 57344 ----a-w- c:\windows\system32\SUGG1CI.dll
2010-01-18 06:07 . 2010-01-18 06:07 -------- d-----w- c:\windows\system32\drivers\Samsung
2010-01-18 06:07 . 2006-06-12 09:06 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-01-18 06:07 . 2010-01-18 06:07 -------- d-----w- c:\program files\Samsung
2010-01-18 06:06 . 2010-01-18 06:07 -------- d-----w- c:\temp\CLP-300

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 07:22 . 2007-01-12 16:20 -------- d-----w- c:\documents and settings\Sharon\Application Data\OpenOffice.org2
2010-01-31 23:05 . 2006-12-28 18:46 -------- d-----w- c:\documents and settings\Sharon\Application Data\AVG7
2010-01-31 01:59 . 2009-12-08 13:52 -------- d-----w- c:\program files\Kwanzy
2010-01-30 09:13 . 2009-12-08 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kwanzy
2010-01-30 03:14 . 2007-08-13 21:49 -------- d-----w- c:\program files\CCleaner
2010-01-30 02:56 . 2009-12-22 15:26 -------- d-----w- c:\program files\Avi2Dvd
2010-01-29 23:43 . 2010-01-29 23:43 42496 ----a-w- c:\windows\system32\info.tmp
2010-01-29 19:06 . 2010-01-30 09:13 46432 ----a-w- c:\documents and settings\All Users\Application Data\Kwanzy\kwanzy141.exe
2010-01-20 04:40 . 2009-03-20 02:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:15 . 2010-01-19 00:15 52224 ----a-w- c:\documents and settings\Sharon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-19 00:14 . 2010-01-19 00:14 117760 ----a-w- c:\documents and settings\Sharon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-18 06:10 . 2006-12-28 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 07:59 . 2008-11-04 10:34 -------- d-----w- c:\program files\FinePixViewer
2010-01-05 10:00 . 2006-12-18 21:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-12-18 21:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-12-18 21:49 17408 ------w- c:\windows\system32\corpol.dll
2010-01-03 05:09 . 2007-07-23 08:09 -------- d-----w- c:\documents and settings\Sharon\Application Data\uTorrent
2010-01-03 02:53 . 2009-12-02 13:33 79488 ----a-w- c:\documents and settings\Sharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 07:56 . 2009-12-29 07:56 58600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-22 15:27 . 2009-12-22 15:27 -------- d-----w- c:\program files\Xvid
2009-12-22 15:26 . 2009-12-22 15:26 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-21 16:36 . 2006-12-18 21:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 05:30 . 2009-11-11 05:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2004-10-01 23:00 . 2006-12-28 17:38 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-04-25 01:51 . 2007-04-25 01:50 582993 --sha-w- c:\windows\system32\bcbeg.tmp
2007-04-28 23:10 . 2007-04-28 23:10 1511256 --sh--w- c:\windows\system32\yqkueojr.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-04 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-17 579584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"EPSON Stylus CX6500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE" [2004-03-01 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-05-30 520192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-29 219136]

c:\documents and settings\Sharon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-4 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli kbsadesn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/01/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/01/2010 7:56 AM 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [20/03/2009 12:22 PM 54752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/01/2010 7:56 AM 7408]
S1 imlinuej;imlinuej;\??\c:\windows\system32\drivers\imlinuej.sys --> c:\windows\system32\drivers\imlinuej.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19/01/2010 10:14 AM 38224]
S4 Kwanzy Service;Kwanzy Service;c:\documents and settings\All Users\Application Data\Kwanzy\kwanzy141.exe [30/01/2010 7:13 PM 46432]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - hȋdden: XULRunner: {1E2687DB-3259-463F-8FC8-48BA4248ACC3} - c:\documents and settings\Sharon\Local Settings\Application Data\{1E2687DB-3259-463F-8FC8-48BA4248ACC3}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{B1034C60-9EC4-4B72-81C9-B448052F2D00} - (no file)
HKLM-Run-Frofoyatu - c:\windows\acaqoyejamiyum.dll
AddRemove-DVD Shrink_is1 - c:\program files\DVD Shrink\unins000.exe
AddRemove-HijackThis - c:\documents and settings\Sharon\Desktop\HijackThis.exe
AddRemove-Xilisoft 3GP Video Converter - c:\program files\Xilisoft\3GP Video Converter 3\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 17:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(584)
c:\windows\kbsadesn.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\kbsadesn.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Last.fm\LastFM.exe
.
**************************************************************************
.
Completion time: 2010-02-01 17:30:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 07:30
ComboFix2.txt 2007-09-19 14:16

Pre-Run: 4,647,014,400 bytes free
Post-Run: 5,294,080,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 72D62393BB8D70C003F597F96081A2FA

Re: worm.win32.netsky Trojan1st February 2010, 7:29 pm

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Re: worm.win32.netsky Trojan1st February 2010, 8:12 pm

GooredFix by jpshortstuff (08.01.10.1)
Log created at 06:12 on 02/02/2010 (Sharon)
Firefox version 3.0.17 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1E2687DB-3259-463F-8FC8-48BA4248ACC3} -> Success!
Deleting C:\Documents and Settings\Sharon\Local Settings\Application Data\{1E2687DB-3259-463F-8FC8-48BA4248ACC3} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{4E551550-1870-479D-BF66-DF77900E100E} [00:13 23/01/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:43 28/12/2006]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [02:15 21/06/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [07:24 18/07/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [06:15 03/01/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [03:09 08/04/2009]

C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\extensions\
{08749A2F-9877-4934-BB64-687558DBB8D0} [07:57 09/08/2007]
{20a82645-c095-46ed-80e3-08825760534b} [11:04 29/08/2009]
{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [20:48 27/03/2008]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [07:22 18/03/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:09 08/04/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:09 27/08/2009]

-=E.O.F=-

Re: worm.win32.netsky Trojan1st February 2010, 8:33 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Vravuwafonu.bin
c:\windows\Gpavewizutero.dat
C:\duehpow.exe
C:\dqccpnq.exe
C:\kkalf.exe
C:\wtork.exe
c:\windows\system32\info.tmp
c:\windows\system32\bcbeg.tmp
c:\windows\system32\yqkueojr.tmp

Folder::
c:\documents and settings\All Users\Application Data\Kwanzy

Driver::
imlinuejSSPORT
Kwanzy Service

DDS::
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: worm.win32.netsky Trojan2nd February 2010, 6:08 am

ComboFix 10-02-01.02 - Sharon 02/02/2010 15:19:04.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.561 [GMT 10:00]
Running from: c:\documents and settings\Sharon\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sharon\Desktop\CFScript.txt
AV: AVG 7.5.524 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

FILE ::
"C:\dqccpnq.exe"
"C:\duehpow.exe"
"C:\kkalf.exe"
"c:\windows\Gpavewizutero.dat"
"c:\windows\system32\bcbeg.tmp"
"c:\windows\system32\info.tmp"
"c:\windows\system32\yqkueojr.tmp"
"c:\windows\Vravuwafonu.bin"
"C:\wtork.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Kwanzy
c:\documents and settings\All Users\Application Data\Kwanzy\kwanzy141.exe
C:\dqccpnq.exe
C:\duehpow.exe
C:\kkalf.exe
c:\windows\Gpavewizutero.dat
c:\windows\system32\bcbeg.tmp
c:\windows\system32\info.tmp
c:\windows\system32\yqkueojr.tmp
c:\windows\Vravuwafonu.bin
C:\wtork.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KWANZY_SERVICE
-------\Service_Kwanzy Service

((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-01-30 03:38 . 2010-01-30 03:38 2387269 ----a-w- C:\MGtools.exe
2010-01-24 04:27 . 2008-07-24 11:37 11481088 ----a-w- c:\windows\system32\milkguitar.dll
2010-01-19 07:22 . 2010-01-19 07:22 -------- d-----w- c:\windows\system32\MpEngineStore
2010-01-19 00:15 . 2010-01-19 00:15 -------- d-----w- c:\documents and settings\Sharon\Application Data\Malwarebytes
2010-01-19 00:14 . 2010-01-07 06:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-19 00:14 . 2010-01-30 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 00:14 . 2010-01-07 06:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-19 00:14 . 2010-01-19 00:14 -------- d-----w- c:\documents and settings\Sharon\Application Data\SUPERAntiSpyware.com
2010-01-19 00:13 . 2010-01-19 00:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 06:10 . 2007-04-24 16:53 471040 ----a-w- c:\windows\ssndii.exe
2010-01-18 06:10 . 2000-08-04 00:52 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-01-18 06:10 . 2006-11-30 16:09 57344 ----a-w- c:\windows\system32\ssdevm.dll
2010-01-18 06:10 . 2004-02-04 13:24 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2010-01-18 06:10 . 2003-04-18 15:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-18 06:09 . 2010-01-18 06:09 -------- d-----w- c:\windows\Samsung
2010-01-18 06:07 . 2006-09-01 13:05 22663 ----a-w- c:\windows\system32\SUGG1LMK.DLL
2010-01-18 06:07 . 2005-03-03 12:32 151552 ----a-w- c:\windows\system32\SUGG1CI.exe
2010-01-18 06:07 . 2004-10-11 20:25 57344 ----a-w- c:\windows\system32\SUGG1CI.dll
2010-01-18 06:07 . 2010-01-18 06:07 -------- d-----w- c:\windows\system32\drivers\Samsung
2010-01-18 06:07 . 2006-06-12 09:06 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-01-18 06:07 . 2010-01-18 06:07 -------- d-----w- c:\program files\Samsung
2010-01-18 06:06 . 2010-01-18 06:07 -------- d-----w- c:\temp\CLP-300

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 05:34 . 2006-12-28 18:46 -------- d-----w- c:\documents and settings\Sharon\Application Data\AVG7
2010-02-02 05:34 . 2007-01-12 16:20 -------- d-----w- c:\documents and settings\Sharon\Application Data\OpenOffice.org2
2010-01-31 01:59 . 2009-12-08 13:52 -------- d-----w- c:\program files\Kwanzy
2010-01-30 03:14 . 2007-08-13 21:49 -------- d-----w- c:\program files\CCleaner
2010-01-30 02:56 . 2009-12-22 15:26 -------- d-----w- c:\program files\Avi2Dvd
2010-01-20 04:40 . 2009-03-20 02:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:15 . 2010-01-19 00:15 52224 ----a-w- c:\documents and settings\Sharon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-19 00:14 . 2010-01-19 00:14 117760 ----a-w- c:\documents and settings\Sharon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-18 06:10 . 2006-12-28 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 07:59 . 2008-11-04 10:34 -------- d-----w- c:\program files\FinePixViewer
2010-01-05 10:00 . 2006-12-18 21:49 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-12-18 21:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-12-18 21:49 17408 ------w- c:\windows\system32\corpol.dll
2010-01-03 05:09 . 2007-07-23 08:09 -------- d-----w- c:\documents and settings\Sharon\Application Data\uTorrent
2010-01-03 02:53 . 2009-12-02 13:33 79488 ----a-w- c:\documents and settings\Sharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 07:56 . 2009-12-29 07:56 58600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-22 15:27 . 2009-12-22 15:27 -------- d-----w- c:\program files\Xvid
2009-12-22 15:26 . 2009-12-22 15:26 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-21 16:36 . 2006-12-18 21:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 05:30 . 2009-11-11 05:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2004-10-01 23:00 . 2006-12-28 17:38 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-04 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-17 579584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"EPSON Stylus CX6500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE" [2004-03-01 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-05-30 520192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-29 219136]

c:\documents and settings\Sharon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-4 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli kbsadesn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/01/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/01/2010 7:56 AM 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [20/03/2009 12:22 PM 54752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/01/2010 7:56 AM 7408]
S1 imlinuej;imlinuej;\??\c:\windows\system32\drivers\imlinuej.sys --> c:\windows\system32\drivers\imlinuej.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19/01/2010 10:14 AM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 15:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(576)
c:\windows\kbsadesn.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\kbsadesn.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Last.fm\LastFM.exe
.
**************************************************************************
.
Completion time: 2010-02-02 15:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 05:42
ComboFix2.txt 2010-02-01 07:30
ComboFix3.txt 2007-09-19 14:16

Pre-Run: 5,281,607,680 bytes free
Post-Run: 5,296,414,720 bytes free

- - End Of File - - A84FB0596FB5B5B3E7AFDD71F571C955

Re: worm.win32.netsky Trojan2nd February 2010, 8:09 pm

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:services
imlinuej
imlinuej

:files
c:\program files\Kwanzy
Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: worm.win32.netsky Trojan3rd February 2010, 5:20 am

========== SERVICES/DRIVERS ==========
Service imlinuej stopped successfully!
Service imlinuej deleted successfully!
Error: No service named imlinuej was found to stop!
Unable to stop service imlinuej!
========== FILES ==========
c:\program files\Kwanzy folder moved successfully.

OTM by OldTimer - Version 3.1.7.1 log created on 02032010_152021

Re: worm.win32.netsky Trojan3rd February 2010, 7:56 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: worm.win32.netsky Trojan3rd February 2010, 9:01 pm

Thank you very much for all your help, much appreciated. My machine is running the best it has in months Big Grin

Re: worm.win32.netsky Trojan3rd February 2010, 9:29 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

worm.win32.netsky Trojan

descriptionworm.win32.netsky Trojan30th January 2010, 8:33 am

descriptionRe: worm.win32.netsky Trojan30th January 2010, 5:13 pm

descriptionRe: worm.win32.netsky Trojan31st January 2010, 2:14 am

descriptionRe: worm.win32.netsky Trojan31st January 2010, 2:17 am

descriptionRe: worm.win32.netsky Trojan31st January 2010, 2:30 am

descriptionRe: worm.win32.netsky Trojan31st January 2010, 2:30 am

descriptionRe: worm.win32.netsky Trojan31st January 2010, 2:31 am

descriptionRe: worm.win32.netsky Trojan31st January 2010, 8:03 pm

descriptionRe: worm.win32.netsky Trojan1st February 2010, 7:37 am

descriptionRe: worm.win32.netsky Trojan1st February 2010, 7:29 pm

descriptionRe: worm.win32.netsky Trojan1st February 2010, 8:12 pm

descriptionRe: worm.win32.netsky Trojan1st February 2010, 8:33 pm

descriptionRe: worm.win32.netsky Trojan2nd February 2010, 6:08 am

descriptionRe: worm.win32.netsky Trojan2nd February 2010, 8:09 pm

descriptionRe: worm.win32.netsky Trojan3rd February 2010, 5:20 am

descriptionRe: worm.win32.netsky Trojan3rd February 2010, 7:56 pm

descriptionRe: worm.win32.netsky Trojan3rd February 2010, 9:01 pm

descriptionRe: worm.win32.netsky Trojan3rd February 2010, 9:29 pm

descriptionRe: worm.win32.netsky Trojan