Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm.win32.netsky & trojanSPM/LX infection

Started by li699 , Nov 30 2009 07:38 AM

  • Please log in to reply

#1
li699
Posted 30 November 2009 - 07:38 AM

li699

    New Member

  • Member
  • Pip
  • 1 posts
After hours of alarming messages both of the computer is infected with worm.win32.netsky virus and constant popup warning messages saying: computer is infected with trojanSPM/LX, I chanced upon this wonderful helpful website for a technically computer-IT-savvy user.

Some of the steps done throughout most of this last 16hrs were:
1. Used for over a period of 5hrs the Symantec Antivirus/Spyware full scan, Spybot Search & Destroy & Adware
2. Finally found the Geeks2Go website with invaluable info on how-to-remove malware (worms/Trojans)
3. Ran first the TFC which cleaned about 630MB
4. Ran the OTL and got the following txt:
3:12 AM 11/30/2009 OTL logfile created on: 11/30/2009 3:02:27 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\lilia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.04% Memory free
3.85 Gb Paging File | 2.78 Gb Available in Paging File | 72.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 93.34 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LNG
Current User Name: lilia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 02:32:17 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lilia\Desktop\OTL.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/11 15:36:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/20 14:01:41 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/14 20:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/11 17:50:46 | 02,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/09/04 15:44:20 | 01,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/04 15:44:18 | 01,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 16:27:36 | 01,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:09:12 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/14 14:45:52 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 05:46:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/07/31 22:10:04 | 00,065,536 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/07/30 22:54:38 | 02,158,592 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/07/20 16:48:00 | 02,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/07/20 16:30:28 | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/07/02 13:29:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 10:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/12/18 15:22:14 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 14:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/27 20:13:48 | 00,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/09/28 21:08:46 | 00,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2006/09/08 15:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/01/23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/08/04 02:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 02:32:17 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lilia\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (gusvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/20 14:01:41 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/11 17:50:46 | 02,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/09/04 15:44:18 | 01,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/04 15:19:46 | 00,312,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/14 14:45:28 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/22 05:46:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/09/17 00:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091129.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 00:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091129.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/28 00:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/28 00:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/04/20 22:12:14 | 00,149,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/04/19 21:39:57 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/01/19 16:46:44 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/22 10:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/22 10:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/09/04 15:47:26 | 00,091,968 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 15:45:36 | 00,041,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/08/28 23:34:30 | 03,632,384 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/21 11:13:56 | 00,191,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/15 10:41:08 | 00,317,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 10:41:08 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 10:41:06 | 00,279,600 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/08/04 11:32:26 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/10 03:57:56 | 00,049,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/06/20 03:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/16 16:53:14 | 00,420,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 05:46:00 | 06,658,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/12/23 17:18:48 | 00,068,696 | ---- | M] (O2Micro) -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/08/02 17:35:12 | 00,989,952 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 00,211,200 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 00,731,136 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 18:53:10 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 14:25:00 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 14:27:00 | 00,064,000 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 13:20:00 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/03 08:32:38 | 00,046,992 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/01 16:53:00 | 00,073,728 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 15:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/11/20 17:55:00 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/02 12:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/10/10 19:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/19 14:26:58 | 00,012,672 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/06/14 11:53:00 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/06 13:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/13 13:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.flashcatch.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/11 10:24:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 10:24:57 | 00,000,000 | ---D | M]

[2009/07/11 21:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lilia\Application Data\Mozilla\Extensions
[2009/07/11 21:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lilia\Application Data\Mozilla\Extensions\[email protected]
[2009/11/29 19:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lilia\Application Data\Mozilla\Firefox\Profiles\w6gx50fq.default\extensions
[2009/11/29 19:15:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232415141156 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 16:20:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/28 13:58:46 | 00,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/30 02:32:14 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lilia\Desktop\OTL.exe
[2009/11/30 02:31:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\lilia\Desktop\RootRepeal.exe
[2009/11/30 02:30:49 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\lilia\Desktop\mbam-setup.exe
[2009/11/30 02:24:02 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lilia\Desktop\TFC.exe
[2009/11/29 22:05:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/29 22:04:58 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/12 17:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lilia\Televisa HD para U.S.A y sus Territorios
[2009/04/19 20:32:27 | 03,796,127 | ---- | C] (Robert Amlung ) -- C:\Program Files\what_watch_setup.exe
[2009/04/19 20:28:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\cleanmgr.exe
[3 C:\Documents and Settings\lilia\Desktop\*.tmp files -> C:\Documents and Settings\lilia\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\lilia\My Documents\*.tmp files -> C:\Documents and Settings\lilia\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/30 02:52:30 | 00,883,847 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\WormMalawareProb.docx
[2009/11/30 02:51:14 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\My Documents\~$rmMalawareProb.docx
[2009/11/30 02:50:53 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\lilia\Desktop\WormMalawareProb.lnk
[2009/11/30 02:49:28 | 00,027,839 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/30 02:47:33 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/30 02:47:33 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/30 02:47:33 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/30 02:44:01 | 00,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/30 02:43:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/30 02:43:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 02:42:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 02:42:52 | 21,453,49632 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/30 02:42:21 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\lilia\NTUSER.DAT
[2009/11/30 02:42:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\lilia\ntuser.ini
[2009/11/30 02:32:17 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lilia\Desktop\OTL.exe
[2009/11/30 02:31:37 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\lilia\Desktop\RootRepeal.exe
[2009/11/30 02:30:49 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\lilia\Desktop\mbam-setup.exe
[2009/11/30 02:24:05 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lilia\Desktop\TFC.exe
[2009/11/30 01:50:15 | 05,890,030 | -H-- | M] () -- C:\Documents and Settings\lilia\Local Settings\Application Data\IconCache.db
[2009/11/29 23:11:09 | 02,970,670 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Split Screen 1Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 23:09:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/11/29 22:49:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/11/29 22:40:56 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\Desktop\~$rmMalawareProb.docx
[2009/11/29 22:31:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\Desktop\~$lit Screen 1Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 22:29:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/11/29 22:22:50 | 00,501,736 | ---- | M] () -- C:\Documents and Settings\lilia\Desktop\LopSD.exe
[2009/11/29 22:13:51 | 03,571,933 | ---- | M] () -- C:\Documents and Settings\lilia\Desktop\ComboFix.exe
[2009/11/29 22:09:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/11/29 21:54:01 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\Desktop\~$lit Screen Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 21:49:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/11/29 21:29:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/11/29 21:09:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/11/29 20:49:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/11/29 20:35:16 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0098EB33-132A-4486-8FE4-0AB53432851A}.job
[2009/11/29 20:29:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/11/29 20:25:19 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/29 20:09:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/11/29 20:09:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/11/29 20:09:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/11/29 20:04:07 | 02,381,336 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Split Screen Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 17:47:38 | 00,013,216 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Spybot Nov29.09sun scan report.pdf
[2009/11/29 15:48:00 | 00,000,001 | ---- | M] () -- C:\s
[2009/11/29 15:47:48 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/11/29 14:00:20 | 00,027,839 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/28 10:47:07 | 00,018,469 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\BLACKBERRYS.docx
[2009/11/28 10:21:14 | 00,190,244 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\2009 EYE OPENERS.docx
[2009/11/24 22:45:05 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 17:16:00 | 00,045,671 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\VOCABULARY LEXICON.docx
[2009/11/19 18:56:46 | 00,448,792 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Reserv HIexpComf GP-LXN07244.docx
[2009/11/19 18:38:09 | 00,397,824 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\CL.JobsJune2009.doc
[2009/11/19 18:37:04 | 00,865,800 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Rooms2Share 2009.docx
[2009/11/16 14:33:35 | 00,055,110 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\TRUFFLES.docx
[2009/11/15 13:46:15 | 00,013,909 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Teeth Cleaning.docx
[2009/11/15 12:24:41 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\My Documents\~$09 EYE OPENERS.docx
[2009/11/15 02:41:18 | 00,017,344 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\LYRICS - Time to say Good.docx
[2009/11/12 16:31:32 | 00,049,371 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\15 Tricky Interview Questions.docx
[2009/11/11 10:22:45 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 17:02:37 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\Desktop\~$.JobsJune2009.doc
[2009/11/09 15:40:10 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\My Documents\~$ Tricky Interview Questions.docx
[2009/11/09 14:41:45 | 00,011,755 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Staffing Agencies.docx
[2009/11/09 12:27:50 | 00,017,037 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Vanished Persian army said found in desert.docx
[2009/11/09 10:46:42 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\lilia\Desktop\Melissa Camille.lnk
[2009/11/08 16:11:51 | 00,056,138 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\2009 Oct Staying Renting Tenant tips.pdf
[2009/11/05 07:58:30 | 00,088,064 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Reserv CI-HIExp 2009.docx
[2009/11/04 18:02:13 | 00,635,558 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\2008-2009 HOUSING BUST.docx
[2009/11/04 18:01:50 | 00,137,884 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\Silicon Valley LuxHomes Sales UP Jul2009.docx
[2009/11/02 17:13:06 | 00,411,397 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\SteveJobs ICON Revealed - March 5 2008.docx
[2009/11/02 16:51:56 | 00,051,726 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\ChronicleNews - 100 Servers Tips.docx
[2009/11/01 19:01:58 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\lilia\My Documents\~$ronicleNews - 100 Servers Tips.docx
[2009/10/31 18:54:43 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\lilia\Desktop\JOURNAL 10.31.2009 SAT.lnk
[2009/10/31 18:05:58 | 00,011,346 | ---- | M] () -- C:\Documents and Settings\lilia\My Documents\JOURNAL 10.31.2009 SAT.docx
[3 C:\Documents and Settings\lilia\Desktop\*.tmp files -> C:\Documents and Settings\lilia\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\lilia\My Documents\*.tmp files -> C:\Documents and Settings\lilia\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/30 02:51:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\My Documents\~$rmMalawareProb.docx
[2009/11/30 02:49:33 | 00,000,589 | ---- | C] () -- C:\Documents and Settings\lilia\Desktop\WormMalawareProb.lnk
[2009/11/29 23:09:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/11/29 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/11/29 22:40:56 | 00,883,847 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\WormMalawareProb.docx
[2009/11/29 22:40:56 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\Desktop\~$rmMalawareProb.docx
[2009/11/29 22:31:27 | 02,970,670 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\Split Screen 1Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 22:31:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\Desktop\~$lit Screen 1Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 22:29:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/11/29 22:22:45 | 00,501,736 | ---- | C] () -- C:\Documents and Settings\lilia\Desktop\LopSD.exe
[2009/11/29 22:13:51 | 03,571,933 | ---- | C] () -- C:\Documents and Settings\lilia\Desktop\ComboFix.exe
[2009/11/29 21:54:01 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\Desktop\~$lit Screen Error aftr new screen Reinstalled on 40709 --4.8.09.docx
[2009/11/29 17:54:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/11/29 17:54:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/11/29 17:49:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/11/29 17:47:38 | 00,013,216 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\Spybot Nov29.09sun scan report.pdf
[2009/11/29 17:29:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/11/29 17:09:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/11/29 16:49:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/11/29 16:29:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/11/29 16:09:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/11/29 15:49:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/11/29 15:48:00 | 00,000,001 | ---- | C] () -- C:\s
[2009/11/29 15:47:53 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/11/28 10:38:57 | 00,018,469 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\BLACKBERRYS.docx
[2009/11/16 14:33:35 | 00,055,110 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\TRUFFLES.docx
[2009/11/16 09:21:49 | 00,045,671 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\VOCABULARY LEXICON.docx
[2009/11/15 13:30:47 | 00,013,909 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\Teeth Cleaning.docx
[2009/11/15 12:24:41 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\My Documents\~$09 EYE OPENERS.docx
[2009/11/09 17:02:37 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\Desktop\~$.JobsJune2009.doc
[2009/11/09 15:40:10 | 00,049,371 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\15 Tricky Interview Questions.docx
[2009/11/09 15:40:10 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\My Documents\~$ Tricky Interview Questions.docx
[2009/11/09 14:41:44 | 00,011,755 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\Staffing Agencies.docx
[2009/11/09 12:27:49 | 00,017,037 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\Vanished Persian army said found in desert.docx
[2009/11/09 10:46:21 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\lilia\Desktop\Melissa Camille.lnk
[2009/11/08 16:11:51 | 00,056,138 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\2009 Oct Staying Renting Tenant tips.pdf
[2009/11/01 19:01:58 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\lilia\My Documents\~$ronicleNews - 100 Servers Tips.docx
[2009/11/01 19:01:57 | 00,051,726 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\ChronicleNews - 100 Servers Tips.docx
[2009/10/31 18:54:17 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\lilia\Desktop\JOURNAL 10.31.2009 SAT.lnk
[2009/10/31 18:01:15 | 00,011,346 | ---- | C] () -- C:\Documents and Settings\lilia\My Documents\JOURNAL 10.31.2009 SAT.docx
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/19 20:45:44 | 00,000,111 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/04/19 20:45:44 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/04/19 20:45:44 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/04/19 20:28:44 | 17,073,673 | ---- | C] () -- C:\Program Files\plr2hq.exe
[2009/02/28 13:58:43 | 00,000,035 | ---- | C] () -- C:\WINDOWS\atechloc.ini
[2009/02/28 13:58:33 | 00,000,083 | ---- | C] () -- C:\WINDOWS\atech.ini
[2009/01/21 07:54:04 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\lilia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/20 18:58:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/01/20 14:09:34 | 00,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/19 16:50:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/19 16:50:20 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/19 16:50:19 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/19 16:50:18 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/18 10:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
< End of report >

5. Ran the RootRepeal and got a report txt
6. Ran the mbam-setup.exe and readied to run the app
7. After the requested reboot by the mbam app, I was wonderfully delighted that the windows came up speedily, with my original background screen, BUT THERE WAS NO VOLUME/SOUND ( tested by rebooting several times now while trying to check out the sound going to youtube clips of the Xfactor 2009.

PLEASE PLEASE PLEASE HELPME OUT

li669/WorriedRookie
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP